summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Schultz <aschultz@redhat.com>2018-10-26 09:45:32 -0600
committerEmilien Macchi <emilien@redhat.com>2018-10-30 12:16:18 +0000
commit87abe05ba09d75829de38b8370afaa27e9714bdd (patch)
tree4367037e570e8f786e404676f10cafb41a44c24e
parent8c0a8316ce62f4e64d5088e1c78853a54612bf48 (diff)
Retire instack-undercloudHEADmaster
instack-undercloud is no longer in use by the TripleO project. Removing the code to avoid confusion. Stable branches will continue to be maintained for their life however no new features should be added. Change-Id: I63a813c7c1ffd30ca30017133d31a497b77a9a4d Blueprint: remove-instack-undercloud
Notes
Notes (review): Code-Review+1: Sean McGinnis <sean.mcginnis@gmail.com> Code-Review+1: wes hayutin <whayutin@redhat.com> Code-Review+1: Harald Jensås <hjensas@redhat.com> Code-Review+1: Athlan-Guyot sofer <sathlang@redhat.com> Code-Review+1: Jason E. Rist <jrist@redhat.com> Verified-1: RDO Third Party CI <dmsimard+rdothirdparty@redhat.com> Code-Review+2: Emilien Macchi <emilien@redhat.com> Workflow+1: Juan Antonio Osorio Robles <jaosorior@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 02 Nov 2018 09:54:15 +0000 Reviewed-on: https://review.openstack.org/613621 Project: openstack/instack-undercloud Branch: refs/heads/master
-rw-r--r--.coveragerc7
-rw-r--r--.gitignore54
-rw-r--r--.gitreview1
-rw-r--r--.testr.conf4
-rw-r--r--Gemfile22
-rw-r--r--LICENSE175
-rw-r--r--README.md18
-rw-r--r--README.rst5
-rw-r--r--Rakefile6
-rw-r--r--bindep.txt2
-rw-r--r--config-generator/undercloud.conf3
-rw-r--r--doc/source/api/index.rst4
-rw-r--r--doc/source/api/undercloud.rst8
-rw-r--r--doc/source/conf.py278
-rw-r--r--doc/source/index.rst24
-rw-r--r--elements/centos-cr/README.rst4
-rwxr-xr-xelements/centos-cr/pre-install.d/00-enable-cr-repo9
-rw-r--r--elements/instack-vm/README.md9
-rw-r--r--elements/instack-vm/element-deps3
-rwxr-xr-xelements/instack-vm/extra-data.d/50-add-instack-files18
-rwxr-xr-xelements/instack-vm/install.d/50-ip-forward10
-rwxr-xr-xelements/instack-vm/install.d/51-instack-files19
-rw-r--r--elements/instack-vm/package-installs.yaml3
-rwxr-xr-xelements/instack-vm/post-install.d/90-remove-cloud-init6
-rwxr-xr-xelements/instack-vm/post-install.d/90-set-hostname7
-rw-r--r--elements/overcloud-full/README.rst13
-rwxr-xr-xelements/overcloud-full/install.d/50-persistent-journal7
-rw-r--r--elements/overcloud-full/package-installs.yaml2
-rwxr-xr-xelements/overcloud-full/post-install.d/50-remove-libvirt-default-net6
-rw-r--r--elements/pip-and-virtualenv-override/README.md4
-rw-r--r--elements/pip-and-virtualenv-override/element-provides1
-rw-r--r--elements/puppet-stack-config/README.rst9
-rw-r--r--elements/puppet-stack-config/element-deps2
-rwxr-xr-xelements/puppet-stack-config/extra-data.d/10-install-git5
-rwxr-xr-xelements/puppet-stack-config/install.d/02-puppet-stack-config58
-rwxr-xr-xelements/puppet-stack-config/install.d/10-puppet-stack-config-puppet-module7
-rw-r--r--elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/CentOS.yaml1
-rw-r--r--elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml22
-rwxr-xr-xelements/puppet-stack-config/os-refresh-config/configure.d/50-puppet-stack-config19
-rwxr-xr-xelements/puppet-stack-config/os-refresh-config/post-configure.d/10-iptables7
-rw-r--r--elements/puppet-stack-config/package-installs.yaml2
-rw-r--r--elements/puppet-stack-config/puppet-stack-config.pp729
-rw-r--r--elements/puppet-stack-config/puppet-stack-config.yaml.template1049
-rw-r--r--elements/undercloud-install/element-provides1
-rw-r--r--elements/undercloud-install/os-apply-config/etc/os-net-config/config.json3
-rw-r--r--elements/undercloud-install/os-apply-config/root/stackrc46
-rw-r--r--elements/undercloud-install/os-apply-config/root/stackrc.oac1
-rw-r--r--elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords24
-rw-r--r--elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords.oac1
-rw-r--r--elements/undercloud-install/os-apply-config/var/opt/undercloud-stack/masquerade29
-rwxr-xr-xelements/undercloud-install/os-refresh-config/configure.d/30-reload-keepalived11
-rwxr-xr-xelements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade41
-rwxr-xr-xelements/undercloud-install/os-refresh-config/post-configure.d/98-undercloud-setup44
-rw-r--r--imagefactory/Makefile66
-rw-r--r--imagefactory/dib_deploy_ramdisk_ironic.tdl12
-rw-r--r--imagefactory/dib_discovery_ramdisk.tdl12
-rw-r--r--imagefactory/dib_overcloud_cinder_volume.tdl12
-rw-r--r--imagefactory/dib_overcloud_compute.tdl12
-rw-r--r--imagefactory/dib_overcloud_control.tdl12
-rw-r--r--imagefactory/dib_overcloud_swift_storage.tdl12
-rw-r--r--imagefactory/input_image.ks26
-rw-r--r--imagefactory/input_image.tdl12
-rw-r--r--imagefactory/utility_image.ks41
-rw-r--r--imagefactory/utility_image.tdl15
-rw-r--r--instack_undercloud/__init__.py18
-rw-r--r--instack_undercloud/tests/__init__.py0
-rw-r--r--instack_undercloud/tests/test_undercloud.py1635
-rw-r--r--instack_undercloud/tests/test_validator.py274
-rw-r--r--instack_undercloud/undercloud.py2405
-rw-r--r--instack_undercloud/validator.py211
-rw-r--r--json-files/centos-7-undercloud-packages.json35
-rw-r--r--json-files/rhel-7-undercloud-packages.json35
-rw-r--r--lower-constraints.txt84
-rw-r--r--releasenotes/notes/6.0.0-7413b6a7cecc00b6.yaml25
-rw-r--r--releasenotes/notes/Configure-auth-and-authtoken-for-novajoin-0cadd15e79b54c47.yaml4
-rw-r--r--releasenotes/notes/TLS-by-default-bc12660c12ba7ab1.yaml5
-rw-r--r--releasenotes/notes/add-additional-endpoints-96cb28a13c79e9d9.yaml5
-rw-r--r--releasenotes/notes/add-certificate-ekus-13e92513c562f0dc.yaml5
-rw-r--r--releasenotes/notes/add-gnocchi-event-dispatcher-d70df046292e333e.yaml4
-rw-r--r--releasenotes/notes/add-os-auth-type-5ed9338e73e0e172.yaml4
-rw-r--r--releasenotes/notes/add-variables-for-ironic-inspector-proxy-5fd349c75e3c054a.yaml6
-rw-r--r--releasenotes/notes/ansible-deploy-a257e06fddb7001f.yaml9
-rw-r--r--releasenotes/notes/change-cert-precedence-e1926868d137aa1d.yaml6
-rw-r--r--releasenotes/notes/change-default-nonssl-undercloud-ports-34e60f87f3eb7ad6.yaml12
-rw-r--r--releasenotes/notes/configurable-clients-endpoint_type-fc658f7ae935133f.yaml7
-rw-r--r--releasenotes/notes/create-heat-cfn-endpoint-c7c00e3b61a98b5e.yaml6
-rw-r--r--releasenotes/notes/deprecate-instack-virt-setup-0e76669d1e068408.yaml3
-rw-r--r--releasenotes/notes/deprecate_auth_uri_parameter-545d2c29c84c7c64.yaml4
-rw-r--r--releasenotes/notes/deprecate_instack-083e17fb09f07fa0.yaml5
-rw-r--r--releasenotes/notes/disable-ceilometer-api-14b270afc22d75c1.yaml6
-rw-r--r--releasenotes/notes/disable-ceilometer-collector-64bbcbe58b122721.yaml6
-rw-r--r--releasenotes/notes/disable-telemetry-by-default-d596b78fc08df1a9.yaml10
-rw-r--r--releasenotes/notes/disallow-ip-changes-bde0e2528544c71b.yaml11
-rw-r--r--releasenotes/notes/dnsmask-pxe-filter-start-stop-commands-c1f71c6f38f27c78.yaml6
-rw-r--r--releasenotes/notes/docker_registry_mirror-41c5a17eec6133f2.yaml6
-rw-r--r--releasenotes/notes/domain_params-63ef884e1ee154c0.yaml6
-rw-r--r--releasenotes/notes/drop-ceilometer-collector-c47d9aa6d47efedf.yaml5
-rw-r--r--releasenotes/notes/drop-legacy-ceilometer-api-b4b3540353f24905.yaml5
-rw-r--r--releasenotes/notes/enable-cinder-description-c53f8dc3a61e27c1.yaml5
-rw-r--r--releasenotes/notes/fix-mistral-error-handling-58010a43f53ded5e.yaml6
-rw-r--r--releasenotes/notes/fix-panko-ssl-port-d812becf99525a9a.yaml4
-rw-r--r--releasenotes/notes/fix_ntp_configuration-1a74dd4e02a622f5.yaml5
-rw-r--r--releasenotes/notes/heat-convergence-fea9886b21ff02a5.yaml10
-rw-r--r--releasenotes/notes/heat-dbsync-timeout-4301fb54b8711df5.yaml8
-rw-r--r--releasenotes/notes/heat-over-httpd-ae66469c8390b626.yaml3
-rw-r--r--releasenotes/notes/hw-types-ded17c6d920e1feb.yaml11
-rw-r--r--releasenotes/notes/include-swap-in-memory-check-fe378284f06aae1a.yaml7
-rw-r--r--releasenotes/notes/insecure_registries-58ffd10f75112b31.yaml7
-rw-r--r--releasenotes/notes/inspector-additional-hooks-9a5c8f5aad2bac31.yaml6
-rw-r--r--releasenotes/notes/inspector-boot-mode-3c651f40d95abb46.yaml16
-rw-r--r--releasenotes/notes/inspector-mysql-0985b0bc920c8b34.yaml9
-rw-r--r--releasenotes/notes/ipmi-cred-7d3b52a2618b66f7.yaml6
-rw-r--r--releasenotes/notes/ipv6-disabled-sysctl-settings-7120b2af4d72b8ad.yaml6
-rw-r--r--releasenotes/notes/ironic-api-version-d2b4ec1474918f12.yaml10
-rw-r--r--releasenotes/notes/ironic-api-version-pike-4264d815385cba7a.yaml5
-rw-r--r--releasenotes/notes/ironic-dbsync-da5d047e92841f78.yaml9
-rw-r--r--releasenotes/notes/ironic-inspector-use-pxe-filter-dnsmasq-611a69bc12011989.yaml3
-rw-r--r--releasenotes/notes/ironic-ssh-removal-72982955d848dfb3.yaml5
-rw-r--r--releasenotes/notes/keystone_authtoken-44befee30afcc206.yaml3
-rw-r--r--releasenotes/notes/keystonev3-4442d170d02d8dad.yaml4
-rw-r--r--releasenotes/notes/logging-cron-291af6500bf05143.yaml5
-rw-r--r--releasenotes/notes/maintain-member-role-ecc556d81ce583a1.yaml9
-rw-r--r--releasenotes/notes/memcached_hardening-3d6984c9b6e5f3f3.yaml4
-rw-r--r--releasenotes/notes/migrate-plans-36bdf9a667ce02d5.yaml4
-rw-r--r--releasenotes/notes/migrate-to-hardware-types-df0b6a3bd0f818fc.yaml9
-rw-r--r--releasenotes/notes/mistral_cron_trigger_subsystem_interval-fdacb60599948e91.yaml6
-rw-r--r--releasenotes/notes/mysql-timeout-ec1444c45da24a1e.yaml6
-rw-r--r--releasenotes/notes/networking-baremetal-ml2-4b50d6bab617c00c.yaml5
-rw-r--r--releasenotes/notes/node-discovery-8264e0c97cb5e00f.yaml10
-rw-r--r--releasenotes/notes/nova-cert-9a8bbad1d51c0928.yaml4
-rw-r--r--releasenotes/notes/nova_cells_setup-471df6c9dd45166c.yaml3
-rw-r--r--releasenotes/notes/nova_db-677f60f74ba34df9.yaml10
-rw-r--r--releasenotes/notes/nova_eventlet-84ad971618732da9.yaml7
-rw-r--r--releasenotes/notes/numa-topology-collector-8b000ce29863eecf.yaml8
-rw-r--r--releasenotes/notes/ovirt-driver-caa85e9a99ba1aef.yaml6
-rw-r--r--releasenotes/notes/relax-validation-for-ui-f27a5e9b64d1d6c1.yaml17
-rw-r--r--releasenotes/notes/remove-image_path-configuration-9092b1c78da4d6de.yaml4
-rw-r--r--releasenotes/notes/remove-leftover-tuskar-packages-eeba9cf583a11ee3.yaml10
-rw-r--r--releasenotes/notes/required-memory-increase-b7f22375c1d21aee.yaml6
-rw-r--r--releasenotes/notes/resource-class-init-e11b6a630bc47bed.yaml18
-rw-r--r--releasenotes/notes/restart-collector-b043489fcdf1e9c7.yaml4
-rw-r--r--releasenotes/notes/routed-subnets-undercloud-64bb87222db0555b.yaml98
-rw-r--r--releasenotes/notes/run-ceilometer-gnocchi-upgrade-215cb426d25d11e9.yaml4
-rw-r--r--releasenotes/notes/set-dns-domain-08abe0d0fe7d2e65.yaml6
-rw-r--r--releasenotes/notes/set-event-publishers-6d687ba1c4235a21.yaml5
-rw-r--r--releasenotes/notes/set-valid-hosts-file-49d6aa96365908a7.yaml7
-rw-r--r--releasenotes/notes/stackrc-v3-1e4513172af13806.yaml6
-rw-r--r--releasenotes/notes/stop-using-mistral-env-41e6d19d999791dd.yaml9
-rw-r--r--releasenotes/notes/swift-undercloud-logging-bf103e33fb444f01.yaml5
-rw-r--r--releasenotes/notes/swift_zaqar-d476d1a8eb946776.yaml5
-rw-r--r--releasenotes/notes/switch-to-hw-types-b3abf03ef9b7973b.yaml23
-rw-r--r--releasenotes/notes/update-ps1-in-rc-files-ee0edbebcd75c6fc.yaml6
-rw-r--r--releasenotes/notes/update-ui-config-18c8701da3f7d3c1.yaml7
-rw-r--r--releasenotes/notes/validate-local-interface-faec300f80fadadf.yaml9
-rw-r--r--releasenotes/notes/wire-up-tripleo-validations-undercloud-upgrade.yaml-244b86a00b260888.yaml9
-rw-r--r--releasenotes/notes/wire_up_undercloud_debug-f6fd5d21dfbab696.yaml6
-rw-r--r--releasenotes/notes/zaqar-httpd-a58c28f84541d482.yaml3
-rw-r--r--releasenotes/source/_static/.placeholder0
-rw-r--r--releasenotes/source/conf.py270
-rw-r--r--releasenotes/source/index.rst22
-rw-r--r--releasenotes/source/ocata.rst6
-rw-r--r--releasenotes/source/pike.rst6
-rw-r--r--releasenotes/source/queens.rst6
-rw-r--r--releasenotes/source/rocky.rst6
-rw-r--r--releasenotes/source/unreleased.rst5
-rw-r--r--requirements.txt18
-rw-r--r--scripts/instack-haproxy-cert-update24
-rwxr-xr-xscripts/instack-install-undercloud3
-rwxr-xr-xscripts/instack-pre-upgrade-undercloud3
-rwxr-xr-xscripts/instack-upgrade-undercloud3
-rw-r--r--setup.cfg44
-rw-r--r--setup.py29
-rw-r--r--templates/config.json.template41
-rw-r--r--templates/net-config.json.template25
-rw-r--r--test-requirements.txt19
-rwxr-xr-xtools/releasenotes_tox.sh28
-rw-r--r--tox.ini72
-rw-r--r--undercloud.conf.sample373
-rw-r--r--zuul.d/layout.yaml12
-rw-r--r--zuul.d/project.yaml9
180 files changed, 6 insertions, 9472 deletions
diff --git a/.coveragerc b/.coveragerc
deleted file mode 100644
index 09fb4c5..0000000
--- a/.coveragerc
+++ /dev/null
@@ -1,7 +0,0 @@
1[run]
2branch = True
3source = instack_undercloud
4omit = instack_undercloud/tests/*
5
6[report]
7ignore_errors = True
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 1bf8d6a..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,54 +0,0 @@
1*.py[cod]
2*.sw[op]
3
4# C extensions
5*.so
6
7# Packages
8*.egg
9*.egg-info
10dist
11build
12eggs
13parts
14sdist
15develop-eggs
16.installed.cfg
17lib
18lib64
19
20# Installer logs
21pip-log.txt
22
23# Unit test / coverage reports
24.coverage
25cover
26.tox
27.testrepository
28nosetests.xml
29
30# Translations
31*.mo
32
33# Mr Developer
34.mr.developer.cfg
35.project
36.pydevproject
37*.bundle
38Gemfile.lock
39
40# Mr Mac User
41.DS_Store
42._.DS_Store
43
44# tarballs
45*.tar.gz
46
47# sdist generated stuff
48AUTHORS
49ChangeLog
50
51instack.answers
52
53# Files created by releasenotes build
54releasenotes/build
diff --git a/.gitreview b/.gitreview
index 6dcc1ac..ef1bce9 100644
--- a/.gitreview
+++ b/.gitreview
@@ -3,3 +3,4 @@ host=review.openstack.org
3port=29418 3port=29418
4project=openstack/instack-undercloud 4project=openstack/instack-undercloud
5defaultbranch=master 5defaultbranch=master
6
diff --git a/.testr.conf b/.testr.conf
deleted file mode 100644
index 8c84c21..0000000
--- a/.testr.conf
+++ /dev/null
@@ -1,4 +0,0 @@
1[DEFAULT]
2test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_TEST_TIMEOUT=60 OS_LOG_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./instack_undercloud ./instack_undercloud $LISTOPT $IDOPTION
3test_id_option=--load-list $IDFILE
4test_list_option=--list
diff --git a/Gemfile b/Gemfile
deleted file mode 100644
index 114397c..0000000
--- a/Gemfile
+++ /dev/null
@@ -1,22 +0,0 @@
1source ENV['GEM_SOURCE'] || "https://rubygems.org"
2
3group :development, :test, :system_tests do
4 gem 'puppet-openstack_spec_helper',
5 :git => 'https://git.openstack.org/openstack/puppet-openstack_spec_helper',
6 :branch => 'master',
7 :require => false
8end
9
10if facterversion = ENV['FACTER_GEM_VERSION']
11 gem 'facter', facterversion, :require => false
12else
13 gem 'facter', :require => false
14end
15
16if puppetversion = ENV['PUPPET_GEM_VERSION']
17 gem 'puppet', puppetversion, :require => false
18else
19 gem 'puppet', :require => false
20end
21
22# vim:ft=ruby
diff --git a/LICENSE b/LICENSE
deleted file mode 100644
index 67db858..0000000
--- a/LICENSE
+++ /dev/null
@@ -1,175 +0,0 @@
1
2 Apache License
3 Version 2.0, January 2004
4 http://www.apache.org/licenses/
5
6 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7
8 1. Definitions.
