diff --git a/hiera/neut_tun.ceph.murano.sahara.ceil-ceph-osd.yaml b/hiera/neut_tun.ceph.murano.sahara.ceil-ceph-osd.yaml index 918c504..a796def 100644 --- a/hiera/neut_tun.ceph.murano.sahara.ceil-ceph-osd.yaml +++ b/hiera/neut_tun.ceph.murano.sahara.ceil-ceph-osd.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: TVnuHRoSLlNkCmruAvQUG8pE - user_password: gzmU2q6Qit6gBglybKb7xFoF + db_password: OhQJSjJm0wVaH1Zf4Cdhuc64 + user_password: rXzOBwcFZP95JzXoI7vRmBkr +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: 3TCG1UOCgksu31d0jUllc1ih + db_password: f93xXvBvhlSYE3JepvR0H7hb enabled: true - metering_secret: M24o7ZnNHH1bEjPAcMBGGkQs - user_password: pfhRar4G5gl9oXnjSwUjE6pq + metering_secret: dtptqyEA8eF2TrimNfON97sk + user_password: TIOxrbWzOKLdVx4j8wsEtYkn cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RFec66UQlk1OPwBmfSl8Qufi - fixed_key: 53b4f50eb158baa8d3f9684e868e4066bc51a5fab56ea9599cec482e6deb05d4 - user_password: c3BqXBRtapLgQYlEJ4KASP9y + db_password: 7w6TjwE9basxZfF4GGkQNk8s + fixed_key: 6b58b7cd6f88c4a928212d8293038d208071f9170baf5995ec42a6a5d836605e + user_password: 4HlkMZEZ9QlpNITzvh3h5qfZ cluster: changes: - name: attributes @@ -42,36 +52,36 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 730 + node_id: 129 - name: disks - node_id: 730 + node_id: 129 - name: interfaces - node_id: 731 + node_id: 126 - name: disks - node_id: 731 + node_id: 126 - name: interfaces - node_id: 732 + node_id: 127 - name: disks - node_id: 732 + node_id: 127 - name: interfaces - node_id: 733 + node_id: 128 - name: disks - node_id: 733 + node_id: 128 - name: interfaces - node_id: 734 + node_id: 130 - name: disks - node_id: 734 + node_id: 130 - name: interfaces - node_id: 735 + node_id: 131 - name: disks - node_id: 735 + node_id: 131 - name: interfaces - node_id: 736 + node_id: 132 - name: disks - node_id: 736 + node_id: 132 components: [] fuel_version: '10.0' - id: 40 + id: 15 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 40 +deployment_id: 15 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-733.domain.tld +fqdn: node-128.test.domain.local fuel_version: '10.0' glance: - db_password: 5jX5psX0WDRcx0HH5VWVsrwJ + db_password: KaR8BEzKxumpu0jrZHZIfp3q image_cache_max_size: '0' - user_password: iwgWlXOVQDP1ybBvExa1SUpL + user_password: dqxfEsU22NH69XYHKSvoOZft glance_glare: - user_password: IxeiZptyqPwkvprrao2iFuTP + user_password: ZicOQetaAfLF5F35mfQaWeZI heat: - auth_encryption_key: f0952d91b1efb46d2a9d9fb10eb93e19 - db_password: 7cbWsxolRVe4PS29qv6ZI5Lv + auth_encryption_key: 6a57e1b2e402829f531ff7f45987aeef + db_password: OR2TU3cgCRbIW4n1Bn5Gik3b enabled: true - rabbit_password: s8Fv4HRy7d6SsdxXafXiWus9 - user_password: n0iLP2B2TZ2XeEH5oNWGjeX1 + rabbit_password: d3bsSu6TDQInNcqie7ZdQe2g + user_password: 7etzT4B5LOZlJuclPsPvF5of horizon: - secret_key: f4391974da0c0bc1d6c8ee82b1049935365a7ad604b7dbb240cdeb74252f31f1 + secret_key: 10e87c9effcb1eed518068e5af43d3917062992450204455209138a5eb33da6d ironic: - db_password: OQiahLeOfQWRhI8kCGG4ogTX + db_password: wHP0Cg5Q8ppz1AQvdzvI645b enabled: false - swift_tempurl_key: ATpw9THzwYMa1Lx5EpAm66vi - user_password: OFqH3jHPEyyBnuX3owXmloYI + swift_tempurl_key: gZacdW69BTAV9qZLdiYfewbW + user_password: N834zgKKpxSP07HX6LoNo2F1 kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: 6OgCNCpNZsRPtBQt91NSxyJ8 - db_password: pPdhfiOsEA7fHGwVs3sGGMoQ -last_controller: node-731 + admin_token: JFdL4xwDqvZgM1MMhzJFNxbl + db_password: ZJojiaj5wfCAMavNMU7wmgwH +last_controller: node-129 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: yPfazptrewWnKKPPqaQc06ye + db_password: wXQid97d9hM3coUvX8TfAlur enabled: true - rabbit_password: FAHLmPxu3Au8ZEUXHzCH5ZVv - user_password: K6MTgsvNHJckQbue9JlhWTtT + rabbit_password: 0dgbRU3ZxJko7OEqCaV8ZTas + user_password: 1Vh14W5MDxid2mW8N0jAPlSK murano-cfapi: - db_password: 1gQ7AGWIzNyrp7I0GClXeql0 + db_password: niVR5w3OzkwVSKHKbGeMcNKc enabled: false - rabbit_password: rt8WggTS9AwB1bdmkbHo99wz - user_password: jrVg0vMxlokzUOUzTzA2oGi8 + rabbit_password: riHKhQgDmNjsGd9DgQcBK2FU + user_password: JzebRmfzUpB8KyhiPWCb8i9j murano_settings: metadata: group: openstack_services @@ -205,204 +212,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: nrOg6S3o5Ho5Ec09ksVKQmHq - wsrep_password: n11lhXNzDvQnjMToIhSi1snG + root_password: jbCMP5VtxAvItyOywOOhV1Pb + wsrep_password: gkHPIpKcgXQLDILYlthWNGWi network_metadata: nodes: - node-730: - fqdn: node-730.domain.tld - name: node-730 + node-126: + fqdn: node-126.test.domain.local + name: node-126 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 - neutron/floating: null - neutron/mesh: 192.168.2.3 - neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '730' - uid: '730' - user_node_name: node-730 - node-731: - fqdn: node-731.domain.tld - name: node-731 - network_roles: - admin/pxe: 10.145.0.101 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/radosgw: 172.16.0.2 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - ex: 172.16.0.2 - fw-admin: 10.145.0.101 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/mesh: 192.168.2.1 - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - public/vip: 172.16.0.2 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '731' - uid: '731' - user_node_name: node-731 - node-732: - fqdn: node-732.domain.tld - name: node-732 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.4 - ceilometer/api: 192.168.0.4 - ceph/public: 192.168.1.4 - ceph/replication: 192.168.1.4 - cinder/api: 192.168.0.4 - cinder/iscsi: 192.168.1.4 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.4 - glance/glare: 192.168.0.4 - heat/api: 192.168.0.4 - horizon: 192.168.0.4 - ironic/api: 192.168.0.4 - keystone/api: 192.168.0.4 - management: 192.168.0.4 - mgmt/corosync: 192.168.0.4 - mgmt/database: 192.168.0.4 - mgmt/memcache: 192.168.0.4 - mgmt/messaging: 192.168.0.4 - mgmt/vip: 192.168.0.4 - mongo/db: 192.168.0.4 - murano/api: 192.168.0.4 - murano/cfapi: 192.168.0.4 - neutron/api: 192.168.0.4 - neutron/floating: null - neutron/mesh: 192.168.2.4 - neutron/private: null - nova/api: 192.168.0.4 - nova/migration: 192.168.0.4 - sahara/api: 192.168.0.4 - storage: 192.168.1.4 - swift/api: 192.168.0.4 - swift/replication: 192.168.1.4 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '732' - uid: '732' - user_node_name: node-732 - node-733: - fqdn: node-733.domain.tld - name: node-733 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/mesh: 192.168.2.2 - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '733' - uid: '733' - user_node_name: node-733 - node-734: - fqdn: node-734.domain.tld - name: node-734 - network_roles: - admin/pxe: 10.145.0.104 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.6 ceilometer/api: 192.168.0.6 ceph/public: 192.168.1.6 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.6 cinder/api: 192.168.0.6 cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 + ex: 172.16.0.3 + fw-admin: 10.109.15.100 glance/api: 192.168.0.6 glance/glare: 192.168.0.6 heat/api: 192.168.0.6 @@ -424,29 +251,74 @@ network_metadata: neutron/private: null nova/api: 192.168.0.6 nova/migration: 192.168.0.6 + public/vip: 172.16.0.3 sahara/api: 192.168.0.6 storage: 192.168.1.6 swift/api: 192.168.0.6 swift/replication: 192.168.1.6 node_roles: - - ceph-osd + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '734' - uid: '734' - user_node_name: node-734 - node-735: - fqdn: node-735.domain.tld - name: node-735 + swift_zone: '126' + uid: '126' + user_node_name: node-126 + node-127: + fqdn: node-127.test.domain.local + name: node-127 network_roles: - admin/pxe: 10.145.0.105 + admin/pxe: 10.109.15.101 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + fw-admin: 10.109.15.101 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 + neutron/floating: null + neutron/mesh: 192.168.2.3 + neutron/private: null + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '127' + uid: '127' + user_node_name: node-127 + node-128: + fqdn: node-128.test.domain.local + name: node-128 + network_roles: + admin/pxe: 10.109.15.102 aodh/api: 192.168.0.5 ceilometer/api: 192.168.0.5 ceph/public: 192.168.1.5 ceph/replication: 192.168.1.5 cinder/api: 192.168.0.5 cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 + fw-admin: 10.109.15.102 glance/api: 192.168.0.5 glance/glare: 192.168.0.5 heat/api: 192.168.0.5 @@ -473,24 +345,71 @@ network_metadata: swift/api: 192.168.0.5 swift/replication: 192.168.1.5 node_roles: - - primary-mongo + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '735' - uid: '735' - user_node_name: node-735 - node-736: - fqdn: node-736.domain.tld - name: node-736 + swift_zone: '128' + uid: '128' + user_node_name: node-128 + node-129: + fqdn: node-129.test.domain.local + name: node-129 network_roles: - admin/pxe: 10.145.0.106 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + ex: 172.16.0.2 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/mesh: 192.168.2.2 + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '129' + uid: '129' + user_node_name: node-129 + node-130: + fqdn: node-130.test.domain.local + name: node-130 + network_roles: + admin/pxe: 10.109.15.104 aodh/api: 192.168.0.7 ceilometer/api: 192.168.0.7 ceph/public: 192.168.1.7 ceph/replication: 192.168.1.7 cinder/api: 192.168.0.7 cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 + fw-admin: 10.109.15.104 glance/api: 192.168.0.7 glance/glare: 192.168.0.7 heat/api: 192.168.0.7 @@ -517,12 +436,100 @@ network_metadata: swift/api: 192.168.0.7 swift/replication: 192.168.1.7 node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '130' + uid: '130' + user_node_name: node-130 + node-131: + fqdn: node-131.test.domain.local + name: node-131 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.4 + ceilometer/api: 192.168.0.4 + ceph/public: 192.168.1.4 + ceph/replication: 192.168.1.4 + cinder/api: 192.168.0.4 + cinder/iscsi: 192.168.1.4 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.4 + glance/glare: 192.168.0.4 + heat/api: 192.168.0.4 + horizon: 192.168.0.4 + ironic/api: 192.168.0.4 + keystone/api: 192.168.0.4 + management: 192.168.0.4 + mgmt/corosync: 192.168.0.4 + mgmt/database: 192.168.0.4 + mgmt/memcache: 192.168.0.4 + mgmt/messaging: 192.168.0.4 + mgmt/vip: 192.168.0.4 + mongo/db: 192.168.0.4 + murano/api: 192.168.0.4 + murano/cfapi: 192.168.0.4 + neutron/api: 192.168.0.4 + neutron/floating: null + neutron/mesh: 192.168.2.4 + neutron/private: null + nova/api: 192.168.0.4 + nova/migration: 192.168.0.4 + sahara/api: 192.168.0.4 + storage: 192.168.1.4 + swift/api: 192.168.0.4 + swift/replication: 192.168.1.4 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '131' + uid: '131' + user_node_name: node-131 + node-132: + fqdn: node-132.test.domain.local + name: node-132 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/mesh: 192.168.2.1 + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '132' + uid: '132' + user_node_name: node-132 vips: management: ipaddr: 192.168.0.9 @@ -569,19 +576,19 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.103/24 - gateway: 10.145.0.1 + - 10.109.15.102/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - - 192.168.2.2/24 + - 192.168.2.5/24 br-mgmt: IP: - - 192.168.0.2/24 + - 192.168.0.5/24 br-storage: IP: - - 192.168.1.2/24 + - 192.168.1.5/24 interfaces: enp0s3: vendor_specific: @@ -898,85 +905,84 @@ node_volumes: size: 4096 type: lv nodes: -- fqdn: node-730.