RETIRED, Heat templates for deploying OpenStack

Go to file

Alan Bishop 692717bd46 Fix cinder and etcd running with internal TLS enabled The LP bug referenced below describes a number of issues when cinder tries to use etcd for its distributed lock manager with internal TLS enabled. This patch resolves issues related to generating and distributing etcd's cert and key files. - The etcd cert must contain a subject alternative name (SAN) for the etcd node's internal API IP address. This is necessary because etcd wants to use IP addresses (versus host names), and this requires the IP address be listed in the TLS certificate. - The cert and key files are generated on the host, and must be available to multiple services running in their respective containers. The cert and key files need to be bind mounted, and an ACL is required so the etcd and cinder services have permission to read the files. EnableEtcdInternalTLS, a workaround introduced in [1], still defaults to False. The default value can be switched to True after tripleo switches from using novajoin to the ansible tripleo-ipa role for registering nodes with the IdM service. [1] https://review.opendev.org/#/q/Iec0d02f8f51067098dd58beb4fe57a7fd5ab5651 Closes-Bug: #1869955 Depends-On: Ifa7452ec15b81f48d7e5fb1252f20b5af1dff95c Change-Id: I798d60818b214de9266226c8409b69525a951dd5 (cherry picked from commit `2fc1290c10`)		2020-05-11 14:00:12 -07:00
ci	Set Neutron's l3_ha flag to True in standalone ML2/OVS job	2020-04-28 23:23:57 +00:00
common	Merge "(train) manual backport of: update startup-configs with latest hashes" into stable/train	2020-05-02 08:34:10 +00:00
container_config_scripts	Tolerate NFS exports in /var/lib/nova when selinux relabelling	2020-03-31 13:41:55 +01:00
deployed-server	Revert "Remove panko"	2020-01-30 20:34:27 +00:00
deployment	Fix cinder and etcd running with internal TLS enabled	2020-05-11 14:00:12 -07:00
environments	Merge "[OVN] SRIOV with native OVN DHCP server" into stable/train	2020-04-24 16:52:19 +00:00
extraconfig	Fix krb-service-principals with service_net_map_replace	2020-02-24 19:41:32 +00:00
firstboot	Replace chronyc "waitsync" with "makestep"	2020-03-13 11:39:42 -04:00
network	ControlPlaneSubnetCidr in net_vip_map_external	2020-03-17 22:45:11 +00:00
plan-samples	Role specific derive parameters workflow parameter	2018-06-28 08:10:27 -04:00
puppet	Use lists for storing host entries in Heat	2020-04-01 06:42:24 +00:00
releasenotes	Merge "Support for PowerMax Cinder Backend" into stable/train	2020-04-21 15:57:04 +00:00
roles	Merge "[OVN] SRIOV with native OVN DHCP server" into stable/train	2020-04-24 16:52:19 +00:00
sample-env-generator	Add NovaCrossAZAttach parameter	2020-04-21 11:17:09 +01:00
scripts	Drop unused remnants of the hosts-config bits	2020-04-01 06:43:23 +00:00
tools	NodeDataLookup utility should rely on python env	2020-02-20 22:20:53 +00:00
tripleo_heat_templates	Enforce pep8/pyflakes rule on python codes	2019-09-05 15:40:46 +09:00
validation-scripts	Make comparisons case insensitive	2019-06-19 10:01:41 -06:00
zuul.d	tripleo-ci-centos-7-containerized-undercloud-upgrades -> NV	2020-05-07 09:57:48 +00:00
.gitignore	Remove mac_hostname & random_string	2019-07-18 19:10:31 +00:00
.gitreview	Update .gitreview for stable/train	2019-10-21 14:21:06 +00:00
.testr.conf	Improve nova statedir ownership logic	2018-07-09 17:07:30 +01:00
LICENSE	Add license file	2014-01-20 11:58:20 +01:00
README.rst	Revert "Remove panko"	2020-01-30 20:34:27 +00:00
all-nodes-validation.yaml	Optional ICMP validation of controllers and gateways	2019-01-28 17:18:27 +00:00
babel.cfg	Add release configuration.	2013-10-22 17:49:35 +01:00
bindep.txt	Tolerate NFS exports in /var/lib/nova when selinux relabelling	2020-03-31 13:41:55 +01:00
capabilities-map.yaml	Remove OpenDaylight templates and environments	2019-11-06 06:19:15 +00:00
config-download-software.yaml	Change template names to rocky	2018-05-09 08:28:42 +02:00
config-download-structured.yaml	Change template names to rocky	2018-05-09 08:28:42 +02:00
default_passwords.yaml	Change template names to rocky	2018-05-09 08:28:42 +02:00
j2_excludes.yaml	Remove ipv6 specific network templates	2017-08-31 13:12:17 -07:00
lower-constraints.txt	Enable paunch logging to its full extent	2019-03-22 11:42:12 +01:00
net-config-bond.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-bridge.j2.yaml	Add DNS related settings	2020-03-31 12:05:09 -05:00
net-config-linux-bridge.j2.yaml	Add DNS related settings	2020-03-31 12:05:09 -05:00
net-config-noop.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-standalone.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-static-bridge-with-external-dhcp.j2.yaml	Add DNS related settings	2020-03-31 12:05:09 -05:00
net-config-static-bridge.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-static.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-undercloud.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
network_data.yaml	Add external_resource_vip_id property to network_data.yaml	2019-03-25 10:48:40 -04:00
network_data_dashboard.yaml	Add a StorageDashboard network used by CephGrafana service	2019-08-30 19:16:47 +02:00
network_data_ganesha.yaml	Merge "Allow overlay tunnel endpoints on IPv6 address"	2019-01-10 21:13:19 +00:00
network_data_routed.yaml	Merge "Allow overlay tunnel endpoints on IPv6 address"	2019-01-10 21:13:19 +00:00
network_data_subnets_routed.yaml	L3 routed networks - data + env (1/3)	2018-12-30 19:24:29 +01:00
network_data_undercloud.yaml	Add network data for the undercloud	2019-01-21 19:35:37 +01:00
overcloud-resource-registry-puppet.j2.yaml	Support for PowerMax Cinder Backend	2020-04-20 10:29:52 -05:00
overcloud.j2.yaml	Introduce {{role.name}}ExtraGroupVars	2020-04-06 10:15:00 -04:00
plan-environment.yaml	Add name and description fields to plan-environment.yaml	2017-04-12 17:25:40 +02:00
requirements.txt	Enable paunch logging to its full extent	2019-03-22 11:42:12 +01:00
roles_data.yaml	Support for PowerMax Cinder Backend	2020-04-20 10:29:52 -05:00
roles_data_undercloud.yaml	Revert "Remove panko"	2020-01-30 20:34:27 +00:00
setup.cfg	Replace git.openstack.org URLs with opendev.org URLs	2019-06-26 02:43:46 +00:00
setup.py	Updated from global requirements	2017-03-28 13:03:01 +00:00
test-requirements.txt	Sync Sphinx requirement	2019-05-29 11:23:29 +08:00
tox.ini	Update TOX/UPPER_CONSTRAINTS_FILE for stable/train	2019-10-21 14:21:12 +00:00