9
10 "License" shall mean the terms and conditions for use, reproduction,
11 and distribution as defined by Sections 1 through 9 of this document.
12
13 "Licensor" shall mean the copyright owner or entity authorized by
14 the copyright owner that is granting the License.
15
16 "Legal Entity" shall mean the union of the acting entity and all
17 other entities that control, are controlled by, or are under common
18 control with that entity. For the purposes of this definition,
19 "control" means (i) the power, direct or indirect, to cause the
20 direction or management of such entity, whether by contract or
21 otherwise, or (ii) ownership of fifty percent (50%) or more of the
22 outstanding shares, or (iii) beneficial ownership of such entity.
23
24 "You" (or "Your") shall mean an individual or Legal Entity
25 exercising permissions granted by this License.
26
27 "Source" form shall mean the preferred form for making modifications,
28 including but not limited to software source code, documentation
29 source, and configuration files.
30
31 "Object" form shall mean any form resulting from mechanical
32 transformation or translation of a Source form, including but
33 not limited to compiled object code, generated documentation,
34 and conversions to other media types.
35
36 "Work" shall mean the work of authorship, whether in Source or
37 Object form, made available under the License, as indicated by a
38 copyright notice that is included in or attached to the work
39 (an example is provided in the Appendix below).
40
41 "Derivative Works" shall mean any work, whether in Source or Object
42 form, that is based on (or derived from) the Work and for which the
43 editorial revisions, annotations, elaborations, or other modifications
44 represent, as a whole, an original work of authorship. For the purposes
45 of this License, Derivative Works shall not include works that remain
46 separable from, or merely link (or bind by name) to the interfaces of,
47 the Work and Derivative Works thereof.
48
49 "Contribution" shall mean any work of authorship, including
50 the original version of the Work and any modifications or additions
51 to that Work or Derivative Works thereof, that is intentionally
52 submitted to Licensor for inclusion in the Work by the copyright owner
53 or by an individual or Legal Entity authorized to submit on behalf of
54 the copyright owner. For the purposes of this definition, "submitted"
55 means any form of electronic, verbal, or written communication sent
56 to the Licensor or its representatives, including but not limited to
57 communication on electronic mailing lists, source code control systems,
58 and issue tracking systems that are managed by, or on behalf of, the
59 Licensor for the purpose of discussing and improving the Work, but
60 excluding communication that is conspicuously marked or otherwise
61 designated in writing by the copyright owner as "Not a Contribution."
62
63 "Contributor" shall mean Licensor and any individual or Legal Entity
64 on behalf of whom a Contribution has been received by Licensor and
65 subsequently incorporated within the Work.
66
67 2. Grant of Copyright License. Subject to the terms and conditions of
68 this License, each Contributor hereby grants to You a perpetual,
69 worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70 copyright license to reproduce, prepare Derivative Works of,
71 publicly display, publicly perform, sublicense, and distribute the
72 Work and such Derivative Works in Source or Object form.
73
74 3. Grant of Patent License. Subject to the terms and conditions of
75 this License, each Contributor hereby grants to You a perpetual,
76 worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77 (except as stated in this section) patent license to make, have made,
78 use, offer to sell, sell, import, and otherwise transfer the Work,
79 where such license applies only to those patent claims licensable
80 by such Contributor that are necessarily infringed by their
81 Contribution(s) alone or by combination of their Contribution(s)
82 with the Work to which such Contribution(s) was submitted. If You
83 institute patent litigation against any entity (including a
84 cross-claim or counterclaim in a lawsuit) alleging that the Work
85 or a Contribution incorporated within the Work constitutes direct
86 or contributory patent infringement, then any patent licenses
87 granted to You under this License for that Work shall terminate
88 as of the date such litigation is filed.
89
90 4. Redistribution. You may reproduce and distribute copies of the
91 Work or Derivative Works thereof in any medium, with or without
92 modifications, and in Source or Object form, provided that You
93 meet the following conditions:
94
95 (a) You must give any other recipients of the Work or
96 Derivative Works a copy of this License; and
97
98 (b) You must cause any modified files to carry prominent notices
99 stating that You changed the files; and
100
101 (c) You must retain, in the Source form of any Derivative Works
102 that You distribute, all copyright, patent, trademark, and
103 attribution notices from the Source form of the Work,
104 excluding those notices that do not pertain to any part of
105 the Derivative Works; and
106
107 (d) If the Work includes a "NOTICE" text file as part of its
108 distribution, then any Derivative Works that You distribute must
109 include a readable copy of the attribution notices contained
110 within such NOTICE file, excluding those notices that do not
111 pertain to any part of the Derivative Works, in at least one
112 of the following places: within a NOTICE text file distributed
113 as part of the Derivative Works; within the Source form or
114 documentation, if provided along with the Derivative Works; or,
115 within a display generated by the Derivative Works, if and
116 wherever such third-party notices normally appear. The contents
117 of the NOTICE file are for informational purposes only and
118 do not modify the License. You may add Your own attribution
119 notices within Derivative Works that You distribute, alongside
120 or as an addendum to the NOTICE text from the Work, provided
121 that such additional attribution notices cannot be construed
122 as modifying the License.
123
124 You may add Your own copyright statement to Your modifications and
125 may provide additional or different license terms and conditions
126 for use, reproduction, or distribution of Your modifications, or
127 for any such Derivative Works as a whole, provided Your use,
128 reproduction, and distribution of the Work otherwise complies with
129 the conditions stated in this License.
130
131 5. Submission of Contributions. Unless You explicitly state otherwise,
132 any Contribution intentionally submitted for inclusion in the Work
133 by You to the Licensor shall be under the terms and conditions of
134 this License, without any additional terms or conditions.
135 Notwithstanding the above, nothing herein shall supersede or modify
136 the terms of any separate license agreement you may have executed
137 with Licensor regarding such Contributions.
138
139 6. Trademarks. This License does not grant permission to use the trade
140 names, trademarks, service marks, or product names of the Licensor,
141 except as required for reasonable and customary use in describing the
142 origin of the Work and reproducing the content of the NOTICE file.
143
144 7. Disclaimer of Warranty. Unless required by applicable law or
145 agreed to in writing, Licensor provides the Work (and each
146 Contributor provides its Contributions) on an "AS IS" BASIS,
147 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 implied, including, without limitation, any warranties or conditions
149 of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 PARTICULAR PURPOSE. You are solely responsible for determining the
151 appropriateness of using or redistributing the Work and assume any
152 risks associated with Your exercise of permissions under this License.
153
154 8. Limitation of Liability. In no event and under no legal theory,
155 whether in tort (including negligence), contract, or otherwise,
156 unless required by applicable law (such as deliberate and grossly
157 negligent acts) or agreed to in writing, shall any Contributor be
158 liable to You for damages, including any direct, indirect, special,
159 incidental, or consequential damages of any character arising as a
160 result of this License or out of the use or inability to use the
161 Work (including but not limited to damages for loss of goodwill,
162 work stoppage, computer failure or malfunction, or any and all
163 other commercial damages or losses), even if such Contributor
164 has been advised of the possibility of such damages.
165
166 9. Accepting Warranty or Additional Liability. While redistributing
167 the Work or Derivative Works thereof, You may choose to offer,
168 and charge a fee for, acceptance of support, warranty, indemnity,
169 or other liability obligations and/or rights consistent with this
170 License. However, in accepting such obligations, You may act only
171 on Your own behalf and on Your sole responsibility, not on behalf
172 of any other Contributor, and only if You agree to indemnify,
173 defend, and hold each Contributor harmless for any liability
174 incurred by, or claims asserted against, such Contributor by reason
175 of your accepting any such warranty or additional liability.
diff --git a/README.md b/README.md
deleted file mode 100644
index c27cc9c..0000000
--- a/README.md
+++ /dev/null
@@ -1,18 +0,0 @@
1Team and repository tags
2========================
3
4[![Team and repository tags](https://governance.openstack.org/tc/badges/instack-undercloud.svg)](https://governance.openstack.org/tc/reference/tags/index.html)
5
6<!-- Change things from this point on -->
7
8Undercloud Install via instack
9==============================
10
11instack-undercloud is tooling for installing a TripleO undercloud.
12
13It is part of the TripleO project:
14https://docs.openstack.org/tripleo-docs/latest/
15
16* Free software: Apache license
17* Source: https://git.openstack.org/cgit/openstack/instack-undercloud
18* Bugs: https://bugs.launchpad.net/tripleo
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..b78599a
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,5 @@
1This project is no longer maintained.
2
3The contents of this repository are still available in the Git source code management system. To see the contents of this repository before it reached its end of life, please check out the previous commit with "git checkout HEAD^1".
4
5For any further questions, please email openstack-dev@lists.openstack.org or join #openstack-dev on Freenode.
diff --git a/Rakefile b/Rakefile
deleted file mode 100644
index 479c55f..0000000
--- a/Rakefile
+++ /dev/null
@@ -1,6 +0,0 @@
1require 'puppetlabs_spec_helper/rake_tasks'
2require 'puppet-lint/tasks/puppet-lint'
3
4PuppetLint.configuration.fail_on_warnings = true
5PuppetLint.configuration.send('disable_80chars')
6PuppetSyntax.fail_on_deprecation_notices = false
diff --git a/bindep.txt b/bindep.txt
deleted file mode 100644
index 81d7558..0000000
--- a/bindep.txt
+++ /dev/null
@@ -1,2 +0,0 @@
1libssl-dev [platform:dpkg test]
2openssl-devel [platform:rpm test]
diff --git a/config-generator/undercloud.conf b/config-generator/undercloud.conf
deleted file mode 100644
index 47d92c8..0000000
--- a/config-generator/undercloud.conf
+++ /dev/null
@@ -1,3 +0,0 @@
1[DEFAULT]
2output_file = undercloud.conf.sample
3namespace = instack-undercloud
diff --git a/doc/source/api/index.rst b/doc/source/api/index.rst
deleted file mode 100644
index 25686f8..0000000
--- a/doc/source/api/index.rst
+++ /dev/null
@@ -1,4 +0,0 @@
1.. toctree::
2 :maxdepth: 1
3
4 undercloud \ No newline at end of file
diff --git a/doc/source/api/undercloud.rst b/doc/source/api/undercloud.rst
deleted file mode 100644
index 8527378..0000000
--- a/doc/source/api/undercloud.rst
+++ /dev/null
@@ -1,8 +0,0 @@
1===================
2 :mod:`undercloud`
3===================
4
5.. automodule:: instack_undercloud.undercloud
6 :members:
7 :undoc-members:
8 :show-inheritance:
diff --git a/doc/source/conf.py b/doc/source/conf.py
deleted file mode 100644
index 35a56e7..0000000
--- a/doc/source/conf.py
+++ /dev/null
@@ -1,278 +0,0 @@
1# -*- coding: utf-8 -*-
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6# http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
11# implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
15
16# If extensions (or modules to document with autodoc) are in another directory,
17# add these directories to sys.path here. If the directory is relative to the
18# documentation root, use os.path.abspath to make it absolute, like shown here.
19#sys.path.insert(0, os.path.abspath('.'))
20
21# -- General configuration ------------------------------------------------
22
23
24# If your documentation needs a minimal Sphinx version, state it here.
25#needs_sphinx = '1.0'
26
27# Add any Sphinx extension module names here, as strings. They can be
28# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
29# ones.
30extensions = [
31 'sphinx.ext.autodoc',
32 'sphinx.ext.intersphinx',
33 'openstackdocstheme',
34]
35
36# Add any paths that contain templates here, relative to this directory.
37templates_path = ['_templates']
38
39# The suffix of source filenames.
40source_suffix = '.rst'
41
42# The encoding of source files.
43#source_encoding = 'utf-8-sig'
44
45# The master toctree document.
46master_doc = 'index'
47
48# General information about the project.
49project = u'Instack Undercloud'
50copyright = u'2015, OpenStack Foundation'
51bug_tracker = u'Launchpad'
52bug_tracker_url = u'https://launchpad.net/tripleo'
53
54# The version info for the project you're documenting, acts as replacement for
55# |version| and |release|, also used in various other places throughout the
56# built documents.
57#
58# The short X.Y version.
59version = '3.0.0'
60# The full version, including alpha/beta/rc tags.
61release = '3.0.0'
62
63# The language for content autogenerated by Sphinx. Refer to documentation
64# for a list of supported languages.
65#language = None
66
67# There are two options for replacing |today|: either, you set today to some
68# non-false value, then it is used:
69#today = ''
70# Else, today_fmt is used as the format for a strftime call.
71#today_fmt = '%B %d, %Y'
72
73# List of patterns, relative to source directory, that match files and
74# directories to ignore when looking for source files.
75exclude_patterns = []
76
77# The reST default role (used for this markup: `text`) to use for all
78# documents.
79#default_role = None
80
81# If true, '()' will be appended to :func: etc. cross-reference text.
82#add_function_parentheses = True
83
84# If true, the current module name will be prepended to all description
85# unit titles (such as .. function::).
86#add_module_names = True
87
88# If true, sectionauthor and moduleauthor directives will be shown in the
89# output. They are ignored by default.
90#show_authors = False
91
92# The name of the Pygments (syntax highlighting) style to use.
93pygments_style = 'sphinx'
94
95# A list of ignored prefixes for module index sorting.
96#modindex_common_prefix = []
97
98# If true, keep warnings as "system message" paragraphs in the built documents.
99#keep_warnings = False
100
101
102# -- Options for HTML output ----------------------------------------------
103
104# The theme to use for HTML and HTML Help pages. See the documentation for
105# a list of builtin themes.
106html_theme = 'openstackdocs'
107
108# Theme options are theme-specific and customize the look and feel of a theme
109# further. For a list of options available for each theme, see the
110# documentation.
111#html_theme_options = {}
112
113# Add any paths that contain custom themes here, relative to this directory.
114# html_theme_path = []
115
116# The name for this set of Sphinx documents. If None, it defaults to
117# "<project> v<release> documentation".
118#html_title = None
119
120# A shorter title for the navigation bar. Default is the same as html_title.
121#html_short_title = None
122
123# The name of an image file (relative to this directory) to place at the top
124# of the sidebar.
125#html_logo = None
126
127# The name of an image file (within the static path) to use as favicon of the
128# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
129# pixels large.
130#html_favicon = None
131
132# Add any paths that contain custom static files (such as style sheets) here,
133# relative to this directory. They are copied after the builtin static files,
134# so a file named "default.css" will overwrite the builtin "default.css".
135#html_static_path = ['_static']
136
137# Add any extra paths that contain custom files (such as robots.txt or
138# .htaccess) here, relative to this directory. These files are copied
139# directly to the root of the documentation.
140#html_extra_path = []
141
142# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
143# using the given strftime format.
144html_last_updated_fmt = '%Y-%m-%d %H:%M'
145
146# If true, SmartyPants will be used to convert quotes and dashes to
147# typographically correct entities.
148#html_use_smartypants = True
149
150# Custom sidebar templates, maps document names to template names.
151#html_sidebars = {}
152
153# Additional templates that should be rendered to pages, maps page names to
154# template names.
155#html_additional_pages = {}
156
157# If false, no module index is generated.
158#html_domain_indices = True
159
160# If false, no index is generated.
161#html_use_index = True
162
163# If true, the index is split into individual pages for each letter.
164#html_split_index = False
165
166# If true, links to the reST sources are added to the pages.
167#html_show_sourcelink = True
168
169# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
170#html_show_sphinx = True
171
172# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
173#html_show_copyright = True
174
175# If true, an OpenSearch description file will be output, and all pages will
176# contain a <link> tag referring to it. The value of this option must be the
177# base URL from which the finished HTML is served.
178#html_use_opensearch = ''
179
180# This is the file name suffix for HTML files (e.g. ".xhtml").
181#html_file_suffix = None
182
183# Output file base name for HTML help builder.
184htmlhelp_basename = 'instack-underclouddoc'
185
186
187# -- Options for LaTeX output ---------------------------------------------
188
189latex_elements = {
190# The paper size ('letterpaper' or 'a4paper').
191#'papersize': 'letterpaper',
192
193# The font size ('10pt', '11pt' or '12pt').
194#'pointsize': '10pt',
195
196# Additional stuff for the LaTeX preamble.
197#'preamble': '',
198}
199
200# Grouping the document tree into LaTeX files. List of tuples
201# (source start file, target name, title,
202# author, documentclass [howto, manual, or own class]).
203latex_documents = [
204 ('index', 'instack-undercloud.tex', u'instack-undercloud Documentation',
205 u'2015, OpenStack Foundation', 'manual'),
206]
207
208# The name of an image file (relative to this directory) to place at the top of
209# the title page.