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-126.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-730 + name: node-126 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: primary-controller + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '126' + uid: '126' + user_node_name: node-126 +- fqdn: node-127.test.domain.local + internal_address: 192.168.0.3 + internal_netmask: 255.255.255.0 + name: node-127 + role: compute storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '730' - uid: '730' - user_node_name: node-730 -- fqdn: node-731.domain.tld - internal_address: 192.168.0.1 + swift_zone: '127' + uid: '127' + user_node_name: node-127 +- fqdn: node-128.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-731 + name: node-128 + role: ceph-osd + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '128' + uid: '128' + user_node_name: node-128 +- fqdn: node-129.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-129 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '731' - uid: '731' - user_node_name: node-731 -- fqdn: node-732.domain.tld - internal_address: 192.168.0.4 - internal_netmask: 255.255.255.0 - name: node-732 - role: compute - storage_address: 192.168.1.4 - storage_netmask: 255.255.255.0 - swift_zone: '732' - uid: '732' - user_node_name: node-732 -- fqdn: node-733.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-733 - role: ceph-osd storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '733' - uid: '733' - user_node_name: node-733 -- fqdn: node-734.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-734 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '734' - uid: '734' - user_node_name: node-734 -- fqdn: node-735.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-735 - role: primary-mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '735' - uid: '735' - user_node_name: node-735 -- fqdn: node-736.domain.tld + swift_zone: '129' + uid: '129' + user_node_name: node-129 +- fqdn: node-130.test.domain.local internal_address: 192.168.0.7 internal_netmask: 255.255.255.0 - name: node-736 - role: mongo + name: node-130 + role: ceph-osd storage_address: 192.168.1.7 storage_netmask: 255.255.255.0 - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '130' + uid: '130' + user_node_name: node-130 +- fqdn: node-131.test.domain.local + internal_address: 192.168.0.4 + internal_netmask: 255.255.255.0 + name: node-131 + role: primary-mongo + storage_address: 192.168.1.4 + storage_netmask: 255.255.255.0 + swift_zone: '131' + uid: '131' + user_node_name: node-131 +- fqdn: node-132.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-132 + role: mongo + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '132' + uid: '132' + user_node_name: node-132 nova: - db_password: Kz189HhWN02ZUAe8nvY0t0FC - enable_hugepages: false + db_password: PVzZrklbvr2gHtJL4e8a0s6t state_path: /var/lib/nova - user_password: oMvZeE7RRAOsrUTYqkS3tSdm + user_password: f09qoLIdLU7oGLGFAGFNj1Ja nova_quota: false online: true openstack_version: newton-10.0 @@ -988,7 +994,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: 0U4hZMHZDgtHnVwPSuvZW3mz + password: PYRI8p75nGRMkBGgjlAvcQiu sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 192.168.2.0/24 @@ -999,11 +1005,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1125,8 +1131,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1141,13 +1147,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: eMJorJqQ1HMFbkypwdUhouEb + passwd: wF5Kulr9K5ht8BEuIBOVQ6DG default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: kPtlHmCe5K7ndGYvKXOweEz5 + admin_password: phtXcgdXRmMafvZlNOj6hTOq metadata: - metadata_proxy_shared_secret: R7maXMRiZHBgmMEXaXZQRxV3 + metadata_proxy_shared_secret: oxbVqVac5jRx0AhdWjxg4J2x predefined_networks: admin_floating_net: L2: @@ -1181,7 +1187,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: X9IsCoHuKgys2l4GZL95MbYG + password: ov7dGMhyL8eR1ZdocMsVtCit release: attributes_metadata: editable: @@ -1289,6 +1295,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1371,6 +1420,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1791,6 +1852,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1825,8 +1889,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1903,11 +1965,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1960,6 +2081,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2200,6 +2324,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2209,8 +2339,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2237,7 +2375,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2258,7 +2398,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2506,6 +2648,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2535,10 +2678,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2610,6 +2755,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2781,7 +2927,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2805,14 +2951,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - ceph-osd +run_ping_checker: true sahara: - db_password: PM3ymZ8WiF9RSbCrCgd6ymU9 + db_password: 4APOo0xTUZcZnCDbL7d30tjC enabled: true - user_password: 3KdRkNe5eAxoPxR4irc3jvvB + user_password: C2TKvFTJ6Vr0CCTLK0xsGK0x service_user: homedir: /var/lib/fuel metadata: @@ -2823,22 +2970,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: pLVuXVFa9C8k7hcCUVb1yWQr + password: 2eiAUTgtohRigYCRhzssNonM root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0eUhXAAAAABAA0KyotPMzzo0kg12tJcf1xg== - bootstrap_osd_key: AQC0eUhXAAAAABAAk7M7DH05JdsO8WRD31tOiw== + admin_key: AQCiB6NXAAAAABAAJpdEYCOSg4mm+Q3DvhzTYg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQCiB6NXAAAAABAA7ezVYgw+wco6h8LezEaUaA== ephemeral_ceph: true - fsid: 