openstack
/
tripleo-quickstart
Code Issues Proposed changes
tripleo-quickstart/config/general_config/featureset001.yml

175 lines
5.9 KiB
YAML
Raw Blame History

# Summary of the feature set.
# Deploy an Openstack environment with ssl undercloud, introspect, and use network isolation
# Note: any change in this featureset must also be done in featureset035 and featureset053.
# This enables TLS for the undercloud which will also make haproxy bind to the
# configured public-vip and admin-vip.
undercloud_generate_service_certificate: true
ssl_overcloud: true
overcloud_templates_path: /usr/share/openstack-tripleo-heat-templates
undercloud_templates_path: /usr/share/openstack-tripleo-heat-templates
step_introspect: true
ctlplane_masquerade: true
undercloud_enable_routed_networks: true
undercloud_clean_nodes: true
undercloud_inspection_extras: false
undercloud_custom_env_files: "{{ working_dir }}/undercloud-parameter-defaults.yaml"
undercloud_cloud_domain: "localdomain"
undercloud_undercloud_hostname: "undercloud.{{ undercloud_cloud_domain }}"
# Tell tripleo about our environment.
enable_pacemaker: true
network_isolation: true
network_isolation_type: "multiple-nics"
network_isolation_args: >-
{% if not release in ['train','ussuri','victoria'] -%}
--networks-file {{ overcloud_templates_path }}/ci/network_data.yaml
-e {{ working_dir }}/overcloud-networks-deployed.yaml
-e {{ working_dir }}/overcloud-vips-deployed.yaml
{% else %}
-e {{ overcloud_templates_path }}/ci/environments/network/multiple-nics/network-isolation-absolute.yaml
{% endif %}
-e {{ overcloud_templates_path }}/ci/environments/network/multiple-nics/network-environment.yaml
# This featureset is extremely resource intensive, so we disable telemetry
# in order to reduce the overall memory footprint
# Disabled by default from ussuri
telemetry_args: >-
{% if release in ['train'] %}
-e {{ overcloud_templates_path }}/environments/disable-telemetry.yaml
{% endif %}
extra_args: >-
-e {{ overcloud_templates_path }}/ci/environments/ovb-ha.yaml
{% if release not in ['train'] -%}
--disable-validations
{% endif %}
-e {{ overcloud_templates_path }}/ci/environments/neutron_dns_domain.yaml
{% if release not in ['train','wallaby'] %}
-e {{ working_dir }}/ci_custom_firewall_rules.yaml
{% endif %}
{% if release not in ['train','ussuri','victoria'] and
job is defined and
job.enable_secure_rbac is defined and
job.enable_secure_rbac|default(false)|bool or
enable_secure_rbac|default(false)|bool -%}
-e {{ overcloud_templates_path }}/environments/enable-secure-rbac.yaml
{%- endif -%}
undercloud_ntp_servers: pool.ntp.org
# keep the doc gen settings at the bottom of the config file.
# options below direct automatic doc generation by tripleo-collect-logs
artcl_gen_docs: true
artcl_create_docs_payload:
included_deployment_scripts:
- undercloud-install
- overcloud-custom-tht-script
- overcloud-prep-containers
- overcloud-prep-flavors
- overcloud-prep-images
- overcloud-prep-network
- overcloud-deploy
- overcloud-deploy-post
- overcloud-validate
included_static_docs:
- env-setup-virt
table_of_contents:
- env-setup-virt
- undercloud-install
- overcloud-custom-tht-script
- overcloud-prep-containers
- overcloud-prep-flavors
- overcloud-prep-images
- overcloud-prep-network
- overcloud-deploy
- overcloud-deploy-post
- overcloud-validate
deploy_steps_ansible_workflow: true
ephemeral_heat: "{{ (release not in ['train','ussuri','victoria']) | bool }}"
ephemeral_heat_args: "{{ '--heat-type pod' if ephemeral_heat|bool else '' }}"
# Tempest configuration, keep always at the end of the file
# Use the traditional ping test in newton, ocata and pike
# Run tempest in queens+
test_ping: false
use_os_tempest: true
# It will create a public network name 'public' using os_tempest
tempest_interface_name: public
# In order to have a public network with external connectivity, we need to use
# flat network type
tempest_public_net_provider_type: flat
# It is the physical network name through which public network will be created
# having connectivity with external world.
tempest_public_net_physical_name: datacentre
# Setting the tempest_cidr as it is required while creating public subnet from which
# floating IPs gets assigned
tempest_cidr: '10.0.0.0/24'
tempest_private_net_seg_id: ''
tempest_install_method: distro
# Having tempest_network_ping_gateway set to true allows to ping any of the IP from
# router to find out network related issue in the deployment early
tempest_network_ping_gateway: true
# It is the python-tempestconf profile which also consumes tempest-deployer-input file
tempest_tempestconf_profile:
debug: true
create: true
deployer-input: "{{ ansible_user_dir }}/tempest-deployer-input.conf"
os-cloud: "{{ tempest_cloud_name }}"
out: "{{ tempest_workspace }}/etc/tempest.conf"
network-id: "{{ tempest_neutron_public_network_id }}"
overrides: "{{ tempest_tempest_conf_overrides | default({}) | combine(tempest_tempestconf_profile_overrides | default({}), recursive=True) }}"
tempest_tempest_conf_overrides:
auth.use_dynamic_credentials: 'True'
tempest_allowed_group_check: "featureset001"
tempest_allowed_group_periodic: "featureset001_periodic"
tempest_allowed_group: >-
{% if ('periodic' in zuul.pipeline and not job.force_non_periodic|default(false)|bool) or (job.force_periodic|default(false)|bool) or (job.component is defined) -%}
{{ tempest_allowed_group_periodic }}
{%- else -%}
{{ tempest_allowed_group_check }}
{%- endif -%}
tempest_run_concurrency: 4
tempest_extra_config: {'compute_feature_enabled.config_drive': 'True'}
# Run an undercloud without glance or nova
undercloud_enable_nova: >-
{% if release in ['train'] -%}
true
{%- else -%}
false
{%- endif -%}
baremetal_provision: >-
{% if release in ['train'] -%}
false
{%- else -%}
true
{%- endif -%}
# Provision composable networks prior to creating the heat stack
network_provision: >-
{% if release in ['train','ussuri','victoria'] -%}
false
{%- else -%}
true
{%- endif -%}
View Git Blame Copy Permalink