210#latex_logo = None
211
212# For "manual" documents, if this is true, then toplevel headings are parts,
213# not chapters.
214#latex_use_parts = False
215
216# If true, show page references after internal links.
217#latex_show_pagerefs = False
218
219# If true, show URL addresses after external links.
220#latex_show_urls = False
221
222# Documents to append as an appendix to all manuals.
223#latex_appendices = []
224
225# If false, no module index is generated.
226#latex_domain_indices = True
227
228
229# -- Options for manual page output ---------------------------------------
230
231# One entry per manual page. List of tuples
232# (source start file, name, description, authors, manual section).
233man_pages = [
234 ('index', 'instack-undercloud', u'instack-undercloud Documentation',
235 [u'2015, OpenStack Foundation'], 1)
236]
237
238# If true, show URL addresses after external links.
239#man_show_urls = False
240
241
242# -- Options for Texinfo output -------------------------------------------
243
244# Grouping the document tree into Texinfo files. List of tuples
245# (source start file, target name, title, author,
246# dir menu entry, description, category)
247texinfo_documents = [
248 ('index', 'instack-undercloud', u'instack-undercloud Documentation',
249 u'2015, OpenStack Foundation', 'instack-undercloud',
250 'Tooling for installing TripleO undercloud.',
251 'Miscellaneous'),
252]
253
254# Documents to append as an appendix to all manuals.
255#texinfo_appendices = []
256
257# If false, no module index is generated.
258#texinfo_domain_indices = True
259
260# How to display URL addresses: 'footnote', 'no', or 'inline'.
261#texinfo_show_urls = 'footnote'
262
263# If true, do not generate a @detailmenu in the "Top" node's menu.
264#texinfo_no_detailmenu = False
265
266# -- Options for Internationalization output ------------------------------
267locale_dirs = ['locale/']
268
269# openstackdocstheme options
270repository_name = 'openstack/instack-undercloud'
271bug_project = 'tripleo'
272bug_tag = 'documentation'
273
274rst_prolog = """
275.. |project| replace:: %s
276.. |bug_tracker| replace:: %s
277.. |bug_tracker_url| replace:: %s
278""" % (project, bug_tracker, bug_tracker_url)
diff --git a/doc/source/index.rst b/doc/source/index.rst
deleted file mode 100644
index 42d8e0e..0000000
--- a/doc/source/index.rst
+++ /dev/null
@@ -1,24 +0,0 @@
1Welcome to |project| documentation
2====================================
3
4The instack-undercloud project has code and diskimage-builder
5elements for deploying a TripleO undercloud to an existing system.
6
7See the `TripleO documentation`_ for the full end-to-end workflow.
8
9.. _`TripleO documentation`: https://docs.openstack.org/tripleo-docs/latest/
10
11API Documentation
12=================
13
14.. toctree::
15 :maxdepth: 1
16
17 api/index
18
19Indices and tables
20==================
21
22* :ref:`genindex`
23* :ref:`modindex`
24* :ref:`search`
diff --git a/elements/centos-cr/README.rst b/elements/centos-cr/README.rst
deleted file mode 100644
index 29aaecc..0000000
--- a/elements/centos-cr/README.rst
+++ /dev/null
@@ -1,4 +0,0 @@
1Enable the CentOS CR Repo
2
3Allow use of packages from the CentOS CR repository, per the instructions at
4https://wiki.centos.org/AdditionalResources/Repositories/CR
diff --git a/elements/centos-cr/pre-install.d/00-enable-cr-repo b/elements/centos-cr/pre-install.d/00-enable-cr-repo
deleted file mode 100755
index 2162e48..0000000
--- a/elements/centos-cr/pre-install.d/00-enable-cr-repo
+++ /dev/null
@@ -1,9 +0,0 @@
1#!/bin/bash
2
3set -eux
4set -o pipefail
5
6# Per https://seven.centos.org/2015/03/centos-7-cr-repo-has-been-populated/
7# we need to update before we can enable the cr repo.
8yum -y update
9yum-config-manager --enable cr
diff --git a/elements/instack-vm/README.md b/elements/instack-vm/README.md
deleted file mode 100644
index 12dd1d2..0000000
--- a/elements/instack-vm/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
1Build an instack vm image
2
3This element allows building an instack vm image using diskimage-builder. To build
4the image simply include this element and the appropriate distro element.
5For example:
6
7disk-image-create -a amd64 -o instack \
8 --image-size 30 \
9 fedora instack-vm \ No newline at end of file
diff --git a/elements/instack-vm/element-deps b/elements/instack-vm/element-deps
deleted file mode 100644
index af9e881..0000000
--- a/elements/instack-vm/element-deps
+++ /dev/null
@@ -1,3 +0,0 @@
1local-config
2package-installs
3vm
diff --git a/elements/instack-vm/extra-data.d/50-add-instack-files b/elements/instack-vm/extra-data.d/50-add-instack-files
deleted file mode 100755
index 593b6fd..0000000
--- a/elements/instack-vm/extra-data.d/50-add-instack-files
+++ /dev/null
@@ -1,18 +0,0 @@
1#!/bin/bash
2
3set -eu
4set -o pipefail
5
6ANSWERSFILE=${ANSWERSFILE:-""}
7
8if [ -z "$ANSWERSFILE" ]; then
9 echo "\$ANSWERSFILE should be defined."
10 exit 1
11fi
12
13file_list="$ANSWERSFILE
14$TE_DATAFILE"
15
16for f in $file_list; do
17 cp "$f" "$TMP_HOOKS_PATH"
18done
diff --git a/elements/instack-vm/install.d/50-ip-forward b/elements/instack-vm/install.d/50-ip-forward
deleted file mode 100755
index dfe2af8..0000000
--- a/elements/instack-vm/install.d/50-ip-forward
+++ /dev/null
@@ -1,10 +0,0 @@
1#!/bin/bash
2
3set -eux
4set -o pipefail
5
6# When using instack-virt-setup, it makes sense to always enable IP forwarding
7# so the Overcloud nodes can have external access.
8cat > /etc/sysctl.d/ip-forward.conf <<EOF
9net.ipv4.ip_forward=1
10EOF
diff --git a/elements/instack-vm/install.d/51-instack-files b/elements/instack-vm/install.d/51-instack-files
deleted file mode 100755
index 1ed2a83..0000000
--- a/elements/instack-vm/install.d/51-instack-files
+++ /dev/null
@@ -1,19 +0,0 @@
1#!/bin/bash
2
3set -eu
4set -o pipefail
5
6useradd -m stack
7
8cat > /etc/sudoers.d/stack <<eof
9stack ALL=(ALL) NOPASSWD:ALL
10eof
11
12chmod 0440 /etc/sudoers.d/stack
13visudo -c
14
15mkdir -p /home/stack/.ssh
16cp /tmp/in_target.d/undercloud.conf.sample /home/stack/undercloud.conf
17cp /tmp/in_target.d/$(basename $TE_DATAFILE) /home/stack/instackenv.json
18
19chown -R stack:stack /home/stack
diff --git a/elements/instack-vm/package-installs.yaml b/elements/instack-vm/package-installs.yaml
deleted file mode 100644
index b16d2e3..0000000
--- a/elements/instack-vm/package-installs.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
1net-tools:
2yum-utils:
3git:
diff --git a/elements/instack-vm/post-install.d/90-remove-cloud-init b/elements/instack-vm/post-install.d/90-remove-cloud-init
deleted file mode 100755
index fd50478..0000000
--- a/elements/instack-vm/post-install.d/90-remove-cloud-init
+++ /dev/null
@@ -1,6 +0,0 @@
1#!/bin/bash
2
3set -eu
4set -o pipefail
5
6yum erase -y cloud-init
diff --git a/elements/instack-vm/post-install.d/90-set-hostname b/elements/instack-vm/post-install.d/90-set-hostname
deleted file mode 100755
index 215e3f1..0000000
--- a/elements/instack-vm/post-install.d/90-set-hostname
+++ /dev/null
@@ -1,7 +0,0 @@
1#!/bin/bash
2
3set -eux
4set -o pipefail
5
6echo "$UNDERCLOUD_VM_NAME.localdomain" > /etc/hostname
7echo "127.0.0.1 $UNDERCLOUD_VM_NAME $UNDERCLOUD_VM_NAME.localdomain" >> /etc/hosts
diff --git a/elements/overcloud-full/README.rst b/elements/overcloud-full/README.rst
deleted file mode 100644
index 90c9129..0000000
--- a/elements/overcloud-full/README.rst
+++ /dev/null
@@ -1,13 +0,0 @@
1overcloud-full
2==============
3
4Element for the overcloud-full image created by instack-undercloud.
5
6Workarounds
7-----------
8
9This element can be used to apply needed workarounds.
10
11* openstack-glance-api and openstack-glance-registry are currently installed
12 explicitly since this is not handled by the overcloud-control element from
13 tripleo-puppet-elements
diff --git a/elements/overcloud-full/install.d/50-persistent-journal b/elements/overcloud-full/install.d/50-persistent-journal
deleted file mode 100755
index 2721c7b..0000000
--- a/elements/overcloud-full/install.d/50-persistent-journal
+++ /dev/null
@@ -1,7 +0,0 @@
1#!/bin/bash
2
3set -eu
4set -o pipefail
5
6# Enable persistent logging for the systemd journal
7mkdir -p /var/log/journal
diff --git a/elements/overcloud-full/package-installs.yaml b/elements/overcloud-full/package-installs.yaml
deleted file mode 100644
index a533d53..0000000
--- a/elements/overcloud-full/package-installs.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
1openstack-glance-api:
2openstack-glance-registry:
diff --git a/elements/overcloud-full/post-install.d/50-remove-libvirt-default-net b/elements/overcloud-full/post-install.d/50-remove-libvirt-default-net
deleted file mode 100755
index 9b13648..0000000
--- a/elements/overcloud-full/post-install.d/50-remove-libvirt-default-net
+++ /dev/null
@@ -1,6 +0,0 @@
1#!/bin/bash
2
3set -eux
4set -o pipefail
5
6rm -f /etc/libvirt/qemu/networks/autostart/default.xml
diff --git a/elements/pip-and-virtualenv-override/README.md b/elements/pip-and-virtualenv-override/README.md
deleted file mode 100644
index de8ffd5..0000000
--- a/elements/pip-and-virtualenv-override/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
1This element will override the behavior from the pip-and-virtualenv element
2from tripleo-image-elements so that python-pip and python-virtualenv are never
3installed.
4
diff --git a/elements/pip-and-virtualenv-override/element-provides b/elements/pip-and-virtualenv-override/element-provides
deleted file mode 100644
index 7c8922a..0000000
--- a/elements/pip-and-virtualenv-override/element-provides
+++ /dev/null
@@ -1 +0,0 @@
1pip-and-virtualenv
diff --git a/elements/puppet-stack-config/README.rst b/elements/puppet-stack-config/README.rst
deleted file mode 100644
index 831caed..0000000
--- a/elements/puppet-stack-config/README.rst
+++ /dev/null
@@ -1,9 +0,0 @@
1puppet-stack-config
2-------------------
3
4puppet-stack-config provides static puppet configuration for a single node
5baremetal cloud using the Ironic driver. A yaml template is used to render a
6hiera data file at /etc/puppet/hieradata/puppet-stack-config.yaml.
7
8The template rendering takes its input from a set of defined environment
9variables.
diff --git a/elements/puppet-stack-config/element-deps b/elements/puppet-stack-config/element-deps
deleted file mode 100644
index 240054d..0000000
--- a/elements/puppet-stack-config/element-deps
+++ /dev/null
@@ -1,2 +0,0 @@
1hiera
2puppet-modules
diff --git a/elements/puppet-stack-config/extra-data.d/10-install-git b/elements/puppet-stack-config/extra-data.d/10-install-git
deleted file mode 100755
index 080192a..0000000
--- a/elements/puppet-stack-config/extra-data.d/10-install-git
+++ /dev/null
@@ -1,5 +0,0 @@
1#!/bin/bash
2
3set -eux
4
5yum -y install git
diff --git a/elements/puppet-stack-config/install.d/02-puppet-stack-config b/elements/puppet-stack-config/install.d/02-puppet-stack-config
deleted file mode 100755
index be71c5d..0000000
--- a/elements/puppet-stack-config/install.d/02-puppet-stack-config
+++ /dev/null
@@ -1,58 +0,0 @@
1#!/usr/bin/python
2# Copyright 2015 Red Hat, Inc.
3# All Rights Reserved.
4#
5# Licensed under the Apache License, Version 2.0 (the "License"); you may
6# not use this file except in compliance with the License. You may obtain
7# a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14# License for the specific language governing permissions and limitations
15# under the License.
16
17import os
18import subprocess
19import tempfile
20
21import pystache
22
23from instack_undercloud import undercloud
24
25renderer = pystache.Renderer(escape=lambda s: s)
26template = os.path.join(os.path.dirname(__file__),
27 '..',
28 'puppet-stack-config.yaml.template')
29
30context = {item: os.environ.get(item)
31 for item in undercloud.InstackEnvironment.PUPPET_KEYS}
32
33endpoint_context = {}
34for k, v in os.environ.items():
35 if k.startswith('UNDERCLOUD_ENDPOINT_'):
36 endpoint_context[k] = v
37context.update(endpoint_context)
38
39# Make sure boolean strings are treated as Bool()
40for k, v in list(context.items()):
41 if v == 'False':
42 context[k] = False
43 elif v == 'True':
44 context[k] = True
45
46with open(template) as f:
47 puppet_stack_config_yaml = renderer.render(f.read(), context)
48
49puppet_stack_config_yaml_path = '/etc/puppet/hieradata/puppet-stack-config.yaml'
50
51if not os.path.exists(os.path.dirname(puppet_stack_config_yaml_path)):
52 os.makedirs(os.path.dirname(puppet_stack_config_yaml_path))
53with open(puppet_stack_config_yaml_path, 'w') as f:
54 f.write(puppet_stack_config_yaml)
55
56# Secure permissions
57os.chmod(os.path.dirname(puppet_stack_config_yaml_path), 0750)
58os.chmod(puppet_stack_config_yaml_path, 0600)
diff --git a/elements/puppet-stack-config/install.d/10-puppet-stack-config-puppet-module b/elements/puppet-stack-config/install.d/10-puppet-stack-config-puppet-module
deleted file mode 100755
index 33993fb..0000000
--- a/elements/puppet-stack-config/install.d/10-puppet-stack-config-puppet-module
+++ /dev/null
@@ -1,7 +0,0 @@
1#!/bin/bash
2
3set -eux
4set -o pipefail
5
6mkdir -p /etc/puppet/manifests
7cp $(dirname $0)/../puppet-stack-config.pp /etc/puppet/manifests/puppet-stack-config.pp
diff --git a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/CentOS.yaml b/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/CentOS.yaml
deleted file mode 100644
index f729830..0000000
--- a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/CentOS.yaml
+++ /dev/null
@@ -1 +0,0 @@
1tripleo::selinux::mode: permissive
diff --git a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml b/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml
deleted file mode 100644
index 1c9d8d6..0000000
--- a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
1rabbitmq::package_provider: yum
2tripleo::selinux::mode: enforcing
3tripleo::profile::base::sshd::options:
4 HostKey:
5 - '/etc/ssh/ssh_host_rsa_key'
6 - '/etc/ssh/ssh_host_ecdsa_key'
7 - '/etc/ssh/ssh_host_ed25519_key'
8 SyslogFacility: 'AUTHPRIV'
9 AuthorizedKeysFile: '.ssh/authorized_keys'
10 ChallengeResponseAuthentication: 'no'
11 GSSAPIAuthentication: 'yes'
12 GSSAPICleanupCredentials: 'no'
13 UsePAM: 'yes'
14 UseDNS: 'no'
15 X11Forwarding: 'yes'
16 UsePrivilegeSeparation: 'sandbox'
17 AcceptEnv:
18 - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
19 - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
20 - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
21 - 'XMODIFIERS'
22 Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
diff --git a/elements/puppet-stack-config/os-refresh-config/configure.d/50-puppet-stack-config b/elements/puppet-stack-config/os-refresh-config/configure.d/50-puppet-stack-config
deleted file mode 100755
index 6433f8f..0000000
--- a/elements/puppet-stack-config/os-refresh-config/configure.d/50-puppet-stack-config
+++ /dev/null
@@ -1,19 +0,0 @@
1#!/bin/bash
2
3set -eux
4set -o pipefail
5
6function puppet_apply {
7 set +e
8 $@ 2>&1
9 rc=$?
10 set -e
11
12 echo "puppet apply exited with exit code $rc"
13
14 if [ $rc != 2 -a $rc != 0 ]; then
15 exit $rc
16 fi
17}
18
19puppet_apply puppet apply --summarize --detailed-exitcodes /etc/puppet/manifests/puppet-stack-config.pp
diff --git a/elements/puppet-stack-config/os-refresh-config/post-configure.d/10-iptables b/elements/puppet-stack-config/os-refresh-config/post-configure.d/10-iptables
deleted file mode 100755
index e5e9c29..0000000
--- a/elements/puppet-stack-config/os-refresh-config/post-configure.d/10-iptables
+++ /dev/null
@@ -1,7 +0,0 @@
1#!/bin/bash
2
3set -eux
4set -o pipefail
5
6EXTERNAL_BRIDGE=br-ctlplane
7iptables -w -t nat -C PREROUTING -d 169.254.169.254/32 -i $EXTERNAL_BRIDGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8775 || iptables -w -t nat -I PREROUTING -d 169.254.169.254/32 -i $EXTERNAL_BRIDGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8775
diff --git a/elements/puppet-stack-config/package-installs.yaml b/elements/puppet-stack-config/package-installs.yaml
deleted file mode 100644
index 3e405ab..0000000
--- a/elements/puppet-stack-config/package-installs.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
1pystache:
2python-oslo-concurrency:
diff --git a/elements/puppet-stack-config/puppet-stack-config.pp b/elements/puppet-stack-config/puppet-stack-config.pp
deleted file mode 100644
index 46f1c2e..0000000
--- a/elements/puppet-stack-config/puppet-stack-config.pp
+++ /dev/null
@@ -1,729 +0,0 @@
1# Copyright 2015 Red Hat, Inc.
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16warning('instack-undercloud is deprecated in Rocky and is replaced by containerized-undercloud.')