81099e45-f272-4954-8252-696863d84e46 + fsid: 1f77e0d5-dd4c-4254-a67f-41449f42b6c6 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0eUhXAAAAABAARk/bva9mdtRLaZ6CsnXToQ== + mon_key: AQCiB6NXAAAAABAA9qfH8vMq6+n6N2iLO7KfgQ== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2849,13 +3008,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0eUhXAAAAABAAqgFcyJYZu0IY+4J2+rsWew== + radosgw_key: AQCiB6NXAAAAABAA6wxyVYlUpMVvs9r0fpUiXQ== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: ROQ1xRVPVFShmjxplraXnPX9 + user_password: 2g77TlSldIdjCozj7BsRbKYS syslog: metadata: enabled: false @@ -2877,10 +3036,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '733' +uid: '128' use_cow_images: true use_vcenter: false -user_node_name: node-733 +user_node_name: node-128 vms_conf: [] workloads_collector: create_user: false @@ -2892,6 +3051,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 596PBfjB9KaTbfMykO2Ql54x + password: lvrXAFlB68qs9dmoTAd9EsNq tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.ceph.murano.sahara.ceil-compute.yaml b/hiera/neut_tun.ceph.murano.sahara.ceil-compute.yaml index abdfe44..9fd1462 100644 --- a/hiera/neut_tun.ceph.murano.sahara.ceil-compute.yaml +++ b/hiera/neut_tun.ceph.murano.sahara.ceil-compute.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: TVnuHRoSLlNkCmruAvQUG8pE - user_password: gzmU2q6Qit6gBglybKb7xFoF + db_password: OhQJSjJm0wVaH1Zf4Cdhuc64 + user_password: rXzOBwcFZP95JzXoI7vRmBkr +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: 3TCG1UOCgksu31d0jUllc1ih + db_password: f93xXvBvhlSYE3JepvR0H7hb enabled: true - metering_secret: M24o7ZnNHH1bEjPAcMBGGkQs - user_password: pfhRar4G5gl9oXnjSwUjE6pq + metering_secret: dtptqyEA8eF2TrimNfON97sk + user_password: TIOxrbWzOKLdVx4j8wsEtYkn cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RFec66UQlk1OPwBmfSl8Qufi - fixed_key: 53b4f50eb158baa8d3f9684e868e4066bc51a5fab56ea9599cec482e6deb05d4 - user_password: c3BqXBRtapLgQYlEJ4KASP9y + db_password: 7w6TjwE9basxZfF4GGkQNk8s + fixed_key: 6b58b7cd6f88c4a928212d8293038d208071f9170baf5995ec42a6a5d836605e + user_password: 4HlkMZEZ9QlpNITzvh3h5qfZ cluster: changes: - name: attributes @@ -42,36 +52,36 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 730 + node_id: 129 - name: disks - node_id: 730 + node_id: 129 - name: interfaces - node_id: 731 + node_id: 126 - name: disks - node_id: 731 + node_id: 126 - name: interfaces - node_id: 732 + node_id: 127 - name: disks - node_id: 732 + node_id: 127 - name: interfaces - node_id: 733 + node_id: 128 - name: disks - node_id: 733 + node_id: 128 - name: interfaces - node_id: 734 + node_id: 130 - name: disks - node_id: 734 + node_id: 130 - name: interfaces - node_id: 735 + node_id: 131 - name: disks - node_id: 735 + node_id: 131 - name: interfaces - node_id: 736 + node_id: 132 - name: disks - node_id: 736 + node_id: 132 components: [] fuel_version: '10.0' - id: 40 + id: 15 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 40 +deployment_id: 15 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: false -fqdn: node-732.domain.tld +fqdn: node-127.test.domain.local fuel_version: '10.0' glance: - db_password: 5jX5psX0WDRcx0HH5VWVsrwJ + db_password: KaR8BEzKxumpu0jrZHZIfp3q image_cache_max_size: '0' - user_password: iwgWlXOVQDP1ybBvExa1SUpL + user_password: dqxfEsU22NH69XYHKSvoOZft glance_glare: - user_password: IxeiZptyqPwkvprrao2iFuTP + user_password: ZicOQetaAfLF5F35mfQaWeZI heat: - auth_encryption_key: f0952d91b1efb46d2a9d9fb10eb93e19 - db_password: 7cbWsxolRVe4PS29qv6ZI5Lv + auth_encryption_key: 6a57e1b2e402829f531ff7f45987aeef + db_password: OR2TU3cgCRbIW4n1Bn5Gik3b enabled: true - rabbit_password: s8Fv4HRy7d6SsdxXafXiWus9 - user_password: n0iLP2B2TZ2XeEH5oNWGjeX1 + rabbit_password: d3bsSu6TDQInNcqie7ZdQe2g + user_password: 7etzT4B5LOZlJuclPsPvF5of horizon: - secret_key: f4391974da0c0bc1d6c8ee82b1049935365a7ad604b7dbb240cdeb74252f31f1 + secret_key: 10e87c9effcb1eed518068e5af43d3917062992450204455209138a5eb33da6d ironic: - db_password: OQiahLeOfQWRhI8kCGG4ogTX + db_password: wHP0Cg5Q8ppz1AQvdzvI645b enabled: false - swift_tempurl_key: ATpw9THzwYMa1Lx5EpAm66vi - user_password: OFqH3jHPEyyBnuX3owXmloYI + swift_tempurl_key: gZacdW69BTAV9qZLdiYfewbW + user_password: N834zgKKpxSP07HX6LoNo2F1 kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: 6OgCNCpNZsRPtBQt91NSxyJ8 - db_password: pPdhfiOsEA7fHGwVs3sGGMoQ -last_controller: node-731 + admin_token: JFdL4xwDqvZgM1MMhzJFNxbl + db_password: ZJojiaj5wfCAMavNMU7wmgwH +last_controller: node-129 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: yPfazptrewWnKKPPqaQc06ye + db_password: wXQid97d9hM3coUvX8TfAlur enabled: true - rabbit_password: FAHLmPxu3Au8ZEUXHzCH5ZVv - user_password: K6MTgsvNHJckQbue9JlhWTtT + rabbit_password: 0dgbRU3ZxJko7OEqCaV8ZTas + user_password: 1Vh14W5MDxid2mW8N0jAPlSK murano-cfapi: - db_password: 1gQ7AGWIzNyrp7I0GClXeql0 + db_password: niVR5w3OzkwVSKHKbGeMcNKc enabled: false - rabbit_password: rt8WggTS9AwB1bdmkbHo99wz - user_password: jrVg0vMxlokzUOUzTzA2oGi8 + rabbit_password: riHKhQgDmNjsGd9DgQcBK2FU + user_password: JzebRmfzUpB8KyhiPWCb8i9j murano_settings: metadata: group: openstack_services @@ -205,204 +212,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: nrOg6S3o5Ho5Ec09ksVKQmHq - wsrep_password: n11lhXNzDvQnjMToIhSi1snG + root_password: jbCMP5VtxAvItyOywOOhV1Pb + wsrep_password: gkHPIpKcgXQLDILYlthWNGWi network_metadata: nodes: - node-730: - fqdn: node-730.domain.tld - name: node-730 + node-126: + fqdn: node-126.test.domain.local + name: node-126 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 - neutron/floating: null - neutron/mesh: 192.168.2.3 - neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '730' - uid: '730' - user_node_name: node-730 - node-731: - fqdn: node-731.domain.tld - name: node-731 - network_roles: - admin/pxe: 10.145.0.101 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/radosgw: 172.16.0.2 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - ex: 172.16.0.2 - fw-admin: 10.145.0.101 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/mesh: 192.168.2.1 - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - public/vip: 172.16.0.2 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '731' - uid: '731' - user_node_name: node-731 - node-732: - fqdn: node-732.domain.tld - name: node-732 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.4 - ceilometer/api: 192.168.0.4 - ceph/public: 192.168.1.4 - ceph/replication: 192.168.1.4 - cinder/api: 192.168.0.4 - cinder/iscsi: 192.168.1.4 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.4 - glance/glare: 192.168.0.4 - heat/api: 192.168.0.4 - horizon: 192.168.0.4 - ironic/api: 192.168.0.4 - keystone/api: 192.168.0.4 - management: 192.168.0.4 - mgmt/corosync: 192.168.0.4 - mgmt/database: 192.168.0.4 - mgmt/memcache: 192.168.0.4 - mgmt/messaging: 192.168.0.4 - mgmt/vip: 192.168.0.4 - mongo/db: 192.168.0.4 - murano/api: 192.168.0.4 - murano/cfapi: 192.168.0.4 - neutron/api: 192.168.0.4 - neutron/floating: null - neutron/mesh: 192.168.2.4 - neutron/private: null - nova/api: 192.168.0.4 - nova/migration: 192.168.0.4 - sahara/api: 192.168.0.4 - storage: 192.168.1.4 - swift/api: 192.168.0.4 - swift/replication: 192.168.1.4 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '732' - uid: '732' - user_node_name: node-732 - node-733: - fqdn: node-733.domain.tld - name: node-733 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/mesh: 192.168.2.2 - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '733' - uid: '733' - user_node_name: node-733 - node-734: - fqdn: node-734.domain.tld - name: node-734 - network_roles: - admin/pxe: 10.145.0.104 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.6 ceilometer/api: 192.168.0.6 ceph/public: 192.168.1.6 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.6 cinder/api: 192.168.0.6 cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 + ex: 172.16.0.3 + fw-admin: 10.109.15.100 glance/api: 192.168.0.6 glance/glare: 192.168.0.6 heat/api: 192.168.0.6 @@ -424,29 +251,74 @@ network_metadata: neutron/private: null nova/api: 192.168.0.6 nova/migration: 192.168.0.6 + public/vip: 172.16.0.3 sahara/api: 192.168.0.6 storage: 192.168.1.6 swift/api: 192.168.0.6 swift/replication: 192.168.1.6 node_roles: - - ceph-osd + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '734' - uid: '734' - user_node_name: node-734 - node-735: - fqdn: node-735.domain.tld - name: node-735 + swift_zone: '126' + uid: '126' + user_node_name: node-126 + node-127: + fqdn: node-127.test.domain.local + name: node-127 network_roles: - admin/pxe: 10.145.0.105 + admin/pxe: 10.109.15.101 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + fw-admin: 10.109.15.101 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 + neutron/floating: null + neutron/mesh: 192.168.2.3 + neutron/private: null + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '127' + uid: '127' + user_node_name: node-127 + node-128: + fqdn: node-128.test.domain.local + name: node-128 + network_roles: + admin/pxe: 10.109.15.102 aodh/api: 192.168.0.5 ceilometer/api: 192.168.0.5 ceph/public: 192.168.1.5 ceph/replication: 192.168.1.5 cinder/api: 192.168.0.5 cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 + fw-admin: 10.109.15.102 glance/api: 192.168.0.5 glance/glare: 192.168.0.5 heat/api: 192.168.0.5 @@ -473,24 +345,71 @@ network_metadata: swift/api: 192.168.0.5 swift/replication: 192.168.1.5 node_roles: - - primary-mongo + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '735' - uid: '735' - user_node_name: node-735 - node-736: - fqdn: node-736.domain.tld - name: node-736 + swift_zone: '128' + uid: '128' + user_node_name: node-128 + node-129: + fqdn: node-129.test.domain.local + name: node-129 network_roles: - admin/pxe: 10.145.0.106 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + ex: 172.16.0.2 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/mesh: 192.168.2.2 + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '129' + uid: '129' + user_node_name: node-129 + node-130: + fqdn: node-130.test.domain.local + name: node-130 + network_roles: + admin/pxe: 10.109.15.104 aodh/api: 192.168.0.7 ceilometer/api: 192.168.0.7 ceph/public: 192.168.1.7 ceph/replication: 192.168.1.7 cinder/api: 192.168.0.7 cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 + fw-admin: 10.109.15.104 glance/api: 192.168.0.7 glance/glare: 192.168.0.7 heat/api: 192.168.0.7 @@ -517,12 +436,100 @@ network_metadata: swift/api: 192.168.0.7 swift/replication: 192.168.1.7 node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '130' + uid: '130' + user_node_name: node-130 + node-131: + fqdn: node-131.test.domain.local + name: node-131 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.4 + ceilometer/api: 192.168.0.4 + ceph/public: 192.168.1.4 + ceph/replication: 192.168.1.4 + cinder/api: 192.168.0.4 + cinder/iscsi: 192.168.1.4 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.4 + glance/glare: 192.168.0.4 + heat/api: 192.168.0.4 + horizon: 192.168.0.4 + ironic/api: 192.168.0.4 + keystone/api: 192.168.0.4 + management: 192.168.0.4 + mgmt/corosync: 192.168.0.4 + mgmt/database: 192.168.0.4 + mgmt/memcache: 192.168.0.4 + mgmt/messaging: 192.168.0.4 + mgmt/vip: 192.168.0.4 + mongo/db: 192.168.0.4 + murano/api: 192.168.0.4 + murano/cfapi: 192.168.0.4 + neutron/api: 192.168.0.4 + neutron/floating: null + neutron/mesh: 192.168.2.4 + neutron/private: null + nova/api: 