README.rst

Team and repository tags

tripleo-heat-templates

Heat templates to deploy OpenStack using OpenStack.

Free software: Apache License (2.0)
Documentation: https://docs.openstack.org/tripleo-docs/latest/
Source: https://opendev.org/openstack/tripleo-heat-templates
Bugs: https://bugs.launchpad.net/tripleo
Release notes: https://docs.openstack.org/releasenotes/tripleo-heat-templates/

Features

The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:

Choice of deployment/configuration tooling: puppet, (soon) docker

Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage

physical network configuration: support for isolated networks, bonding, and standard ctlplane networking

Directories

A description of the directory layout in TripleO Heat Templates.

environments: contains heat environment files that can be used with -e

on the command like to enable features, etc.

extraconfig: templates used to enable 'extra' functionality. Includes

functionality for distro specific registration and upgrades.

firstboot: example first_boot scripts that can be used when initially

creating instances.

network: heat templates to help create isolated networks and ports

puppet: templates mostly driven by configuration with puppet. To use these

templates you can use the overcloud-resource-registry-puppet.yaml.

validation-scripts: validation scripts useful to all deployment

configurations

roles: example roles that can be used with the tripleoclient to generate

a roles_data.yaml for a deployment See the roles/README.rst for additional details.

Service testing matrix

The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:

-	scn000	scn001	scn002	scn003	scn004	scn006	scn007	scn009	scn010	non-ha	ovh-ha
keystone	X	X	X	X	X	X	X		X	X	X
glance		rbd	swift	file	rgw	file	file		rbd	file	file
cinder		rbd	iscsi
heat		X	X
ironic						X
mysql	X	X	X	X	X	X	X		X	X	X
neutron		ovn	ovn	ovn	ovn	ovn	ovs		ovn	ovn	ovn
neutron-bgpvpn					wip
ovn							X
neutron-l2gw					wip
om-rpc		rabbit	rabbit	amqp1	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit
om-notify		rabbit	rabbit	rabbit	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit
redis		X	X
haproxy		X	X	X	X	X	X		X	X	X
memcached		X	X	X	X	X	X		X	X	X
pacemaker		X	X	X	X	X	X		X	X	X
nova		qemu	qemu	qemu	qemu	ironic	qemu		qemu	qemu	qemu
ntp	X	X	X	X	X	X	X	X	X	X	X
snmp	X	X	X	X	X	X	X	X	X	X	X
timezone	X	X	X	X	X	X	X	X	X	X	X
sahara				X
mistral				X
swift			X
aodh		X	X
ceilometer		X	X
gnocchi		rbd	swift
panko		X	X
barbican			X
zaqar			X
ec2api			X
cephrgw					X
tacker							X
cephmds					X
manila					X
collectd		X
designate				X
octavia									X