17
18# Deploy os-net-config before everything in the catalog
19include ::stdlib
20class { '::tripleo::network::os_net_config':
21 stage => 'setup',
22}
23
24# enable ip forwarding for the overcloud nodes to access the outside internet
25# in cases where they are on an isolated network
26ensure_resource('sysctl::value', 'net.ipv4.ip_forward', { 'value' => 1 })
27# NOTE(aschultz): clear up old file as this used to be managed via DIB
28file { '/etc/sysctl.d/ip-forward.conf':
29 ensure => absent
30}
31# NOTE(aschultz): LP#1750194 - docker will switch FORWARD to DROP if ip_forward
32# is not enabled first.
33Sysctl::Value['net.ipv4.ip_forward'] -> Package<| title == 'docker' |>
34
35# NOTE(aschultz): LP#1754426 - remove cloud-init and disable os-collect-config
36package { 'cloud-init':
37 ensure => 'absent',
38}
39service { 'os-collect-config':
40 ensure => stopped,
41 enable => false,
42}
43
44# Run OpenStack db-sync at every puppet run, in any case.
45Exec<| title == 'neutron-db-sync' |> { refreshonly => false }
46Exec<| title == 'keystone-manage db_sync' |> { refreshonly => false }
47Exec<| title == 'glance-manage db_sync' |> { refreshonly => false }
48Exec<| title == 'nova-db-sync-api' |> { refreshonly => false }
49Exec<| title == 'nova-db-sync' |> { refreshonly => false }
50Exec<| title == 'nova-db-online-data-migrations' |> { refreshonly => false }
51Exec<| title == 'ironic-db-online-data-migrations' |> { refreshonly => false }
52Exec<| title == 'heat-dbsync' |> {
53 refreshonly => false,
54 # Heat database on the undercloud can be really big, db-sync take usually at least 10 min.
55 timeout => 900,
56}
57Exec<| title == 'aodh-db-sync' |> { refreshonly => false }
58Exec<| title == 'ironic-dbsync' |> { refreshonly => false }
59Exec<| title == 'mistral-db-sync' |> { refreshonly => false }
60Exec<| title == 'mistral-db-populate' |> { refreshonly => false }
61Exec<| title == 'zaqar-manage db_sync' |> { refreshonly => false }
62Exec<| title == 'cinder-manage db_sync' |> { refreshonly => false }
63
64Keystone::Resource::Service_identity {
65 default_domain => hiera('keystone_default_domain'),
66}
67
68include ::tripleo::profile::base::time::ntp
69
70include ::rabbitmq
71Class['::rabbitmq'] -> Service['httpd']
72
73include ::tripleo::firewall
74include ::tripleo::selinux
75include ::tripleo::profile::base::kernel
76include ::tripleo::profile::base::certmonger_user
77
78if hiera('tripleo::haproxy::service_certificate', undef) {
79 class {'::tripleo::profile::base::haproxy':
80 enable_load_balancer => true,
81 }
82 include ::tripleo::keepalived
83 # NOTE: The following is required because we need to make sure that keepalived
84 # is up and running before rabbitmq. The reason is that when the undercloud is
85 # with ssl the hostname is configured to one of the VIPs so rabbit will try to
86 # connect to it at startup and if the VIP is not up it will fail (LP#1782814)
87 Class['::tripleo::keepalived'] -> Class['::rabbitmq']
88
89 # NOTE: This is required because the haproxy configuration should be changed
90 # before any keystone operations are triggered. Without this, it will try to
91 # access the new endpoints that point to haproxy even if haproxy hasn't
92 # started yet. The same is the case for ironic and ironic-inspector.
93 Class['::tripleo::haproxy'] -> Anchor['keystone::install::begin']
94}
95
96# MySQL
97include ::tripleo::profile::base::database::mysql
98# Raise the mysql file limit
99exec { 'systemctl-daemon-reload':
100 command => '/bin/systemctl daemon-reload',
101 refreshonly => true,
102}
103file { '/etc/systemd/system/mariadb.service.d':
104 ensure => 'directory',
105 owner => 'root',
106 group => 'root',
107 mode => '0755',
108}
109file { '/etc/systemd/system/mariadb.service.d/limits.conf':
110 ensure => 'file',
111 owner => 'root',
112 group => 'root',
113 mode => '0644',
114 content => "[Service]\nLimitNOFILE=16384\n",
115 require => File['/etc/systemd/system/mariadb.service.d'],
116 notify => [Exec['systemctl-daemon-reload'], Service['mysqld']],
117}
118Exec['systemctl-daemon-reload'] -> Service['mysqld']
119
120file { '/var/log/journal':
121 ensure => 'directory',
122 owner => 'root',
123 group => 'root',
124 mode => '0755',
125 notify => Service['systemd-journald'],
126}
127service { 'systemd-journald':
128 ensure => 'running'
129}
130
131# FIXME: this should only occur on the bootstrap host (ditto for db syncs)
132# Create all the database schemas
133# Example DSN format: mysql+pymysql://user:password@host/dbname
134$allowed_hosts = ['%',hiera('controller_host')]
135$re_dsn = '//([^:]+):([^@]+)@\[?([^/]+?)\]?/([a-z_-]+)'
136$keystone_dsn = match(hiera('keystone::database_connection'), $re_dsn)
137class { '::keystone::db::mysql':
138 user => $keystone_dsn[1],
139 password => $keystone_dsn[2],
140 host => $keystone_dsn[3],
141 dbname => $keystone_dsn[4],
142 allowed_hosts => $allowed_hosts,
143}
144$glance_dsn = match(hiera('glance::api::database_connection'), $re_dsn)
145class { '::glance::db::mysql':
146 user => $glance_dsn[1],
147 password => $glance_dsn[2],
148 host => $glance_dsn[3],
149 dbname => $glance_dsn[4],
150 allowed_hosts => $allowed_hosts,
151}
152$nova_dsn = match(hiera('nova::database_connection'), $re_dsn)
153class { '::nova::db::mysql':
154 user => $nova_dsn[1],
155 password => $nova_dsn[2],
156 host => $nova_dsn[3],
157 dbname => $nova_dsn[4],
158 allowed_hosts => $allowed_hosts,
159}
160$nova_api_dsn = match(hiera('nova::api_database_connection'), $re_dsn)
161class { '::nova::db::mysql_api':
162 user => $nova_api_dsn[1],
163 password => $nova_api_dsn[2],
164 host => $nova_api_dsn[3],
165 dbname => $nova_api_dsn[4],
166 allowed_hosts => $allowed_hosts,
167}
168$nova_placement_dsn = match(hiera('nova::placement_database_connection'), $re_dsn)
169class { '::nova::db::mysql_placement':
170 user => $nova_placement_dsn[1],
171 password => $nova_placement_dsn[2],
172 host => $nova_placement_dsn[3],
173 dbname => $nova_placement_dsn[4],
174 allowed_hosts => $allowed_hosts,
175}
176$neutron_dsn = match(hiera('neutron::server::database_connection'), $re_dsn)
177class { '::neutron::db::mysql':
178 user => $neutron_dsn[1],
179 password => $neutron_dsn[2],
180 host => $neutron_dsn[3],
181 dbname => $neutron_dsn[4],
182 allowed_hosts => $allowed_hosts,
183}
184$heat_dsn = match(hiera('heat_dsn'), $re_dsn)
185class { '::heat::db::mysql':
186 user => $heat_dsn[1],
187 password => $heat_dsn[2],
188 host => $heat_dsn[3],
189 dbname => $heat_dsn[4],
190 allowed_hosts => $allowed_hosts,
191}
192if str2bool(hiera('enable_telemetry', false)) {
193
194 # Ceilometer
195
196 include ::ceilometer::keystone::auth
197 include ::aodh::keystone::auth
198 include ::ceilometer
199 include ::ceilometer::agent::notification
200 include ::ceilometer::agent::central
201 include ::ceilometer::agent::auth
202 include ::ceilometer::dispatcher::gnocchi
203
204 # We need to use exec as the keystone dependency wouldnt allow
205 # us to wait until service is up before running upgrade. This
206 # is because both keystone, gnocchi and ceilometer run under apache.
207 exec { 'ceilo-gnocchi-upgrade':
208 command => 'ceilometer-upgrade --skip-metering-database',
209 path => ['/usr/bin', '/usr/sbin'],
210 }
211
212 # This ensures we can do service validation on gnocchi api before
213 # running ceilometer-upgrade
214 $command = join(['curl -s',
215 hiera('gnocchi_healthcheck_url')], ' ')
216
217 openstacklib::service_validation { 'gnocchi-status':
218 command => $command,
219 tries => 20,
220 refreshonly => true,
221 subscribe => Anchor['gnocchi::service::end']
222 }
223
224# Ensure all endpoint exists and only then run the upgrade.
225 Keystone::Resource::Service_identity<||>
226 -> Openstacklib::Service_validation['gnocchi-status']
227 -> Exec['ceilo-gnocchi-upgrade']
228
229 # Aodh
230 $aodh_dsn = match(hiera('aodh::db::database_connection'), $re_dsn)
231 class { '::aodh::db::mysql':
232 user => $aodh_dsn[1],
233 password => $aodh_dsn[2],
234 host => $aodh_dsn[3],
235 dbname => $aodh_dsn[4],
236 allowed_hosts => $allowed_hosts,
237 }
238 include ::aodh
239 include ::aodh::api
240 include ::aodh::wsgi::apache
241 include ::aodh::evaluator
242 include ::aodh::notifier
243 include ::aodh::listener
244 include ::aodh::client
245 include ::aodh::db::sync
246 include ::aodh::auth
247 include ::aodh::config
248
249 # Gnocchi
250 $gnocchi_dsn = match(hiera('gnocchi::db::database_connection'), $re_dsn)
251 class { '::gnocchi::db::mysql':
252 user => $gnocchi_dsn[1],
253 password => $gnocchi_dsn[2],
254 host => $gnocchi_dsn[3],
255 dbname => $gnocchi_dsn[4],
256 allowed_hosts => $allowed_hosts,
257 }
258 include ::gnocchi
259 include ::gnocchi::keystone::auth
260 include ::gnocchi::api
261 include ::gnocchi::wsgi::apache
262 include ::gnocchi::client
263 include ::gnocchi::db::sync
264 include ::gnocchi::storage
265 include ::gnocchi::metricd
266 include ::gnocchi::statsd
267 include ::gnocchi::config
268 $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift'))
269 case $gnocchi_backend {
270 'swift': { include ::gnocchi::storage::swift }
271 'file': { include ::gnocchi::storage::file }
272 'rbd': { include ::gnocchi::storage::ceph }
273 default: { fail('Unrecognized gnocchi_backend parameter.') }
274 }
275
276 # Panko
277 $panko_dsn = match(hiera('panko::db::database_connection'), $re_dsn)
278 class { '::panko::db::mysql':
279 user => $panko_dsn[1],
280 password => $panko_dsn[2],
281 host => $panko_dsn[3],
282 dbname => $panko_dsn[4],
283 allowed_hosts => $allowed_hosts,
284 }
285 include ::panko
286 include ::panko::keystone::auth
287 include ::panko::config
288 include ::panko::db
289 include ::panko::db::sync
290 include ::panko::api
291 include ::panko::wsgi::apache
292 include ::panko::client
293} else {
294 # If Telemetry is disabled, ensure we tear down everything:
295 # packages, services, configuration files.
296 Package { [
297 'python-aodh',
298 'python-ceilometer',
299 'python-gnocchi',
300 'python-panko'
301 ]:
302 ensure => 'purged',
303 notify => Service['httpd'],
304 }
305 File { [
306 '/etc/httpd/conf.d/10-aodh_wsgi.conf',
307 '/etc/httpd/conf.d/10-ceilometer_wsgi.conf',
308 '/etc/httpd/conf.d/10-gnocchi_wsgi.conf',
309 '/etc/httpd/conf.d/10-panko_wsgi.conf',
310 ]:
311 ensure => absent,
312 notify => Service['httpd'],
313 }
314}
315
316$ironic_dsn = match(hiera('ironic::database_connection'), $re_dsn)
317class { '::ironic::db::mysql':
318 user => $ironic_dsn[1],
319 password => $ironic_dsn[2],
320 host => $ironic_dsn[3],
321 dbname => $ironic_dsn[4],
322 allowed_hosts => $allowed_hosts,
323}
324
325$ironic_inspector_dsn = match(hiera('ironic::inspector::db::database_connection'), $re_dsn)
326class { '::ironic::inspector::db::mysql':
327 user => $ironic_inspector_dsn[1],
328 password => $ironic_inspector_dsn[2],
329 host => $ironic_inspector_dsn[3],
330 dbname => $ironic_inspector_dsn[4],
331 allowed_hosts => $allowed_hosts,
332}
333
334# pre-install swift here so we can build rings
335include ::swift
336
337if hiera('tripleo::haproxy::service_certificate', undef) {
338 $keystone_public_endpoint = join(['https://', hiera('controller_public_host'), ':13000'])
339 $enable_proxy_headers_parsing = true
340} else {
341 $keystone_public_endpoint = undef
342 $enable_proxy_headers_parsing = false
343}
344
345if str2bool(hiera('enable_telemetry', false)) {
346 $notification_topics = ['notifications']
347} else {
348 $notification_topics = []
349}
350
351class { '::keystone':
352 enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
353 notification_topics => $notification_topics,
354}
355include ::keystone::wsgi::apache
356include ::keystone::cron::token_flush
357include ::keystone::roles::admin
358include ::keystone::endpoint
359include ::keystone::cors
360include ::keystone::config
361
362include ::heat::keystone::auth
363include ::heat::keystone::auth_cfn
364include ::neutron::keystone::auth
365include ::glance::keystone::auth
366include ::nova::keystone::auth
367include ::nova::keystone::auth_placement
368include ::swift::keystone::auth
369include ::ironic::keystone::auth
370include ::ironic::keystone::auth_inspector
371
372#TODO: need a cleanup-keystone-tokens.sh solution here
373keystone_config {
374 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2';
375}
376
377# TODO: notifications, scrubber, etc.
378class { '::glance::api':
379 enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
380}
381include ::glance::backend::swift
382include ::glance::notify::rabbitmq
383
384class { '::nova':
385 debug => hiera('debug'),
386 notification_format => 'unversioned',
387}
388
389class { '::nova::api':
390 enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
391}
392include ::nova::wsgi::apache_api
393include ::nova::cell_v2::simple_setup
394include ::nova::placement
395include ::nova::wsgi::apache_placement
396include ::nova::cron::archive_deleted_rows
397include ::nova::cron::purge_shadow_tables
398include ::nova::config
399include ::nova::conductor
400include ::nova::scheduler
401include ::nova::scheduler::filter
402include ::nova::compute
403
404class { '::neutron':
405 debug => hiera('debug'),
406}
407
408include ::neutron::server
409include ::neutron::server::notifications
410include ::neutron::quota
411include ::neutron::plugins::ml2
412include ::neutron::agents::dhcp
413include ::neutron::agents::l3
414include ::neutron::plugins::ml2::networking_baremetal
415include ::neutron::agents::ml2::networking_baremetal
416include ::neutron::config
417
418# Make sure ironic endpoint exists before starting the service
419Keystone_endpoint <||> -> Service['ironic-neutron-agent']
420
421class { '::neutron::agents::ml2::ovs':
422 bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
423}
424
425neutron_config {
426 'DEFAULT/notification_driver': value => 'messaging';
427}
428
429# swift proxy
430include ::memcached
431include ::swift::proxy
432include ::swift::ringbuilder
433include ::swift::proxy::proxy_logging
434include ::swift::proxy::healthcheck
435include ::swift::proxy::bulk
436include ::swift::proxy::cache
437include ::swift::proxy::keystone
438include ::swift::proxy::authtoken
439include ::swift::proxy::staticweb
440include ::swift::proxy::copy
441include ::swift::proxy::slo
442include ::swift::proxy::dlo
443include ::swift::proxy::versioned_writes
444include ::swift::proxy::ratelimit
445include ::swift::proxy::catch_errors
446include ::swift::proxy::tempurl
447include ::swift::proxy::formpost
448include ::swift::objectexpirer
449include ::swift::config
450
451# swift storage
452class { '::swift::storage::all':
453 mount_check => str2bool(hiera('swift_mount_check')),
454 allow_versions => true,
455}
456if(!defined(File['/srv/node'])) {
457 file { '/srv/node':
458 ensure => directory,
459 owner => 'swift',
460 group => 'swift',
461 require => Package['swift'],
462 }
463}
464# This is no longer automatically created by Swift itself
465file { '/srv/node/1':
466 ensure => directory,
467 owner => 'swift',
468 group => 'swift',
469 require => File['/srv/node'],
470}
471$swift_components = ['account', 'container', 'object']
472swift::storage::filter::recon { $swift_components : }
473swift::storage::filter::healthcheck { $swift_components : }
474
475$controller_host = hiera('controller_host_wrapped')
476ring_object_device { "${controller_host}:6000/1":
477 zone => 1,
478 weight => 1,
479}
480Ring_object_device<||> ~> Service['swift-proxy-server']
481ring_container_device { "${controller_host}:6001/1":
482 zone => 1,
483 weight => 1,
484}
485Ring_container_device<||> ~> Service['swift-proxy-server']
486ring_account_device { "${controller_host}:6002/1":
487 zone => 1,
488 weight => 1,
489}
490Ring_account_device<||> ~> Service['swift-proxy-server']
491
492# Ensure rsyslog catches up change in /etc/rsyslog.d and forwards logs
493exec { 'restart rsyslog':
494 command => '/bin/systemctl restart rsyslog',
495}
496
497# Apache
498include ::apache
499
500# Heat
501class { '::heat':
502 debug => hiera('debug'),
503 keystone_ec2_uri => join([hiera('keystone_auth_uri'), '/ec2tokens']),
504 enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
505 heat_clients_endpoint_type => hiera('heat_clients_endpoint_type', 'internal'),
506}
507include ::heat::api
508include ::heat::wsgi::apache_api
509include ::heat::api_cfn
510include ::heat::wsgi::apache_api_cfn
511include ::heat::engine
512include ::heat::keystone::domain
513include ::heat::cron::purge_deleted
514include ::heat::cors
515include ::heat::config
516
517include ::keystone::roles::admin
518
519include ::nova::compute::ironic
520include ::nova::network::neutron
521include ::nova::cors
522
523# Ironic
524
525include ::ironic
526include ::ironic::api
527include ::ironic::wsgi::apache
528include ::ironic::conductor
529include ::ironic::drivers::ansible
530include ::ironic::drivers::drac
531include ::ironic::drivers::ilo
532include ::ironic::drivers::inspector
533include ::ironic::drivers::interfaces
534include ::ironic::drivers::ipmi
535include ::ironic::drivers::pxe
536include ::ironic::drivers::redfish
537include ::ironic::drivers::staging
538include ::ironic::glance
539include ::ironic::inspector
540include ::ironic::inspector::cors
541include ::ironic::inspector::pxe_filter
542include ::ironic::inspector::pxe_filter::dnsmasq
543include ::ironic::neutron
544include ::ironic::pxe
545include ::ironic::service_catalog
546include ::ironic::swift
547include ::ironic::cors
548include ::ironic::config
549
550Keystone_endpoint<||> -> Service['ironic-inspector']
551
552# https://bugs.launchpad.net/tripleo/+bug/1663273
553Keystone_endpoint <||> -> Service['nova-compute']
554Keystone_service <||> -> Service['nova-compute']
555
556# This is a workaround for a race between nova-compute and ironic
557# conductor. When https://bugs.launchpad.net/tripleo/+bug/1777608 is
558# fixed this can be removed. Currently we wait 1 minutes for the
559# ironic conductor service to be ready. As puppet can order thing its
560# own way and be slow (especially in CI env) we can have services
561# started at more than one minute appart, hence the need for it.
