# Summary of the feature set.
# Deploy an Openstack environment with ssl undercloud, introspect, and use network isolation
# Note: any change in this featureset must also be done in featureset035 and featureset053.

# This enables TLS for the undercloud which will also make haproxy bind to the
# configured public-vip and admin-vip.
undercloud_generate_service_certificate: true
ssl_overcloud: true
overcloud_templates_path: /usr/share/openstack-tripleo-heat-templates
undercloud_templates_path: /usr/share/openstack-tripleo-heat-templates
step_introspect: true

ctlplane_masquerade: true
undercloud_enable_routed_networks: true

undercloud_clean_nodes: true

undercloud_inspection_extras: false

undercloud_custom_env_files: "{{ working_dir }}/undercloud-parameter-defaults.yaml"
undercloud_cloud_domain: "localdomain"
undercloud_undercloud_hostname: "undercloud.{{ undercloud_cloud_domain }}"

# Tell tripleo about our environment.
enable_pacemaker: true
network_isolation: true
network_isolation_type: "multiple-nics"
network_isolation_args: >-
  {% if not release in ['train','ussuri','victoria'] -%}
  --networks-file {{ overcloud_templates_path }}/ci/network_data.yaml
  -e {{ working_dir }}/overcloud-networks-deployed.yaml
  -e {{ working_dir }}/overcloud-vips-deployed.yaml
  {% else %}
  -e {{ overcloud_templates_path }}/ci/environments/network/multiple-nics/network-isolation-absolute.yaml
  {% endif %}
  -e {{ overcloud_templates_path }}/ci/environments/network/multiple-nics/network-environment.yaml

# This featureset is extremely resource intensive, so we disable telemetry
# in order to reduce the overall memory footprint
# Disabled by default from ussuri
telemetry_args: >-
   {% if release in ['train'] %}
   -e {{ overcloud_templates_path }}/environments/disable-telemetry.yaml
   {% endif %}

extra_args: >-
   -e {{ overcloud_templates_path }}/ci/environments/ovb-ha.yaml
   {% if release not in ['train'] -%}
   --disable-validations
   {% endif %}
   -e {{ overcloud_templates_path }}/ci/environments/neutron_dns_domain.yaml
   {% if release not in ['train','wallaby'] %}
   -e {{ working_dir }}/ci_custom_firewall_rules.yaml
   {% endif %}
   {% if release not in ['train','ussuri','victoria'] and
   job is defined and
   job.enable_secure_rbac is defined and
   job.enable_secure_rbac|default(false)|bool or
   enable_secure_rbac|default(false)|bool -%}
   -e {{ overcloud_templates_path }}/environments/enable-secure-rbac.yaml
   {%- endif -%}

undercloud_ntp_servers: pool.ntp.org
# keep the doc gen settings at the bottom of the config file.
# options below direct automatic doc generation by tripleo-collect-logs
artcl_gen_docs: true
artcl_create_docs_payload:
  included_deployment_scripts:
    - undercloud-install
    - overcloud-custom-tht-script
    - overcloud-prep-containers
    - overcloud-prep-flavors
    - overcloud-prep-images
    - overcloud-prep-network
    - overcloud-deploy
    - overcloud-deploy-post
    - overcloud-validate
  included_static_docs:
    - env-setup-virt
  table_of_contents:
    - env-setup-virt
    - undercloud-install
    - overcloud-custom-tht-script
    - overcloud-prep-containers
    - overcloud-prep-flavors
    - overcloud-prep-images
    - overcloud-prep-network
    - overcloud-deploy
    - overcloud-deploy-post
    - overcloud-validate

deploy_steps_ansible_workflow: true

ephemeral_heat: "{{ (release not in ['train','ussuri','victoria']) | bool }}"
ephemeral_heat_args: "{{ '--heat-type pod' if ephemeral_heat|bool else '' }}"

# Tempest configuration, keep always at the end of the file
# Use the traditional ping test in newton, ocata and pike
# Run tempest in queens+
test_ping: false

use_os_tempest: true

# It will create a public network name 'public' using os_tempest
tempest_interface_name: public

# In order to have a public network with external connectivity, we need to use
# flat network type
tempest_public_net_provider_type: flat

# It is the physical network name through which public network will be created
# having connectivity with external world.
tempest_public_net_physical_name: datacentre

# Setting the tempest_cidr as it is required while creating public subnet from which
# floating IPs gets assigned
tempest_cidr: '10.0.0.0/24'

tempest_private_net_seg_id: ''

tempest_install_method: distro

# Having tempest_network_ping_gateway set to true allows to ping any of the IP from
# router to find out network related issue in the deployment early
tempest_network_ping_gateway: true

# It is the python-tempestconf profile which also consumes tempest-deployer-input file
tempest_tempestconf_profile:
  debug: true
  create: true
  deployer-input: "{{ ansible_user_dir }}/tempest-deployer-input.conf"
  os-cloud: "{{ tempest_cloud_name }}"
  out: "{{ tempest_workspace }}/etc/tempest.conf"
  network-id: "{{ tempest_neutron_public_network_id }}"
  overrides: "{{ tempest_tempest_conf_overrides | default({}) | combine(tempest_tempestconf_profile_overrides | default({}), recursive=True) }}"

tempest_tempest_conf_overrides:
  auth.use_dynamic_credentials: 'True'

tempest_allowed_group_check: "featureset001"
tempest_allowed_group_periodic: "featureset001_periodic"

tempest_allowed_group: >-
  {% if ('periodic' in zuul.pipeline and not job.force_non_periodic|default(false)|bool) or (job.force_periodic|default(false)|bool) or (job.component is defined) -%}
  {{ tempest_allowed_group_periodic }}
  {%- else -%}
  {{ tempest_allowed_group_check }}
  {%- endif -%}

tempest_run_concurrency: 4

tempest_extra_config: {'compute_feature_enabled.config_drive': 'True'}

# Run an undercloud without glance or nova
undercloud_enable_nova: >-
  {% if release in ['train'] -%}
  true
  {%- else -%}
  false
  {%- endif -%}
baremetal_provision: >-
  {% if release in ['train'] -%}
  false
  {%- else -%}
  true
  {%- endif -%}

# Provision composable networks prior to creating the heat stack
network_provision: >-
  {% if release in ['train','ussuri','victoria'] -%}
  false
  {%- else -%}
  true
  {%- endif -%}