562Service[$::ironic::params::conductor_service] -> Service[$::nova::params::compute_service_name]
563
564if str2bool(hiera('enable_tempest', true)) {
565 # tempest
566 package{'openstack-tempest': }
567 # needed for /bin/subunit-2to1 (called by run_tempest.sh)
568 package{'subunit-filters': }
569}
570
571# Ensure dm thin-pool is never activated. This avoids an issue
572# where the instack host (in this case on a VM) was crashing due to
573# activation of the docker thin-pool associated with the atomic host.
574augeas { 'lvm.conf':
575 require => Package['nova-compute'],
576 context => '/files/etc/lvm/lvm.conf/devices/dict/',
577 changes => 'set global_filter/list/1/str "r|^/dev/disk/by-path/ip.*iscsi.*\.org\.openstack:.*|"'
578}
579
580if str2bool(hiera('enable_docker_registry', true)) {
581 ensure_resource('group', 'docker', {
582 'ensure' => 'present',
583 })
584 ensure_resource('user', 'docker_user', {
585 'name' => hiera('tripleo_install_user'),
586 'groups' => 'docker',
587 'notify' => Service['docker'],
588 })
589 include ::tripleo::profile::base::docker_registry
590}
591
592include ::mistral
593$mistral_dsn = match(hiera('mistral::database_connection'), $re_dsn)
594class { '::mistral::db::mysql':
595 user => $mistral_dsn[1],
596 password => $mistral_dsn[2],
597 host => $mistral_dsn[3],
598 dbname => $mistral_dsn[4],
599 allowed_hosts => $allowed_hosts,
600}
601include ::mistral::keystone::auth
602include ::mistral::db::sync
603include ::mistral::api
604include ::mistral::engine
605ensure_resource('user', 'mistral', {
606 'name' => 'mistral',
607 'groups' => 'docker',
608})
609include ::mistral::executor
610include ::mistral::cors
611include ::mistral::cron_trigger
612include ::mistral::config
613
614# ensure TripleO common entrypoints for custom Mistral actions
615# are installed before performing the Mistral action population
616package {'openstack-tripleo-common': }
617Package['openstack-tripleo-common'] ~> Exec['mistral-db-populate']
618# If ironic inspector is not running, mistral-db-populate will have invalid
619# actions for it.
620Class['::ironic::inspector'] ~> Exec['mistral-db-populate']
621# db-populate calls inspectorclient, which will use the keystone endpoint to
622# check inspector's version. So that's needed before db-populate is executed.
623Class['::ironic::keystone::auth_inspector'] ~> Exec['mistral-db-populate']
624
625if str2bool(hiera('enable_ui', true)) {
626 include ::tripleo::ui
627}
628
629if str2bool(hiera('enable_validations', true)) {
630 include ::tripleo::profile::base::validations
631}
632
633include ::zaqar
634$zaqar_dsn = match(hiera('zaqar::management::sqlalchemy::uri'), $re_dsn)
635class { '::zaqar::db::mysql':
636 user => $zaqar_dsn[1],
637 password => $zaqar_dsn[2],
638 host => $zaqar_dsn[3],
639 dbname => $zaqar_dsn[4],
640 allowed_hosts => $allowed_hosts,
641}
642include ::zaqar::db::sync
643include ::zaqar::management::sqlalchemy
644include ::zaqar::messaging::swift
645include ::zaqar::keystone::auth
646include ::zaqar::keystone::auth_websocket
647include ::zaqar::transport::websocket
648include ::zaqar::transport::wsgi
649
650include ::zaqar::server
651include ::zaqar::wsgi::apache
652include ::zaqar::config
653
654zaqar::server_instance{ '1':
655 transport => 'websocket'
656}
657
658if str2bool(hiera('enable_cinder', true)) {
659 $cinder_dsn = match(hiera('cinder::database_connection'), $re_dsn)
660 class { '::cinder::db::mysql':
661 user => $cinder_dsn[1],
662 password => $cinder_dsn[2],
663 host => $cinder_dsn[3],
664 dbname => $cinder_dsn[4],
665 allowed_hosts => $allowed_hosts,
666 }
667 include ::cinder::keystone::auth
668
669 include ::cinder
670 include ::cinder::api
671 include ::cinder::cron::db_purge
672 include ::cinder::config
673 include ::cinder::glance
674 include ::cinder::scheduler
675 include ::cinder::volume
676 include ::cinder::wsgi::apache
677
678 $cinder_backend_name = hiera('cinder_backend_name')
679 cinder::backend::iscsi { $cinder_backend_name:
680 iscsi_ip_address => hiera('cinder_iscsi_address'),
681 iscsi_helper => 'lioadm',
682 iscsi_protocol => 'iscsi'
683 }
684
685 include ::cinder::backends
686
687 if str2bool(hiera('cinder_enable_test_volume', false)) {
688 include ::cinder::setup_test_volume
689 }
690}
691
692# firewalld is a dependency of some anaconda packages, so we need to use purge
693# to ensure all the things that it might be a dependency for are also
694# removed. See LP#1669915
695ensure_resource('package', 'firewalld', {
696 'ensure' => 'purged',
697})
698ensure_resource('package', 'openstack-selinux')
699ensure_resource('package', 'parted')
700ensure_resource('package', 'psmisc')
701
702include ::tripleo::profile::base::sshd
703
704# Swift is using only a single replica on the undercloud. Therefore recovering
705# from a corrupted or lost object is not possible, and running replicators and
706# auditors only wastes resources.
707$needless_services = [
708 'swift-account-auditor',
709 'swift-account-replicator',
710 'swift-container-auditor',
711 'swift-container-replicator',
712 'swift-object-auditor',
713 'swift-object-replicator']
714
715Service[$needless_services] {
716 enable => false,
717 ensure => stopped,
718}
719
720# novajoin install
721if str2bool(hiera('enable_novajoin', false)) {
722 include ::nova::metadata::novajoin::auth
723 include ::nova::metadata::novajoin::api
724}
725
726# Any special handling that need to be done during the upgrade.
727if str2bool($::undercloud_upgrade) {
728 # Noop
729}
diff --git a/elements/puppet-stack-config/puppet-stack-config.yaml.template b/elements/puppet-stack-config/puppet-stack-config.yaml.template
deleted file mode 100644
index 756dfac..0000000
--- a/elements/puppet-stack-config/puppet-stack-config.yaml.template
+++ /dev/null
@@ -1,1049 +0,0 @@
1keystone_identity_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_ADMIN}}
2keystone_auth_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v3
3keystone_region: 'regionOne'
4keystone_default_domain: 'Default'
5
6debug: {{UNDERCLOUD_DEBUG}}
7controller_host: {{LOCAL_IP}} #local-ipv4
8#local-ipv4 similar to the same hiera key in the overcloud
9ctlplane: {{LOCAL_IP}}
10controller_host_wrapped: "{{LOCAL_IP_WRAPPED}}"
11controller_admin_host: {{UNDERCLOUD_ADMIN_HOST}}
12controller_public_host: {{UNDERCLOUD_PUBLIC_HOST}}
13{{#UNDERCLOUD_NTP_SERVERS}}
14ntp::servers: {{UNDERCLOUD_NTP_SERVERS}}
15{{/UNDERCLOUD_NTP_SERVERS}}
16
17sysctl_settings: {{SYSCTL_SETTINGS}}
18
19# SSL
20tripleo::haproxy::service_certificate: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
21generate_service_certificates: {{GENERATE_SERVICE_CERTIFICATE}}
22{{#GENERATE_SERVICE_CERTIFICATE}}
23tripleo::profile::base::haproxy::certificates_specs:
24 undercloud-haproxy-public:
25 service_pem: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
26 service_certificate: '/etc/pki/tls/certs/undercloud-front.crt'
27 service_key: '/etc/pki/tls/private/undercloud-front.key'
28 hostname: "%{hiera('controller_public_host')}"
29 postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' {{UNDERCLOUD_SERVICE_CERTIFICATE}} undercloud-haproxy-public-cert"
30 principal: {{SERVICE_PRINCIPAL}}
31{{/GENERATE_SERVICE_CERTIFICATE}}
32
33# CA defaults
34certmonger_ca: {{CERTIFICATE_GENERATION_CA}}
35
36# Common Hiera data gets applied to all nodes
37ssh::server::storeconfigs_enabled: false
38
39# memcached
40memcached::max_memory: '50%'
41memcached::verbosity: 'v'
42memcached::disable_cachedump: true
43memcached::listen_ip: '127.0.0.1'
44memcached::udp_port: 0
45
46# Apache
47apache::server_signature: 'Off'
48apache::server_tokens: 'Prod'
49
50# ceilometer settings used by compute and controller ceilo auth settings
51ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}"
52aodh::auth::auth_region: "%{hiera('keystone_region')}"
53ceilometer::agent::auth::auth_tenant_name: 'service'
54aodh::auth::auth_tenant_name: 'service'
55ceilometer::agent::auth::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
56aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}"
57
58# Swift
59swift::proxy::proxy_local_net_ip: {{LOCAL_IP}}
60swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
61swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
62swift::proxy::node_timeout: 60
63swift::proxy::workers: "%{::os_workers}"
64swift::proxy::log_facility: LOG_LOCAL2
65swift::storage::all::storage_local_net_ip: {{LOCAL_IP}}
66swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
67swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
68swift::swift_hash_path_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}}
69swift::proxy::account_autocreate: true
70swift::proxy::authtoken::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
71swift::keystone::auth::tenant: 'service'
72swift::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_SWIFT_PUBLIC}}
73swift::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_SWIFT_INTERNAL}}
74swift::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_SWIFT_ADMIN}}
75swift::keystone::auth::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
76swift::keystone::auth::region: "%{hiera('keystone_region')}"
77swift::keystone::auth::configure_s3_endpoint: false
78swift::keystone::auth::operator_roles:
79 - admin
80 - swiftoperator
81swift_mount_check: false
82swift::ringbuilder::replicas: 1
83swift::ringbuilder::part_power: 10
84swift::ringbuilder::min_part_hours: 1
85
86swift::proxy::pipeline:
87 - 'catch_errors'
88 - 'healthcheck'
89 - 'proxy-logging'
90 - 'cache'
91 - 'ratelimit'
92 - 'bulk'
93 - 'tempurl'
94 - 'formpost'
95 - 'authtoken'
96 - 'keystone'
97 - 'staticweb'
98 - 'copy'
99 - 'slo'
100 - 'dlo'
101 - 'versioned_writes'
102 - 'proxy-logging'
103 - 'proxy-server'
104
105# Glance
106glance::api::debug: "%{hiera('debug')}"
107glance::api::bind_port: 9292
108glance::api::bind_host: {{LOCAL_IP}}
109glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
110glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
111glance::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
112glance::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
113glance::api::registry_host: {{LOCAL_IP}}
114glance::api::authtoken::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
115glance::api::workers: "%{::os_workers}"
116glance::api::stores:
117 - glance.store.filesystem.Store
118 - glance.store.swift.Store
119glance::api::default_store: 'glance.store.swift.Store'
120glance::api::pipeline: 'keystone'
121# used to construct glance_api_servers
122glance_log_file: ''
123glance::api::database_connection: mysql+pymysql://glance:{{UNDERCLOUD_GLANCE_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/glance
124glance::api::enable_v1_api: false
125glance::api::enable_v2_api: true
126glance::keystone::auth::tenant: 'service'
127glance::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}}
128glance::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
129glance::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GLANCE_ADMIN}}
130glance::keystone::auth::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
131glance::keystone::auth::region: "%{hiera('keystone_region')}"
132glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}"
133glance::backend::swift::swift_store_auth_version: 3
134glance::backend::swift::swift_store_user: service:glance
135glance::backend::swift::swift_store_key: {{UNDERCLOUD_GLANCE_PASSWORD}}
136glance::backend::swift::swift_store_create_container_on_put: true
137glance::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
138glance::registry::debug: "%{hiera('debug')}"
139
140# Heat
141heat::debug: "%{hiera('debug')}"
142heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
143heat::engine::configure_delegated_roles: false
144heat::engine::heat_stack_user_role: 'heat_stack_user'
145heat::engine::heat_watch_server_url: http://{{LOCAL_IP_WRAPPED}}:8003
146heat::engine::heat_metadata_server_url: http://{{LOCAL_IP_WRAPPED}}:8000
147heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP_WRAPPED}}:8000/v1/waitcondition
148heat::engine::reauthentication_auth_method: 'trusts'
149heat::engine::trusts_delegated_roles: []
150heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}}
151heat::engine::max_resources_per_stack: -1
152heat::engine::convergence_engine: true
153heat::engine::num_engine_workers: "%{::os_workers_heat_engine}"
154heat::engine::max_nested_stack_depth: 7
155heat::instance_user: heat-admin
156heat::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
157heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
158heat::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
159heat::keystone::authtoken::password: {{UNDERCLOUD_HEAT_PASSWORD}}
160heat::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
161heat::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
162heat::keystone::domain::domain_name: 'heat_stack'
163heat::keystone::domain::domain_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
164heat::api::bind_host: {{LOCAL_IP}}
165heat::api::workers: "%{::os_workers}"
166heat::api::service_name: 'httpd'
167heat::api_cfn::bind_host: {{LOCAL_IP}}
168heat::api_cfn::workers: "%{::os_workers}"
169heat::api_cfn::service_name: 'httpd'
170heat::wsgi::apache_api::ssl: false
171heat::wsgi::apache_api::bind_host: {{LOCAL_IP}}
172heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}"
173heat::wsgi::apache_api_cfn::ssl: false
174heat::wsgi::apache_api_cfn::bind_host: {{LOCAL_IP}}
175heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}"
176heat::database_connection: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/heat
177heat_dsn: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/heat
178heat::rpc_response_timeout: 600
179heat::keystone::auth::tenant: 'service'
180heat::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_PUBLIC}}
181heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}}
182heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}}
183heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}}
184heat::keystone::auth::region: "%{hiera('keystone_region')}"
185heat::keystone::auth_cfn::tenant: 'service'
186heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}"
187heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}}
188heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}}
189heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}}
190heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}}
191heat::cron::purge_deleted::age: 1
192heat::cron::purge_deleted::age_type: 'days'
193heat::cron::purge_deleted::destination: '/dev/null'
194heat::notification_driver: 'messaging'
195heat::yaql_memory_quota: 100000
196heat::yaql_limit_iterators: 1000
197heat::max_json_body_size: 4194304
198
199# Keystone
200keystone::debug: "%{hiera('debug')}"
201keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}}
202keystone::admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
203keystone::admin_workers: "%{::os_workers}"
204keystone::public_workers: "%{::os_workers}"
205keystone::public_bind_host: {{LOCAL_IP}}
206keystone::admin_bind_host: {{LOCAL_IP}}
207keystone::public_endpoint: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
208keystone::service_name: 'httpd'
209keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}'
210keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}'
211keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}'
212keystone::database_connection: mysql+pymysql://keystone:{{UNDERCLOUD_ADMIN_TOKEN}}@{{LOCAL_IP_WRAPPED}}/keystone
213keystone::cron::token_flush::destination: '/dev/null'
214keystone::roles::admin::password: {{UNDERCLOUD_ADMIN_PASSWORD}}
215keystone::roles::admin::email: 'root@localhost'
216keystone::roles::admin::admin_tenant: 'admin'
217keystone::roles::admin::service_tenant: 'service'
218keystone::token_expiration: 14400
219keystone::endpoint::public_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
220keystone::endpoint::internal_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
221keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
222keystone::endpoint::region: "%{hiera('keystone_region')}"
223keystone::endpoint::version: ''
224keystone::wsgi::apache::ssl: false
225keystone::wsgi::apache::bind_host: {{LOCAL_IP}}
226keystone::notification_driver: messaging
227keystone::notification_topics: notifications
228keystone::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
229keystone::enable_credential_setup: true
230keystone::fernet_max_active_keys: 2
231
232# MySQL
233admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
234enable_galera: true
235mysql_max_connections: '4096'
236tripleo::profile::base::database::mysql::step: 2
237tripleo::profile::base::database::mysql::manage_resources: true
238tripleo::profile::base::database::mysql::remove_default_accounts: true
239tripleo::profile::base::database::mysql::mysql_server_options:
240 'mysqld':
241 bind-address: "%{hiera('controller_host')}"
242 innodb_file_per_table: 'ON'
243 connect_timeout: 60
244mysql::server::restart: true
245mysql::server::root_password: {{UNDERCLOUD_DB_PASSWORD}}
246
247# Neutron
248neutron::debug: "%{hiera('debug')}"
249neutron::bind_host: {{LOCAL_IP}}
250neutron::core_plugin: ml2
251neutron::service_plugins: ['router', 'segments']
252neutron::dhcp_agents_per_network: 2
253neutron::dns_domain: {{OVERCLOUD_DOMAIN_NAME}}
254neutron::server::api_workers: "%{::os_workers}"
255neutron::server::rpc_workers: "%{::os_workers}"
256neutron::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
257neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
258neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
259neutron::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
260neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
261neutron::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
262neutron::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
263neutron::server::database_connection: mysql+pymysql://neutron:{{UNDERCLOUD_NEUTRON_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/neutron
264neutron::server::sync_db: true
265neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}}
266neutron::plugins::ml2::mechanism_drivers: ['openvswitch', 'baremetal']
267neutron_bridge_mappings: ctlplane:br-ctlplane
268neutron_public_interface: {{LOCAL_INTERFACE}}
269neutron_physical_bridge: br-ctlplane
270neutron::global_physnet_mtu: {{LOCAL_MTU}}
271neutron::keystone::authtoken::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
272neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
273neutron::agents::metadata::metadata_workers: "%{::os_workers}"
274neutron::quota::quota_port: -1
275neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}"
276neutron::server::notifications::tenant_name: service
277neutron::server::notifications::password: {{UNDERCLOUD_NOVA_PASSWORD}}
278neutron::keystone::auth::tenant: 'service'
279neutron::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
280neutron::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_INTERNAL}}
281neutron::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_ADMIN}}
282neutron::keystone::auth::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
283neutron::keystone::auth::region: "%{hiera('keystone_region')}"
284neutron::plugins::ml2::extension_drivers: 'port_security'
285neutron::agents::ml2::networking_baremetal::user: 'ironic'
286neutron::agents::ml2::networking_baremetal::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
287neutron::agents::ml2::networking_baremetal::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
288neutron::agents::ml2::networking_baremetal::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
289neutron::agents::ml2::networking_baremetal::user_domain_name: "%{hiera('keystone_default_domain')}"
290neutron::agents::ml2::networking_baremetal::project_domain_name: "%{hiera('keystone_default_domain')}"
291neutron::agents::ml2::networking_baremetal::region_name: "%{hiera('keystone_region')}"
292
293# Ceilometer
294ceilometer::debug: "%{hiera('debug')}"
295ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}}
296ceilometer::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
297ceilometer::keystone::authtoken::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
298ceilometer::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
299ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
300ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
301ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
302ceilometer::db::database_connection: mysql+pymysql://ceilometer:{{UNDERCLOUD_CEILOMETER_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ceilometer
303ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
304ceilometer_compute_agent: ''
305ceilometer::snmpd_readonly_username: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}}
306ceilometer::snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}
307ceilometer::keystone::auth::tenant: 'service'
308ceilometer::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_PUBLIC}}
309ceilometer::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_INTERNAL}}
310ceilometer::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_ADMIN}}
311ceilometer::keystone::auth::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
312ceilometer::keystone::auth::region: "%{hiera('keystone_region')}"
313ceilometer::dispatcher::gnocchi::url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
314ceilometer::dispatcher::gnocchi::filter_project: 'service'
315ceilometer::dispatcher::gnocchi::archive_policy: 'low'
316ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
317
318# events dispatcher config
319ceilometer::agent::notification::event_pipeline_publishers: ['gnocchi://', 'panko://']
320ceilometer::agent::notification::manage_event_pipeline: true
321
322# Aodh
323aodh::debug: "%{hiera('debug')}"
324aodh::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
325aodh::api::host: {{LOCAL_IP}}
326aodh::keystone::authtoken::password: {{UNDERCLOUD_AODH_PASSWORD}}
327aodh::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
328aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
329ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
330ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
331aodh::api::service_name: 'httpd'
332aodh::wsgi::apache::ssl: false
333aodh::wsgi::apache::bind_host: {{LOCAL_IP}}
334aodh::db::database_connection: mysql+pymysql://aodh:{{UNDERCLOUD_AODH_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/aodh
335aodh::auth::auth_password: {{UNDERCLOUD_AODH_PASSWORD}}
336aodh::keystone::auth::tenant: 'service'
337aodh::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_AODH_PUBLIC}}
338aodh::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_AODH_INTERNAL}}
339aodh::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_AODH_ADMIN}}
340aodh::keystone::auth::password: {{UNDERCLOUD_AODH_PASSWORD}}
341aodh::keystone::auth::region: "%{hiera('keystone_region')}"
342
343
344# Gnocchi
345gnocchi::debug: "%{hiera('debug')}"
346gnocchi_backend: 'file'
347gnocchi::wsgi::apache::ssl: false
348gnocchi::wsgi::apache::bind_host: {{LOCAL_IP}}
349gnocchi::api::service_name: 'httpd'
350gnocchi::api::host: {{LOCAL_IP}}
351gnocchi::keystone::authtoken::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
352gnocchi::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
353gnocchi::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
354gnocchi::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
355gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
356gnocchi::keystone::auth::tenant: 'service'
357gnocchi::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}
358gnocchi::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
359gnocchi::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_ADMIN}}
360gnocchi::keystone::auth::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
361gnocchi::keystone::auth::region: "%{hiera('keystone_region')}"
362gnocchi::db::mysql::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
363gnocchi::db::database_connection: mysql+pymysql://gnocchi:{{UNDERCLOUD_GNOCCHI_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/gnocchi
364gnocchi::storage::swift::swift_user: 'service:gnocchi'
365gnocchi::storage::swift::swift_auth_version: 2
366gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}"
367gnocchi::storage::swift::swift_key: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
368#Gnocchi statsd
369gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
370gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
371gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
372gnocchi::statsd::flush_delay: 10
373gnocchi::statsd::archive_policy_name: 'low'
374gnocchi_healthcheck_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}/healthcheck
375
376# Panko
377panko::logging::debug: "%{hiera('debug')}"
378panko::wsgi::apache::ssl: false
379panko::wsgi::apache::bind_host: {{LOCAL_IP}}
380panko::api::service_name: 'httpd'
381panko::api::host: {{LOCAL_IP}}
382panko::db::mysql::password: {{UNDERCLOUD_PANKO_PASSWORD}}
383panko::db::database_connection: mysql+pymysql://panko:{{UNDERCLOUD_PANKO_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/panko
384panko::keystone::authtoken::password: {{UNDERCLOUD_PANKO_PASSWORD}}
385panko::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
386panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
387panko::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
388panko::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
389panko::keystone::auth::tenant: 'service'
390panko::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_PANKO_PUBLIC}}
391panko::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_PANKO_INTERNAL}}
392panko::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_PANKO_ADMIN}}
393panko::keystone::auth::password: {{UNDERCLOUD_PANKO_PASSWORD}}
394panko::keystone::auth::region: "%{hiera('keystone_region')}"
395panko::keystone::authtoken::project_name: 'service'
396
397# Nova
398nova::debug: "%{hiera('debug')}"
399nova::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
400nova::notification_driver: messaging
401nova::rpc_response_timeout: '600'
402nova::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
403nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
404nova::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
405nova::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
406nova::api::service_name: 'httpd'
407nova::api::api_bind_address: {{LOCAL_IP}}
408nova::api::enabled: true
409nova::api::metadata_listen: {{LOCAL_IP}}
410nova::keystone::authtoken::password: {{UNDERCLOUD_NOVA_PASSWORD}}
411nova::api::enabled_apis:
412 - metadata
413nova::api::sync_db_api: true
414nova::api::osapi_compute_workers: "%{::os_workers}"
415nova::api::metadata_workers: "%{::os_workers}"
416nova::wsgi::apache_api::ssl: false
417nova::wsgi::apache_api::bind_host: {{LOCAL_IP}}
418nova::wsgi::apache_placement::ssl: false
419nova::wsgi::apache_placement::bind_host: {{LOCAL_IP}}
420nova::wsgi::apache_placement::api_port: '8778'
421nova::placement::auth_url: "%{hiera('keystone_identity_uri')}"
422nova::placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
423nova::placement::project_name: 'service'
424nova::placement::os_region_name: "%{hiera('keystone_region')}"
425nova::conductor::enabled: true
426nova::conductor::workers: "%{::os_workers}"
427nova::database_connection: mysql+pymysql://nova:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova
428nova::api_database_connection: mysql+pymysql://nova_api:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova_api
429nova::placement_database_connection: mysql+pymysql://nova_placement:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova_placement
430nova::notify_on_state_change: 'vm_and_task_state'
431nova::scheduler::enabled: true
432nova::network::neutron::dhcp_domain: ''
433nova::compute::force_config_drive: true
434nova::compute::reserved_host_memory: '0'
435nova::compute::vnc_enabled: false
436nova::compute::instance_usage_audit: true
437nova::compute::instance_usage_audit_period: 'hour'
438nova::compute::consecutive_build_service_disable_threshold: 0
439nova::cron::archive_deleted_rows::destination: '/dev/null'
440nova::compute::sync_power_state_interval: -1
441
442nova::ironic::common::username: 'ironic'
443nova::ironic::common::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
444nova::ironic::common::project_name: 'service'
445nova::ironic::common::api_endpoint: "{{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}/v1"
446nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}"
447
448nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}"
449nova::network::neutron::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
450nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}"
451nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}"
452nova::network::neutron::neutron_region_name: ''
453
454nova::ram_allocation_ratio: '1.0'
455nova::scheduler::filter::scheduler_max_attempts: {{SCHEDULER_MAX_ATTEMPTS}}
456nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters']
457nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
458
459nova::keystone::auth::tenant: 'service'
460nova::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NOVA_PUBLIC}}
461nova::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NOVA_INTERNAL}}
462nova::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NOVA_ADMIN}}
463nova::keystone::auth::password: {{UNDERCLOUD_NOVA_PASSWORD}}
464nova::keystone::auth::region: "%{hiera('keystone_region')}"
465nova::keystone::auth::configure_ec2_endpoint: false
466
467nova::keystone::auth_placement::tenant: 'service'
468nova::keystone::auth_placement::public_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_PUBLIC}}
469nova::keystone::auth_placement::internal_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_INTERNAL}}
470nova::keystone::auth_placement::admin_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_ADMIN}}
471nova::keystone::auth_placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
472nova::keystone::auth_placement::region: "%{hiera('keystone_region')}"
473
474nova::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
475
476# NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only.
477# There is no way this should take 15 minutes and if it does we now have way
478# different problems. But rather than block undercloud installs let's increase
479# the timeout for these actions. See LP#1661396 for more details.
480nova::db::sync::db_sync_timeout: 900
481nova::db::sync_api::db_sync_timeout: 900
482
483# Ironic
484ironic::debug: "%{hiera('debug')}"
485ironic::my_ip: {{LOCAL_IP}}
486ironic::db_online_data_migrations: true
487# TODO(dtantsur): remove when support for classic drivers is removed
488ironic::db::online_data_migrations::migration_params: "--option migrate_to_hardware_types.reset_unsupported_interfaces=true"
489ironic::rpc_response_timeout: 600
490ironic::api::authtoken::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
491ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
492ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
493ironic::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
494ironic::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
495ironic::api::host_ip: {{LOCAL_IP}}
496ironic::api::service_name: 'httpd'
497ironic::api::workers: "%{::os_workers}"
498ironic::wsgi::apache::ssl: false
499ironic::wsgi::apache::bind_host: {{LOCAL_IP}}
500ironic::pxe::tftp_bind_host: {{LOCAL_IP}}
501ironic::database_connection: mysql+pymysql://ironic:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ironic
502ironic::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
503ironic::drivers::inspector::enabled: true
504ironic::drivers::inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
505ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}"
506ironic::drivers::inspector::user_domain_name: "%{hiera('keystone_default_domain')}"
507ironic::drivers::inspector::project_domain_name: "%{hiera('keystone_default_domain')}"
508ironic::glance::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
509ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}"
510ironic::neutron::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
511ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}"
512ironic::service_catalog::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
513ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}"
514ironic::swift::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
515ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}"
516# Ironic conductor forces deployments to use http
517# https://bugs.launchpad.net/tripleo/+bug/1613088
518ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
519ironic::conductor::force_power_state_during_sync: false
520ironic::conductor::automated_clean: {{CLEAN_NODES}}
521ironic::conductor::cleaning_disk_erase: 'metadata'
522ironic::conductor::cleaning_network: 'ctlplane'
523ironic::conductor::provisioning_network: 'ctlplane'
524ironic::conductor::default_boot_option: 'local'
525ironic::conductor::enabled_hardware_types: {{ENABLED_HARDWARE_TYPES}}
526ironic::drivers::interfaces::default_inspect_interface: inspector
527ironic::drivers::interfaces::enabled_boot_interfaces: {{ENABLED_BOOT_INTERFACES}}
528ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat']
529ironic::drivers::interfaces::enabled_deploy_interfaces: ['iscsi', 'direct', 'ansible']
530ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector']
531ironic::drivers::interfaces::enabled_management_interfaces: {{ENABLED_MANAGEMENT_INTERFACES}}
532ironic::drivers::interfaces::enabled_power_interfaces: {{ENABLED_POWER_INTERFACES}}
533ironic::drivers::interfaces::enabled_raid_interfaces: {{ENABLED_RAID_INTERFACES}}
534ironic::drivers::interfaces::enabled_vendor_interfaces: {{ENABLED_VENDOR_INTERFACES}}
535
536# Make sure new nodes default to 'baremetal' resource class
537ironic::default_resource_class: 'baremetal'
538
539ironic::keystone::auth::tenant: 'service'
540ironic::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}
541ironic::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
542ironic::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_ADMIN}}
543ironic::keystone::auth::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
544ironic::keystone::auth::region: "%{hiera('keystone_region')}"
545
546ironic::keystone::auth_inspector::tenant: 'service'
547ironic::keystone::auth_inspector::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_PUBLIC}}
548ironic::keystone::auth_inspector::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
549ironic::keystone::auth_inspector::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_ADMIN}}
550ironic::keystone::auth_inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
551ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}"
552
553# Ironic Inspector
554ironic::inspector::listen_address: {{LOCAL_IP}}
555ironic::inspector::debug: "%{hiera('debug')}"
556{{#IPXE_ENABLED}}
557ironic::inspector::pxe_transfer_protocol: 'http'
558{{/IPXE_ENABLED}}
559ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
560ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
561ironic::inspector::authtoken::username: 'ironic'
562ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}"
563ironic::inspector::authtoken::project_name: 'service'
564ironic::inspector::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
565ironic::inspector::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
566ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ironic-inspector
567ironic::inspector::keep_ports: 'added'
568ironic::inspector::ironic_username: 'ironic'
569ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}"
570ironic::inspector::ironic_tenant_name: 'service'
571ironic::inspector::ironic_project_domain_name: 'Default'
572ironic::inspector::ironic_user_domain_name: 'Default'
573ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}"
574ironic::inspector::ironic_max_retries: 6
575ironic::inspector::ironic_retry_interval: 10
576ironic::inspector::store_data: 'swift'
577ironic::inspector::swift_username: 'ironic'
578ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}"
579ironic::inspector::swift_tenant_name: 'service'
580ironic::inspector::swift_project_domain_name: 'Default'
581ironic::inspector::swift_user_domain_name: 'Default'
582ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}"
583ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
584ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
585ironic::inspector::dnsmasq_ip_subnets: {{{INSPECTION_SUBNETS}}}
586ironic::inspector::pxe_filter::driver: dnsmasq
587ironic::inspector::pxe_filter::dnsmasq::dnsmasq_start_command: 'systemctl start openstack-ironic-inspector-dnsmasq.service'
588ironic::inspector::pxe_filter::dnsmasq::dnsmasq_stop_command: 'systemctl stop openstack-ironic-inspector-dnsmasq.service'
589ironic::inspector::dnsmasq_dhcp_hostsdir: '/var/lib/ironic-inspector/dhcp-hostsdir'
590ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
591ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
592ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}
593ironic::inspector::ipxe_timeout: 60
594ironic::inspector::node_not_found_hook: {{INSPECTION_NODE_NOT_FOUND_HOOK}}
595ironic::inspector::discovery_default_driver: {{DISCOVERY_DEFAULT_DRIVER}}
596ironic::inspector::detect_boot_mode: true
597
598# Ironic PXE driver
599ironic::drivers::pxe::ipxe_timeout: 60
600
601# Ironic deploy utils
602ironic_ipxe_port: 8088
603ironic::conductor::http_url: "http://{{LOCAL_IP_WRAPPED}}:%{hiera('ironic_ipxe_port')}"
604ironic::conductor::http_boot: '/httpboot'
605ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}"
606
607# Ironic pxe
608ironic::drivers::pxe::ipxe_enabled: {{IPXE_ENABLED}}
609# NOTE(dtantsur): UEFI only works with iPXE currently for us
610ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
611ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
612
613# Ironic agent
614ironic::drivers::agent::deploy_logs_collect: 'always'
615ironic::drivers::agent::deploy_logs_storage_backend: 'local'
616ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
617
618# Ironic power and management drivers tuning
619ironic::drivers::ilo::default_boot_mode: 'bios'
620
621# Customisations for ppc64le
622{{#ENABLE_ARCHITECTURE_PPC64LE}}
623ironic::pxe::enable_ppc64le: true
624ironic::inspector::enable_ppc64le: true
625ironic::conductor::power_state_change_timeout: 60
626ironic::drivers::ipmi::command_retry_timeout: 120
627ironic::drivers::ipmi::min_command_interval: 15
628{{/ENABLE_ARCHITECTURE_PPC64LE}}
629
630# Rabbit
631rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}}
632rabbitmq::delete_guest_user: false
633rabbitmq::node_ip_address: {{LOCAL_IP}}
634rabbitmq::management_ip_address: {{LOCAL_IP}}
635rabbitmq::package_source: undef
636rabbitmq::port: 5672
637rabbitmq::repos_ensure: false
638rabbitmq::wipe_db_on_cookie_change: true
639rabbitmq::default_user: {{UNDERCLOUD_RABBIT_USERNAME}}
640rabbitmq::default_pass: {{UNDERCLOUD_RABBIT_PASSWORD}}
641
642# Horizon
643horizon::django_debug: "%{hiera('debug')}"
644horizon_secret_key: {{UNDERCLOUD_HORIZON_SECRET_KEY}}
645horizon::allowed_hosts:
646 - "%{::fqdn}"
647 - "{{LOCAL_IP}}"
648horizon::wsgi::apache::priority: 10
649horizon::openstack_endpoint_type: internalURL
650
651# Mistral
652mistral::debug: "%{hiera('debug')}"
653mistral::api::bind_host: {{LOCAL_IP}}
654mistral::api::api_workers: "%{::os_workers}"
655mistral::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
656mistral::database_connection: mysql+pymysql://mistral:{{UNDERCLOUD_MISTRAL_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/mistral
657mistral::rpc_backend: rabbit
658mistral::rpc_response_timeout: 120
659mistral::cron_trigger::execution_interval: 600
660mistral::keystone::authtoken::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
661mistral::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
662mistral::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
663mistral::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
664mistral::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
665
666mistral::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_PUBLIC}}
667mistral::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_INTERNAL}}
668mistral::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_ADMIN}}
669mistral::keystone::auth::region: "%{hiera('keystone_region')}"
670mistral::keystone::auth::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
671mistral::keystone::auth::tenant: 'service'
672mistral::engine::older_than: 2880
673mistral::engine::evaluation_interval: 120
674mistral::engine::execution_field_size_limit_kb: 16384
675
676# Zaqar
677zaqar::keystone::authtoken::project_name: 'service'
678zaqar::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
679zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
680zaqar::keystone::authtoken::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
681zaqar::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
682zaqar::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
683zaqar::keystone::auth::tenant: 'service'
684zaqar::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_PUBLIC}}
685zaqar::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_INTERNAL}}
686zaqar::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_ADMIN}}
687zaqar::keystone::auth::region: "%{hiera('keystone_region')}"
688zaqar::keystone::auth::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
689zaqar::keystone::auth::roles:
690 - admin
691 - ResellerAdmin
692zaqar::keystone::auth_websocket::tenant: 'service'
693zaqar::keystone::auth_websocket::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_PUBLIC}}
694zaqar::keystone::auth_websocket::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_INTERNAL}}
695zaqar::keystone::auth_websocket::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_ADMIN}}
696zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}"
697zaqar::keystone::auth_websocket::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
698zaqar::server::service_name: 'httpd'
699zaqar::unreliable: true
700zaqar::transport::websocket::bind: {{LOCAL_IP}}
701zaqar::transport::websocket::notification_bind: {{LOCAL_IP}}
702zaqar::wsgi::apache::bind_host: {{LOCAL_IP}}
703zaqar::wsgi::apache::ssl: false
704zaqar::message_store: swift
705zaqar::management_store: sqlalchemy
706zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/zaqar
707zaqar::messaging::swift::uri: swift://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@/service
708zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}"
709zaqar::message_pipeline: 'zaqar.notification.notifier'
710zaqar::max_messages_post_size: 1048576
711
712# Cinder
713cinder::debug: "%{hiera('debug')}"
714cinder_backend_name: 'undercloud_iscsi'
715cinder_enable_test_volume: false
716cinder_iscsi_address: {{LOCAL_IP}}
717cinder::api::enable_proxy_headers_parsing: true
718cinder::api::service_name: 'httpd'
719cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
720cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"]
721cinder::cron::db_purge::destination: "/dev/null"
722cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/cinder
723cinder::db::database_db_max_retries: -1
724cinder::db::database_max_retries: -1
725cinder::debug: "%{hiera('debug')}"
726cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
727cinder::keystone::auth::tenant: 'service'
728cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}}
729cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}}
730cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}}
731cinder::keystone::auth::public_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_PUBLIC}}
732cinder::keystone::auth::internal_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_INTERNAL}}
733cinder::keystone::auth::admin_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_ADMIN}}
734cinder::keystone::auth::public_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_PUBLIC}}
735cinder::keystone::auth::internal_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_INTERNAL}}
736cinder::keystone::auth::admin_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_ADMIN}}
737cinder::keystone::auth::region: "%{hiera('keystone_region')}"
738cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}}
739cinder::keystone::authtoken::project_name: 'service'
740cinder::keystone::authtoken::www_authenticate_uri: "%{hiera('keystone_auth_uri')}"
741cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
742cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}}
743cinder::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
744cinder::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
745cinder::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
746cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
747cinder::setup_test_volume::size: '10280M'
748cinder::wsgi::apache::bind_host: {{LOCAL_IP}}
749cinder::wsgi::apache::ssl: false
750cinder::wsgi::apache::workers: "%{::os_workers}"
751
752# HAproxy
753tripleo::profile::base::haproxy::step: 1
754tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}}
755tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}"
756tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}"
757tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}"
758tripleo::haproxy::public_virtual_interface: 'br-ctlplane'
759tripleo::haproxy::keystone_admin: true
760tripleo::haproxy::keystone_public: true
761tripleo::haproxy::neutron: true
762tripleo::haproxy::glance_api: true
763tripleo::haproxy::glance_registry: true
764tripleo::haproxy::nova_osapi: true
765tripleo::haproxy::nova_placement: true
766tripleo::haproxy::nova_metadata: true
767tripleo::haproxy::swift_proxy_server: true
768tripleo::haproxy::heat_api: true
769tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}"
770tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}"
771tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}"
772tripleo::haproxy::panko: "%{hiera('enable_telemetry')}"
773tripleo::haproxy::ironic: true
774tripleo::haproxy::ironic_inspector: true
775tripleo::haproxy::rabbitmq: true
776tripleo::haproxy::mistral: true
777tripleo::haproxy::zaqar_api: true
778tripleo::haproxy::zaqar_ws: true
779tripleo::haproxy::docker_registry: true
780
781# Docker
782tripleo::profile::base::docker::step: 1
783# Undercloud should not have --iptables=false by default hence this override (LP#1709325)
784tripleo::profile::base::docker::docker_options: '--log-driver=journald --signature-verification=false'
785{{#DOCKER_REGISTRY_MIRROR}}
786tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
787{{/DOCKER_REGISTRY_MIRROR}}
788tripleo::profile::base::docker::debug: "%{hiera('debug')}"
789tripleo::profile::base::docker::insecure_registries: {{DOCKER_INSECURE_REGISTRIES}}
790
791# Keepalived
792tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
793tripleo::keepalived::control_virtual_interface: 'br-ctlplane'
794tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}"
795tripleo::keepalived::public_virtual_interface: 'br-ctlplane'
796tripleo::keepalived::virtual_router_id_base: 40
797
798# UI
799keystone::cors::allowed_origin: '*'
800nova::cors::allowed_origin: '*'
801nova::cors::max_age: 3600
802nova::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
803nova::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
804nova::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
805ironic::cors::allowed_origin: '*'
806ironic::cors::max_age: 3600
807ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
808ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
809ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
810ironic::inspector::cors::allowed_origin: '*'
811ironic::inspector::cors::max_age: 3600
812ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
813ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
814ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
815heat::cors::allowed_origin: '*'
816heat::cors::max_age: 3600
817heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
818heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
819mistral::cors::allowed_origin: '*'
820mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
821mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
822swift::proxy::cors_allow_origin: '*'
823tripleo::ui::endpoint_proxy_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_PROXY_INTERNAL}}
824tripleo::ui::endpoint_proxy_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
825tripleo::ui::endpoint_proxy_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_PROXY_INTERNAL}}
826tripleo::ui::endpoint_proxy_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
827tripleo::ui::endpoint_proxy_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
828tripleo::ui::endpoint_proxy_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_PROXY_INTERNAL}}
829tripleo::ui::endpoint_proxy_nova: {{UNDERCLOUD_ENDPOINT_NOVA_UI_PROXY_INTERNAL}}
830tripleo::ui::endpoint_proxy_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_PROXY_INTERNAL}}
831tripleo::ui::endpoint_config_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_CONFIG_PUBLIC}}
832tripleo::ui::endpoint_config_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_UI_CONFIG_PUBLIC}}
833tripleo::ui::endpoint_config_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_CONFIG_PUBLIC}}
834tripleo::ui::endpoint_config_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}}
835tripleo::ui::endpoint_config_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_UI_CONFIG_PUBLIC}}
836tripleo::ui::endpoint_config_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_CONFIG_PUBLIC}}
837tripleo::ui::endpoint_config_nova: {{UNDERCLOUD_ENDPOINT_NOVA_UI_CONFIG_PUBLIC}}
838tripleo::ui::endpoint_config_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_CONFIG_PUBLIC}}
839
840# service tenant
841ceilometer::keystone::authtoken::project_name: 'service'
842aodh::keystone::authtoken::project_name: 'service'
843gnocchi::keystone::authtoken::project_name: 'service'
844cinder::keystone::authtoken::project_name: 'service'
845heat::keystone::authtoken::project_name: 'service'
846glance::api::authtoken::project_name: 'service'
847glance::registry::authtoken::project_name: 'service'
848ironic::api::authtoken::project_name: 'service'
849ironic::drivers::inspector::project_name: 'service'
850ironic::glance::project_name: 'service'
851ironic::neutron::project_name: 'service'
852ironic::service_catalog::project_name: 'service'
853ironic::swift::project_name: 'service'
854nova::keystone::authtoken::project_name: 'service'
855swift::proxy::authtoken::project_name: 'service'
856mistral::keystone::authtoken::project_name: 'service'
857
858swift::proxy::workers: "%{::os_workers}"
859# Options
860enable_tempest: {{ENABLE_TEMPEST}}
861enable_validations: {{ENABLE_VALIDATIONS}}
862enable_telemetry: {{ENABLE_TELEMETRY}}
863enable_ui: {{ENABLE_UI}}
864enable_cinder: {{ENABLE_CINDER}}
865enable_container_images_build: {{ENABLE_CONTAINER_IMAGES_BUILD}}
866
867# Path to install configuration files
868tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
869tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
870tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
871
872# Novajoin
873{{#ENABLE_NOVAJOIN}}
874novajoin_listen_port: 9090
875nova::metadata::novajoin::api::bind_address: "{{LOCAL_IP}}"
876nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port')}"
877nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
878nova::metadata::novajoin::api::service_password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
879nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
880nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
881nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
882nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
883nova::metadata::novajoin::authtoken::project_name: 'service'
884nova::metadata::novajoin::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
885nova::metadata::novajoin::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
886nova::metadata::novajoin::auth::tenant: 'service'
887nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
888nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
889ipaclient::password: {{IPA_OTP}}
890ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
891enable_novajoin: true
892nova::api::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json'
893nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
894nova::api::vendordata_dynamic_targets: ["join@http://{{LOCAL_IP}}:%{hiera('novajoin_listen_port')}/v1/"]
895nova::api::vendordata_dynamic_failure_fatal: true
896nova::api::vendordata_dynamic_auth_auth_type: 'password'
897nova::api::vendordata_dynamic_auth_auth_url: "%{hiera('keystone_auth_uri')}"
898nova::api::vendordata_dynamic_auth_os_region_name: "%{hiera('keystone_region')}"
899nova::api::vendordata_dynamic_auth_username: 'nova'
900nova::api::vendordata_dynamic_auth_project_name: 'service'
901nova::api::vendordata_dynamic_auth_project_domain_name: 'Default'
902nova::api::vendordata_dynamic_auth_user_domain_name: 'Default'
903nova::api::vendordata_dynamic_auth_password: {{UNDERCLOUD_NOVA_PASSWORD}}
904nova::api::vendordata_dynamic_connect_timeout: 30
905nova::api::vendordata_dynamic_read_timeout: 30
906nova::notification_topics: ['notifications', 'novajoin_notifications']
907nova::notify_on_state_change: 'vm_state'
908{{/ENABLE_NOVAJOIN}}
909
910# Firewall
911tripleo::firewall::manage_firewall: true
912tripleo::firewall::firewall_rules:
913 '105 ntp':
914 dport: 123
915 proto: udp
916 '106 vrrp':
917 proto: vrrp
918 '107 haproxy stats':
919 dport: 1993
920 '108 redis':
921 dport:
922 - 6379
923 - 26379
924 '110 ceph':
925 dport:
926 - 6789
927 - '6800-6810'
928 '111 keystone':
929 dport:
930 - 5000
931 - 13000
932 - 35357
933 - 13357
934 '112 glance':
935 dport:
936 - 9292
937 - 9191
938 - 13292
939 '113 nova':
940 dport:
941 - 6080
942 - 13080
943 - 8773
944 - 13773
945 - 8774
946 - 13774
947 - 8778
948 - 13778
949 - 8775
950 - 13775
951 '114 neutron server':
952 dport:
953 - 9696
954 - 13696
955 '115 neutron dhcp input':
956 proto: 'udp'
957 dport: 67
958 '116 neutron dhcp output':
959 proto: 'udp'
960 chain: 'OUTPUT'
961 dport: 68
962 '118 neutron vxlan networks':
963 proto: 'udp'
964 dport: 4789
965 '119 cinder':
966 dport:
967 - 8776
968 - 13776
969 '120 iscsi initiator':
970 dport: 3260
971 '121 memcached':
972 dport: 11211
973 proto: tcp
974 source: '127.0.0.1'
975 '122 swift proxy':
976 dport:
977 - 8080
978 - 13808
979 '123 swift storage':
980 dport:
981 - 873
982 - 6000
983 - 6001
984 - 6002
985 '125 heat':
986 dport:
987 - 8000
988 - 13800
989 - 8003
990 - 13003
991 - 8004
992 - 13004
993 '126 horizon':
994 dport:
995 - 80
996 - 443
997 '127 snmp':
998 dport: 161
999 proto: 'udp'
1000 '128 aodh':
1001 dport:
1002 - 8042
1003 - 13042
1004 '129 gnocchi-api':
1005 dport:
1006 - 8041
1007 - 13041
1008 '130 tftp':
1009 dport: 69
1010 proto: udp
1011 '131 novnc':
1012 dport: 5900-5999
1013 proto: tcp
1014 '132 mistral':
1015 dport:
1016 - 8989
1017 - 13989
1018 '133 zaqar':
1019 dport:
1020 - 8888
1021 - 13888
1022 '134 zaqar websockets':
1023 dport: 9000
1024 '135 ironic':
1025 dport:
1026 - 6385
1027 - 13385
1028 '136 trove':
1029 dport:
1030 - 8779
1031 - 13779
1032 '137 ironic-inspector':
1033 dport: 5050
1034 '138 docker registry':
1035 dport:
1036 - 8787
1037 - 13787
1038 '139 apache vhost':
1039 dport: "%{hiera('ironic_ipxe_port')}"
1040 # 140 network cidr nat rules
1041 {{SUBNETS_CIDR_NAT_RULES}}
1042 '142 tripleo-ui':
1043 dport:
1044 - 3000
1045 - 443
1046 '143 panko-api':
1047 dport:
1048 - 8977
1049 - 13977
diff --git a/elements/undercloud-install/element-provides b/elements/undercloud-install/element-provides
deleted file mode 100644
index a72e049..0000000
--- a/elements/undercloud-install/element-provides
+++ /dev/null
@@ -1 +0,0 @@
1operating-system
diff --git a/elements/undercloud-install/os-apply-config/etc/os-net-config/config.json b/elements/undercloud-install/os-apply-config/etc/os-net-config/config.json
deleted file mode 100644
index e6f6540..0000000
--- a/elements/undercloud-install/os-apply-config/etc/os-net-config/config.json
+++ /dev/null
@@ -1,3 +0,0 @@
1{{#os_net_config}}
2{{.}}
3{{/os_net_config}}
diff --git a/elements/undercloud-install/os-apply-config/root/stackrc b/elements/undercloud-install/os-apply-config/root/stackrc
deleted file mode 100644
index 4e51fa6..0000000
--- a/elements/undercloud-install/os-apply-config/root/stackrc
+++ /dev/null
@@ -1,46 +0,0 @@
1# Clear any old environment that may conflict.
2for key in $( set | awk '{FS="="} /^OS_/ {print $1}' ); do unset $key ; done
3NOVA_VERSION=1.1
4export NOVA_VERSION
5OS_PASSWORD={{admin_password}}
6export OS_PASSWORD
7OS_AUTH_TYPE=password
8export OS_AUTH_TYPE
9{{#service_certificate}}
10OS_AUTH_URL=https://{{public_host}}:13000/
11PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available"
12export OS_AUTH_URL
13export PYTHONWARNINGS
14{{/service_certificate}}
15{{^service_certificate}}
16OS_AUTH_URL=http://{{local-ip-wrapped}}:5000/
17export OS_AUTH_URL
18{{/service_certificate}}
19OS_USERNAME=admin
20OS_PROJECT_NAME=admin
21COMPUTE_API_VERSION=1.1
22# 1.34 is the latest API version in Ironic Pike supported by ironicclient
23IRONIC_API_VERSION=1.34
24OS_BAREMETAL_API_VERSION=$IRONIC_API_VERSION
25OS_NO_CACHE=True
26OS_CLOUDNAME=undercloud
27export OS_USERNAME
28export OS_PROJECT_NAME
29export COMPUTE_API_VERSION
30export IRONIC_API_VERSION
31export OS_BAREMETAL_API_VERSION
32export OS_NO_CACHE
33export OS_CLOUDNAME
34OS_IDENTITY_API_VERSION='3'
35export OS_IDENTITY_API_VERSION
36OS_PROJECT_DOMAIN_NAME='Default'
37export OS_PROJECT_DOMAIN_NAME
38OS_USER_DOMAIN_NAME='Default'
39export OS_USER_DOMAIN_NAME
40
41# Add OS_CLOUDNAME to PS1
42if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then
43 export PS1=${PS1:-""}
44 export PS1=\${OS_CLOUDNAME:+"(\$OS_CLOUDNAME)"}\ $PS1
45 export CLOUDPROMPT_ENABLED=1
46fi
diff --git a/elements/undercloud-install/os-apply-config/root/stackrc.oac b/elements/undercloud-install/os-apply-config/root/stackrc.oac
deleted file mode 100644
index f2c9e8a..0000000
--- a/elements/undercloud-install/os-apply-config/root/stackrc.oac
+++ /dev/null
@@ -1 +0,0 @@
1mode: 0600
diff --git a/elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords b/elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords
deleted file mode 100644
index a7cc2c8..0000000
--- a/elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords
+++ /dev/null
@@ -1,24 +0,0 @@
1UNDERCLOUD_ADMIN_PASSWORD=$(sudo hiera admin_password)
2UNDERCLOUD_ADMIN_TOKEN=$(sudo hiera keystone::admin_token)
3UNDERCLOUD_CEILOMETER_METERING_SECRET=$(sudo hiera ceilometer::metering_secret)
4UNDERCLOUD_CEILOMETER_PASSWORD=$(sudo hiera ceilometer::keystone::authtoken::password)
5UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD=$(sudo hiera snmpd_readonly_user_password)
6UNDERCLOUD_CEILOMETER_SNMPD_USER=$(sudo hiera snmpd_readonly_user_name)
7UNDERCLOUD_DB_PASSWORD=$(sudo hiera admin_password)
8UNDERCLOUD_GLANCE_PASSWORD=$(sudo hiera glance::api::keystone_password)
9UNDERCLOUD_HAPROXY_STATS_PASSWORD=$(sudo hiera tripleo::haproxy::haproxy_stats_password)
10UNDERCLOUD_HEAT_ENCRYPTION_KEY=$(sudo hiera heat::engine::auth_encryption_key)
11UNDERCLOUD_HEAT_PASSWORD=$(sudo hiera heat::keystone_password)
12UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD=$(sudo hiera heat_stack_domain_admin_password)
13UNDERCLOUD_HORIZON_SECRET_KEY=$(sudo hiera horizon_secret_key)
14UNDERCLOUD_IRONIC_PASSWORD=$(sudo hiera ironic::api::authtoken::password)
15UNDERCLOUD_NEUTRON_PASSWORD=$(sudo hiera neutron::server::auth_password)
16UNDERCLOUD_NOVA_PASSWORD=$(sudo hiera nova::keystone::authtoken::password)
17UNDERCLOUD_RABBIT_COOKIE=$(sudo hiera rabbit_cookie)
18UNDERCLOUD_RABBIT_PASSWORD=$(sudo hiera rabbit_password)
19UNDERCLOUD_RABBIT_USERNAME=$(sudo hiera rabbit_username)
20UNDERCLOUD_SWIFT_HASH_SUFFIX=$(sudo hiera swift::swift_hash_suffix)
21UNDERCLOUD_SWIFT_PASSWORD=$(sudo hiera swift::proxy::authtoken::admin_password)
22UNDERCLOUD_MISTRAL_PASSWORD=$(sudo hiera mistral::admin_password)
23UNDERCLOUD_ZAQAR_PASSWORD=$(sudo hiera zaqar::keystone::authtoken::password)
24UNDERCLOUD_CINDER_PASSWORD=$(sudo hiera cinder::keystone::authtoken::password)
diff --git a/elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords.oac b/elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords.oac
deleted file mode 100644
index f2c9e8a..0000000
--- a/elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords.oac
+++ /dev/null
@@ -1 +0,0 @@
1mode: 0600
diff --git a/elements/undercloud-install/os-apply-config/var/opt/undercloud-stack/masquerade b/elements/undercloud-install/os-apply-config/var/opt/undercloud-stack/masquerade
deleted file mode 100644
index 88e33d9..0000000
--- a/elements/undercloud-install/os-apply-config/var/opt/undercloud-stack/masquerade
+++ /dev/null
@@ -1,29 +0,0 @@
1# In case this script crashed or was interrupted earlier, flush, unlink and
2# delete the temp chain.
3IPTCOMMAND=iptables
4if [[ {{local-ip}} =~ : ]] ; then
5 IPTCOMMAND=ip6tables
6fi
7$IPTCOMMAND -w -t nat -F BOOTSTACK_MASQ_NEW || true
8$IPTCOMMAND -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ_NEW || true
9$IPTCOMMAND -w -t nat -X BOOTSTACK_MASQ_NEW || true
10$IPTCOMMAND -w -t nat -N BOOTSTACK_MASQ_NEW
11# Build the chain we want.
12{{#masquerade_networks}}
13NETWORK={{.}}
14NETWORKS={{#masquerade_networks}}{{.}},{{/masquerade_networks}}
15# Shell substitution to remove the traling comma
16NETWORKS=${NETWORKS%?}
17$IPTCOMMAND -w -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK -d $NETWORKS -j RETURN
18$IPTCOMMAND -w -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK -j MASQUERADE
19{{/masquerade_networks}}
20# Link it in.
21$IPTCOMMAND -w -t nat -I POSTROUTING -j BOOTSTACK_MASQ_NEW
22# Delete the old chain if present.
23$IPTCOMMAND -w -t nat -F BOOTSTACK_MASQ || true
24$IPTCOMMAND -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ || true
25$IPTCOMMAND -w -t nat -X BOOTSTACK_MASQ || true
26# Rename the new chain into permanence.
27$IPTCOMMAND -w -t nat -E BOOTSTACK_MASQ_NEW BOOTSTACK_MASQ
28# remove forwarding rule (fixes bug 1183099)
29$IPTCOMMAND -w -D FORWARD -j REJECT --reject-with icmp-host-prohibited || true
diff --git a/elements/undercloud-install/os-refresh-config/configure.d/30-reload-keepalived b/elements/undercloud-install/os-refresh-config/configure.d/30-reload-keepalived
deleted file mode 100755
index 92ced25..0000000
--- a/elements/undercloud-install/os-refresh-config/configure.d/30-reload-keepalived
+++ /dev/null
@@ -1,11 +0,0 @@
1#!/bin/bash
2set -eux
3
4if systemctl is-enabled keepalived; then
5 # This needs to be run after os-net-config, since os-net-config potentially
6 # can restart network interfaces, which would affects VIPs controlled by
7 # keepalived. So don't just move this up without knowing the consequences.
8 # You have been warned.
9 systemctl reload keepalived
10fi
11
diff --git a/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade b/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade
deleted file mode 100755
index e414a92..0000000
--- a/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade
+++ /dev/null
@@ -1,41 +0,0 @@
1#!/bin/bash
2set -eux
3
4RULES_SCRIPT=/var/opt/undercloud-stack/masquerade
5
6. $RULES_SCRIPT
7
8iptables-save > /etc/sysconfig/iptables
9
10
11# We are specifically running the following commands after the
12# iptables rules to ensure the persisted file does not contain any
13# ephemeral neutron rules. Neutron assumes the iptables rules are not
14# persisted so it may cause an issue if the rule is loaded on boot
15# (or via iptables restart). If an operator needs to reload iptables
16# for any reason, they may need to manually reload the appropriate
17# neutron agent to restore these iptables rules.
18# https://bugzilla.redhat.com/show_bug.cgi?id=1541528
19if /bin/test -f /etc/sysconfig/iptables && /bin/grep -q neutron- /etc/sysconfig/iptables
20then
21 /bin/sed -i /neutron-/d /etc/sysconfig/iptables
22fi
23
24if /bin/test -f /etc/sysconfig/ip6tables && /bin/grep -q neutron- /etc/sysconfig/ip6tables
25then
26 /bin/sed -i /neutron-/d /etc/sysconfig/ip6tables
27fi
28
29
30# Do not persist ephemeral firewall rules managed by ironic-inspector
31# pxe_filter 'iptables' driver.
32# https://bugs.launchpad.net/tripleo/+bug/1765700
33if /bin/test -f /etc/sysconfig/iptables && /bin/grep -v "\-m comment \--comment" /etc/sysconfig/iptables | /bin/grep -q ironic-inspector
34then
35 /bin/sed -i "/-m comment --comment.*ironic-inspector/p;/ironic-inspector/d" /etc/sysconfig/iptables
36fi
37
38if /bin/test -f /etc/sysconfig/ip6tables && /bin/grep -v "\-m comment \--comment" /etc/sysconfig/ip6tables | /bin/grep -q ironic-inspector
39then
40 /bin/sed -i "/-m comment --comment.*ironic-inspector/p;/ironic-inspector/d" /etc/sysconfig/ip6tables
41fi
diff --git a/elements/undercloud-install/os-refresh-config/post-configure.d/98-undercloud-setup b/elements/undercloud-install/os-refresh-config/post-configure.d/98-undercloud-setup
deleted file mode 100755
index fca53aa..0000000
--- a/elements/undercloud-install/os-refresh-config/post-configure.d/98-undercloud-setup
+++ /dev/null
@@ -1,44 +0,0 @@
1#!/bin/bash
2
3set -eux
4
5source /root/tripleo-undercloud-passwords
6source /root/stackrc
7
8INSTACK_ROOT=${INSTACK_ROOT:-""}
9export INSTACK_ROOT
10if [ -n "$INSTACK_ROOT" ]; then
11 PATH=$PATH:$INSTACK_ROOT/instack-undercloud/scripts
12 export PATH
13fi
14
15if [ ! -f /root/.ssh/authorized_keys ]; then
16 sudo mkdir -p /root/.ssh
17 sudo chmod 7000 /root/.ssh/
18 sudo touch /root/.ssh/authorized_keys
19 sudo chmod 600 /root/.ssh/authorized_keys
20fi
21
22if [ ! -f /root/.ssh/id_rsa ]; then
23 ssh-keygen -b 1024 -N '' -f /root/.ssh/id_rsa
24fi
25
26cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
27
28if [ -e /usr/sbin/getenforce ]; then
29 if [ "$(getenforce)" == "Enforcing" ]; then
30 set +e
31 selinux_wrong_permission="$(find /root/.ssh/ -exec ls -lZ {} \; | grep -v 'ssh_home_t')"
32 set -e
33 if [ -n "${selinux_wrong_permission}" ]; then
34 semanage fcontext -a -t ssh_home_t '/root/.ssh(/.*)?'
35 restorecon -R /root/.ssh/
36 fi
37 fi
38fi
39
40# Disable nova quotas
41openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
42
43# instack-prepare-for-overcloud
44rm -rf $HOME/.novaclient
diff --git a/imagefactory/Makefile b/imagefactory/Makefile
deleted file mode 100644
index b157577..0000000
--- a/imagefactory/Makefile
+++ /dev/null
@@ -1,66 +0,0 @@
1utility-image:
2 imagefactory --debug base_image \
3 --file-parameter install_script \
4 utility_image.ks utility_image.tdl
5
6input-image:
7 imagefactory --debug base_image \
8 --file-parameter install_script \
9 input_image.ks input_image.tdl
10
11overcloud-images: overcloud-control overcloud-compute overcloud-cinder-volume overcloud-swift-storage deploy-ramdisk-ironic discovery-ramdisk
12
13overcloud-control:
14 imagefactory --debug \
15 target_image \
16 --id $(INPUT_IMAGE_ID) \
17 --parameter utility_image $(UTILITY_IMAGE_ID) \
18 --file-parameter utility_customizations dib_overcloud_control.tdl \
19 --parameter results_location "/overcloud-control.tar" indirection
20 tar -x -f $$(ls -1tr /var/lib/imagefactory/storage/*.body | tail -n 1)
21
22overcloud-compute:
23 imagefactory --debug \
24 target_image \
25 --id $(INPUT_IMAGE_ID) \
26 --parameter utility_image $(UTILITY_IMAGE_ID) \
27 --file-parameter utility_customizations dib_overcloud_compute.tdl \
28 --parameter results_location "/overcloud-compute.tar" indirection
29 tar -x -f $$(ls -1tr /var/lib/imagefactory/storage/*.body | tail -n 1)
30
31overcloud-cinder-volume:
32 imagefactory --debug \
33 target_image \
34 --id $(INPUT_IMAGE_ID) \
35 --parameter utility_image $(UTILITY_IMAGE_ID) \
36 --file-parameter utility_customizations dib_overcloud_cinder_volume.tdl \
37 --parameter results_location "/overcloud-cinder-volume.tar" indirection
38 tar -x -f $$(ls -1tr /var/lib/imagefactory/storage/*.body | tail -n 1)
39
40overcloud-swift-storage:
41 imagefactory --debug \
42 target_image \
43 --id $(INPUT_IMAGE_ID) \
44 --parameter utility_image $(UTILITY_IMAGE_ID) \
45 --file-parameter utility_customizations dib_overcloud_swift_storage.tdl \
46 --parameter results_location "/overcloud-swift-storage.tar" indirection
47 tar -x -f $$(ls -1tr /var/lib/imagefactory/storage/*.body | tail -n 1)
48
49deploy-ramdisk-ironic:
50 imagefactory --debug \
51 target_image \
52 --id $(INPUT_IMAGE_ID) \
53 --parameter utility_image $(UTILITY_IMAGE_ID) \
54 --file-parameter utility_customizations dib_deploy_ramdisk_ironic.tdl \
55 --parameter results_location "/deploy-ramdisk-ironic.tar" indirection
56 tar -x -f $$(ls -1tr /var/lib/imagefactory/storage/*.body | tail -n 1)
57
58discovery-ramdisk:
59 imagefactory --debug \
60 target_image \
61 --id $(INPUT_IMAGE_ID) \
62 --parameter utility_image $(UTILITY_IMAGE_ID) \
63 --file-parameter utility_customizations dib_discovery_ramdisk.tdl \
64 --parameter results_location "/discovery-ramdisk.tar" indirection
65 tar -x -f $$(ls -1tr /var/lib/imagefactory/storage/*.body | tail -n 1)
66
diff --git a/imagefactory/dib_deploy_ramdisk_ironic.tdl b/imagefactory/dib_deploy_ramdisk_ironic.tdl
deleted file mode 100644
index 35588ce..0000000
--- a/imagefactory/dib_deploy_ramdisk_ironic.tdl
+++ /dev/null
@@ -1,12 +0,0 @@
1<template>
2<commands>
3 <command name='mount'>mount /dev/vdb1 /mnt</command>
4 <command name='backup'>cp /etc/sudoers /etc/sudoers_backup</command>
5 <command name='pty'>sed 's/.*requiretty//g' /etc/sudoers_backup > /etc/sudoers</command>
6 <command name='convert'>qemu-img convert -O qcow2 /mnt/input_image.raw /mnt/input_image.qcow2</command>
7 <command name="localimage">export DIB_LOCAL_IMAGE=/mnt/input_image.qcow2
8instack-build-images deploy-ramdisk
9</command>
10<command name="tar">tar cf /mnt/deploy-ramdisk-ironic.tar deploy-ramdisk-ironic.initramfs deploy-ramdisk-ironic.kernel</command>
11</commands>
12</template>
diff --git a/imagefactory/dib_discovery_ramdisk.tdl b/imagefactory/dib_discovery_ramdisk.tdl
deleted file mode 100644
index 76fc453..0000000
--- a/imagefactory/dib_discovery_ramdisk.tdl
+++ /dev/null
@@ -1,12 +0,0 @@
1<template>
2<commands>
3 <command name='mount'>mount /dev/vdb1 /mnt</command>
4 <command name='backup'>cp /etc/sudoers /etc/sudoers_backup</command>
5 <command name='pty'>sed 's/.*requiretty//g' /etc/sudoers_backup > /etc/sudoers</command>
6 <command name='convert'>qemu-img convert -O qcow2 /mnt/input_image.raw /mnt/input_image.qcow2</command>
7 <command name="localimage">export DIB_LOCAL_IMAGE=/mnt/input_image.qcow2
8instack-build-images discovery-ramdisk
9</command>
10<command name="tar">tar cf /mnt/discovery-ramdisk.tar discovery-ramdisk.initramfs discovery-ramdisk.kernel</command>
11</commands>
12</template>
diff --git a/imagefactory/dib_overcloud_cinder_volume.tdl b/imagefactory/dib_overcloud_cinder_volume.tdl
deleted file mode 100644
index 5bd62f6..0000000
--- a/imagefactory/dib_overcloud_cinder_volume.tdl
+++ /dev/null
@@ -1,12 +0,0 @@
1<template>
2<commands>
3 <command name='mount'>mount /dev/vdb1 /mnt</command>
4 <command name='backup'>cp /etc/sudoers /etc/sudoers_backup</command>
5 <command name='pty'>sed 's/.*requiretty//g' /etc/sudoers_backup > /etc/sudoers</command>
6 <command name='convert'>qemu-img convert -O qcow2 /mnt/input_image.raw /mnt/input_image.qcow2</command>
7 <command name="localimage">export DIB_LOCAL_IMAGE=/mnt/input_image.qcow2
8instack-build-images overcloud-cinder-volume
9</command>
10<command name="tar">tar cf /mnt/overcloud-cinder-volume.tar overcloud-cinder-volume.qcow2 overcloud-cinder-volume.vmlinuz overcloud-cinder-volume.initrd</command>
11</commands>
12</template>
diff --git a/imagefactory/dib_overcloud_compute.tdl b/imagefactory/dib_overcloud_compute.tdl
deleted file mode 100644
index 7d66986..0000000
--- a/imagefactory/dib_overcloud_compute.tdl
+++ /dev/null
@@ -1,12 +0,0 @@
1<template>
2<commands>
3 <command name='mount'>mount /dev/vdb1 /mnt</command>
4 <command name='backup'>cp /etc/sudoers /etc/sudoers_backup</command>
5 <command name='pty'>sed 's/.*requiretty//g' /etc/sudoers_backup > /etc/sudoers</command>
6 <command name='convert'>qemu-img convert -O qcow2 /mnt/input_image.raw /mnt/input_image.qcow2</command>
7 <command name="localimage">export DIB_LOCAL_IMAGE=/mnt/input_image.qcow2
8instack-build-images overcloud-compute
9</command>
10<command name="tar">tar cf /mnt/overcloud-compute.tar overcloud-compute.qcow2 overcloud-compute.vmlinuz overcloud-compute.initrd</command>
11</commands>
12</template>
diff --git a/imagefactory/dib_overcloud_control.tdl b/imagefactory/dib_overcloud_control.tdl
deleted file mode 100644
index 03126a7..0000000
--- a/imagefactory/dib_overcloud_control.tdl
+++ /dev/null
@@ -1,12 +0,0 @@
1<template>
2<commands>
3 <command name='mount'>mount /dev/vdb1 /mnt</command>
4 <command name='backup'>cp /etc/sudoers /etc/sudoers_backup</command>
5 <command name='pty'>sed 's/.*requiretty//g' /etc/sudoers_backup > /etc/sudoers</command>
6 <command name='convert'>qemu-img convert -O qcow2 /mnt/input_image.raw /mnt/input_image.qcow2</command>
7 <command name="localimage">export DIB_LOCAL_IMAGE=/mnt/input_image.qcow2
8instack-build-images overcloud-control
9</command>
10<command name="tar">tar cf /mnt/overcloud-control.tar overcloud-control.qcow2 overcloud-control.vmlinuz overcloud-control.initrd</command>
11</commands>
12