192.168.0.4 + nova/migration: 192.168.0.4 + sahara/api: 192.168.0.4 + storage: 192.168.1.4 + swift/api: 192.168.0.4 + swift/replication: 192.168.1.4 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '131' + uid: '131' + user_node_name: node-131 + node-132: + fqdn: node-132.test.domain.local + name: node-132 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/mesh: 192.168.2.1 + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '132' + uid: '132' + user_node_name: node-132 vips: management: ipaddr: 192.168.0.9 @@ -569,19 +576,19 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.102/24 - gateway: 10.145.0.1 + - 10.109.15.101/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - - 192.168.2.4/24 + - 192.168.2.3/24 br-mgmt: IP: - - 192.168.0.4/24 + - 192.168.0.3/24 br-storage: IP: - - 192.168.1.4/24 + - 192.168.1.3/24 interfaces: enp0s3: vendor_specific: @@ -849,85 +856,84 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-730.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-126.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-730 + name: node-126 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: primary-controller + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '126' + uid: '126' + user_node_name: node-126 +- fqdn: node-127.test.domain.local + internal_address: 192.168.0.3 + internal_netmask: 255.255.255.0 + name: node-127 + role: compute storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '730' - uid: '730' - user_node_name: node-730 -- fqdn: node-731.domain.tld - internal_address: 192.168.0.1 + swift_zone: '127' + uid: '127' + user_node_name: node-127 +- fqdn: node-128.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-731 + name: node-128 + role: ceph-osd + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '128' + uid: '128' + user_node_name: node-128 +- fqdn: node-129.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-129 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '731' - uid: '731' - user_node_name: node-731 -- fqdn: node-732.domain.tld - internal_address: 192.168.0.4 - internal_netmask: 255.255.255.0 - name: node-732 - role: compute - storage_address: 192.168.1.4 - storage_netmask: 255.255.255.0 - swift_zone: '732' - uid: '732' - user_node_name: node-732 -- fqdn: node-733.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-733 - role: ceph-osd storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '733' - uid: '733' - user_node_name: node-733 -- fqdn: node-734.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-734 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '734' - uid: '734' - user_node_name: node-734 -- fqdn: node-735.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-735 - role: primary-mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '735' - uid: '735' - user_node_name: node-735 -- fqdn: node-736.domain.tld + swift_zone: '129' + uid: '129' + user_node_name: node-129 +- fqdn: node-130.test.domain.local internal_address: 192.168.0.7 internal_netmask: 255.255.255.0 - name: node-736 - role: mongo + name: node-130 + role: ceph-osd storage_address: 192.168.1.7 storage_netmask: 255.255.255.0 - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '130' + uid: '130' + user_node_name: node-130 +- fqdn: node-131.test.domain.local + internal_address: 192.168.0.4 + internal_netmask: 255.255.255.0 + name: node-131 + role: primary-mongo + storage_address: 192.168.1.4 + storage_netmask: 255.255.255.0 + swift_zone: '131' + uid: '131' + user_node_name: node-131 +- fqdn: node-132.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-132 + role: mongo + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '132' + uid: '132' + user_node_name: node-132 nova: - db_password: Kz189HhWN02ZUAe8nvY0t0FC - enable_hugepages: false + db_password: PVzZrklbvr2gHtJL4e8a0s6t state_path: /var/lib/nova - user_password: oMvZeE7RRAOsrUTYqkS3tSdm + user_password: f09qoLIdLU7oGLGFAGFNj1Ja nova_quota: false online: true openstack_version: newton-10.0 @@ -939,7 +945,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: 0U4hZMHZDgtHnVwPSuvZW3mz + password: PYRI8p75nGRMkBGgjlAvcQiu sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 192.168.2.0/24 @@ -950,11 +956,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1076,8 +1082,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1092,13 +1098,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: eMJorJqQ1HMFbkypwdUhouEb + passwd: wF5Kulr9K5ht8BEuIBOVQ6DG default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: kPtlHmCe5K7ndGYvKXOweEz5 + admin_password: phtXcgdXRmMafvZlNOj6hTOq metadata: - metadata_proxy_shared_secret: R7maXMRiZHBgmMEXaXZQRxV3 + metadata_proxy_shared_secret: oxbVqVac5jRx0AhdWjxg4J2x predefined_networks: admin_floating_net: L2: @@ -1132,7 +1138,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: X9IsCoHuKgys2l4GZL95MbYG + password: ov7dGMhyL8eR1ZdocMsVtCit release: attributes_metadata: editable: @@ -1240,6 +1246,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1322,6 +1371,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1742,6 +1803,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1776,8 +1840,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1854,11 +1916,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1911,6 +2032,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2151,6 +2275,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2160,8 +2290,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2188,7 +2326,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2209,7 +2349,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2457,6 +2599,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2486,10 +2629,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2561,6 +2706,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2732,7 +2878,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2756,14 +2902,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - compute +run_ping_checker: true sahara: - db_password: PM3ymZ8WiF9RSbCrCgd6ymU9 + db_password: 4APOo0xTUZcZnCDbL7d30tjC enabled: true - user_password: 3KdRkNe5eAxoPxR4irc3jvvB + user_password: C2TKvFTJ6Vr0CCTLK0xsGK0x service_user: homedir: /var/lib/fuel metadata: @@ -2774,22 +2921,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: pLVuXVFa9C8k7hcCUVb1yWQr + password: 2eiAUTgtohRigYCRhzssNonM root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0eUhXAAAAABAA0KyotPMzzo0kg12tJcf1xg== - bootstrap_osd_key: AQC0eUhXAAAAABAAk7M7DH05JdsO8WRD31tOiw== + admin_key: AQCiB6NXAAAAABAAJpdEYCOSg4mm+Q3DvhzTYg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQCiB6NXAAAAABAA7ezVYgw+wco6h8LezEaUaA== ephemeral_ceph: true - fsid: 81099e45-f272-4954-8252-696863d84e46 + fsid: 1f77e0d5-dd4c-4254-a67f-41449f42b6c6 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0eUhXAAAAABAARk/bva9mdtRLaZ6CsnXToQ== + mon_key: AQCiB6NXAAAAABAA9qfH8vMq6+n6N2iLO7KfgQ== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2800,13 +2959,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0eUhXAAAAABAAqgFcyJYZu0IY+4J2+rsWew== + radosgw_key: AQCiB6NXAAAAABAA6wxyVYlUpMVvs9r0fpUiXQ== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: ROQ1xRVPVFShmjxplraXnPX9 + user_password: 2g77TlSldIdjCozj7BsRbKYS syslog: metadata: enabled: false @@ -2828,10 +2987,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '732' +uid: '127' use_cow_images: true use_vcenter: false -user_node_name: node-732 +user_node_name: node-127 vms_conf: [] workloads_collector: create_user: false @@ -2843,6 +3002,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 596PBfjB9KaTbfMykO2Ql54x + password: lvrXAFlB68qs9dmoTAd9EsNq tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.ceph.murano.sahara.ceil-controller.yaml b/hiera/neut_tun.ceph.murano.sahara.ceil-controller.yaml index c3dc1a6..298fc74 100644 --- a/hiera/neut_tun.ceph.murano.sahara.ceil-controller.yaml +++ b/hiera/neut_tun.ceph.murano.sahara.ceil-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: TVnuHRoSLlNkCmruAvQUG8pE - user_password: gzmU2q6Qit6gBglybKb7xFoF + db_password: OhQJSjJm0wVaH1Zf4Cdhuc64 + user_password: rXzOBwcFZP95JzXoI7vRmBkr +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: 3TCG1UOCgksu31d0jUllc1ih + db_password: f93xXvBvhlSYE3JepvR0H7hb enabled: true - metering_secret: M24o7ZnNHH1bEjPAcMBGGkQs - user_password: pfhRar4G5gl9oXnjSwUjE6pq + metering_secret: dtptqyEA8eF2TrimNfON97sk + user_password: TIOxrbWzOKLdVx4j8wsEtYkn cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RFec66UQlk1OPwBmfSl8Qufi - fixed_key: 53b4f50eb158baa8d3f9684e868e4066bc51a5fab56ea9599cec482e6deb05d4 - user_password: c3BqXBRtapLgQYlEJ4KASP9y + db_password: 7w6TjwE9basxZfF4GGkQNk8s + fixed_key: 6b58b7cd6f88c4a928212d8293038d208071f9170baf5995ec42a6a5d836605e + user_password: 4HlkMZEZ9QlpNITzvh3h5qfZ cluster: changes: - name: attributes @@ -42,36 +52,36 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 730 + node_id: 129 - name: disks - node_id: 730 + node_id: 129 - name: interfaces - node_id: 731 + node_id: 126 - name: disks - node_id: 731 + node_id: 126 - name: interfaces - node_id: 732 + node_id: 127 - name: disks - node_id: 732 + node_id: 127 - name: interfaces - node_id: 733 + node_id: 128 - name: disks - node_id: 733 + node_id: 128 - name: interfaces - node_id: 734 + node_id: 130 - name: disks - node_id: 734 + node_id: 130 - name: interfaces - node_id: 735 + node_id: 131 - name: disks - node_id: 735 + node_id: 131 - name: interfaces - node_id: 736 + node_id: 132 - name: disks - node_id: 736 + node_id: 132 components: [] fuel_version: '10.0' - id: 40 + id: 15 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 40 +deployment_id: 15 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-731.domain.tld +fqdn: node-129.test.domain.local fuel_version: '10.0' glance: - db_password: 5jX5psX0WDRcx0HH5VWVsrwJ + db_password: KaR8BEzKxumpu0jrZHZIfp3q image_cache_max_size: '0' - user_password: iwgWlXOVQDP1ybBvExa1SUpL + user_password: dqxfEsU22NH69XYHKSvoOZft glance_glare: - user_password: IxeiZptyqPwkvprrao2iFuTP + user_password: ZicOQetaAfLF5F35mfQaWeZI heat: - auth_encryption_key: f0952d91b1efb46d2a9d9fb10eb93e19 - db_password: 7cbWsxolRVe4PS29qv6ZI5Lv + auth_encryption_key: 6a57e1b2e402829f531ff7f45987aeef + db_password: OR2TU3cgCRbIW4n1Bn5Gik3b enabled: true - rabbit_password: s8Fv4HRy7d6SsdxXafXiWus9 - user_password: n0iLP2B2TZ2XeEH5oNWGjeX1 + rabbit_password: d3bsSu6TDQInNcqie7ZdQe2g + user_password: 7etzT4B5LOZlJuclPsPvF5of horizon: - secret_key: f4391974da0c0bc1d6c8ee82b1049935365a7ad604b7dbb240cdeb74252f31f1 + secret_key: 10e87c9effcb1eed518068e5af43d3917062992450204455209138a5eb33da6d ironic: - db_password: OQiahLeOfQWRhI8kCGG4ogTX + db_password: wHP0Cg5Q8ppz1AQvdzvI645b enabled: false - swift_tempurl_key: ATpw9THzwYMa1Lx5EpAm66vi - user_password: OFqH3jHPEyyBnuX3owXmloYI + swift_tempurl_key: gZacdW69BTAV9qZLdiYfewbW + user_password: N834zgKKpxSP07HX6LoNo2F1 kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: 6OgCNCpNZsRPtBQt91NSxyJ8 - db_password: pPdhfiOsEA7fHGwVs3sGGMoQ -last_controller: node-731 + admin_token: JFdL4xwDqvZgM1MMhzJFNxbl + db_password: ZJojiaj5wfCAMavNMU7wmgwH +last_controller: node-129 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: yPfazptrewWnKKPPqaQc06ye + db_password: wXQid97d9hM3coUvX8TfAlur enabled: true - rabbit_password: FAHLmPxu3Au8ZEUXHzCH5ZVv - user_password: K6MTgsvNHJckQbue9JlhWTtT + rabbit_password: 0dgbRU3ZxJko7OEqCaV8ZTas + user_password: 1Vh14W5MDxid2mW8N0jAPlSK murano-cfapi: - db_password: 1gQ7AGWIzNyrp7I0GClXeql0 + db_password: niVR5w3OzkwVSKHKbGeMcNKc enabled: false - rabbit_password: rt8WggTS9AwB1bdmkbHo99wz - user_password: jrVg0vMxlokzUOUzTzA2oGi8 + rabbit_password: riHKhQgDmNjsGd9DgQcBK2FU + user_password: JzebRmfzUpB8KyhiPWCb8i9j murano_settings: metadata: group: openstack_services @@ -205,204 +212,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: nrOg6S3o5Ho5Ec09ksVKQmHq - wsrep_password: n11lhXNzDvQnjMToIhSi1snG + root_password: jbCMP5VtxAvItyOywOOhV1Pb + wsrep_password: gkHPIpKcgXQLDILYlthWNGWi network_metadata: nodes: - node-730: - fqdn: node-730.domain.tld - name: node-730 + node-126: + fqdn: node-126.test.domain.local + name: node-126 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 - neutron/floating: null - neutron/mesh: 192.168.2.3 - neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '730' - uid: '730' - user_node_name: node-730 - node-731: - fqdn: node-731.domain.tld - name: node-731 - network_roles: - admin/pxe: 10.145.0.101 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/radosgw: 172.16.0.2 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - ex: 172.16.0.2 - fw-admin: 10.145.0.101 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/mesh: 192.168.2.1 - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - public/vip: 172.16.0.2 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '731' - uid: '731' - user_node_name: node-731 - node-732: - fqdn: node-732.domain.tld - name: node-732 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.4 - ceilometer/api: 192.168.0.4 - ceph/public: 192.168.1.4 - ceph/replication: 192.168.1.4 - cinder/api: 192.168.0.4 - cinder/iscsi: 192.168.1.4 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.4 - glance/glare: 192.168.0.4 - heat/api: 192.168.0.4 - horizon: 192.168.0.4 - ironic/api: 192.168.0.4 - keystone/api: 192.168.0.4 - management: 192.168.0.4 - mgmt/corosync: 192.168.0.4 - mgmt/database: 192.168.0.4 - mgmt/memcache: 192.168.0.4 - mgmt/messaging: 192.168.0.4 - mgmt/vip: 192.168.0.4 - mongo/db: 192.168.0.4 - murano/api: 192.168.0.4 - murano/cfapi: 192.168.0.4 - neutron/api: 192.168.0.4 - neutron/floating: null - neutron/mesh: 192.168.2.4 - neutron/private: null - nova/api: 192.168.0.4 - nova/migration: 192.168.0.4 - sahara/api: 192.168.0.4 - storage: 192.168.1.4 - swift/api: 192.168.0.4 - swift/replication: 192.168.1.4 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '732' - uid: '732' - user_node_name: node-732 - node-733: - fqdn: node-733.domain.tld - name: node-733 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/mesh: 192.168.2.2 - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '733' - uid: '733' - user_node_name: node-733 - node-734: - fqdn: node-734.domain.tld - name: node-734 - network_roles: - admin/pxe: 10.145.0.104 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.6 ceilometer/api: 192.168.0.6 ceph/public: 192.168.1.6 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.6 cinder/api: 192.168.0.6 cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 + ex: 172.16.0.3 + fw-admin: 10.109.15.100 glance/api: 192.168.0.6 glance/glare: 192.168.0.6 heat/api: 192.168.0.6 @@ -424,29 +251,74 @@ network_metadata: neutron/private: null nova/api: 192.168.0.6 nova/migration: 192.168.0.6 + public/vip: 172.16.0.3 sahara/api: 192.168.0.6 storage: 192.168.1.6 swift/api: 192.168.0.6 swift/replication: 192.168.1.6 node_roles: - - ceph-osd + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '734' - uid: '734' - user_node_name: node-734 - node-735: - fqdn: node-735.domain.tld - name: node-735 + swift_zone: '126' + uid: '126' + user_node_name: node-126 + node-127: + fqdn: node-127.test.domain.local + name: node-127 network_roles: - admin/pxe: 10.145.0.105 + admin/pxe: 10.109.15.101 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + fw-admin: 10.109.15.101 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 + neutron/floating: null + neutron/mesh: 192.168.2.3 + neutron/private: null + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '127' + uid: '127' + user_node_name: node-127 + node-128: + fqdn: node-128.test.domain.local + name: node-128 + network_roles: + admin/pxe: 10.109.15.102 aodh/api: 192.168.0.5 ceilometer/api: 192.168.0.5 ceph/public: 192.168.1.5 ceph/replication: 192.168.1.5 cinder/api: 192.168.0.5 cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 + fw-admin: 10.109.15.102 glance/api: 192.168.0.5 glance/glare: 192.168.0.5 heat/api: 192.168.0.5 @@ -473,24 +345,71 @@ network_metadata: swift/api: 192.168.0.5 swift/replication: 192.168.1.5 node_roles: - - primary-mongo + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '735' - uid: '735' - user_node_name: node-735 - node-736: - fqdn: node-736.domain.tld - name: node-736 + swift_zone: '128' + uid: '128' + user_node_name: node-128 + node-129: + fqdn: node-129.test.domain.local + name: node-129 network_roles: - admin/pxe: 10.145.0.106 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + ex: 172.16.0.2 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/mesh: 192.168.2.2 + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '129' + uid: '129' + user_node_name: node-129 + node-130: + fqdn: node-130.test.domain.local + name: node-130 + network_roles: + admin/pxe: 10.109.15.104 aodh/api: 192.168.0.7 ceilometer/api: 192.168.0.7 ceph/public: 192.168.1.7 ceph/replication: 192.168.1.7 cinder/api: 192.168.0.7 cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 + fw-admin: 10.109.15.104 glance/api: 192.168.0.7 glance/glare: 192.168.0.7 heat/api: 192.168.0.7 @@ -517,12 +436,100 @@ network_metadata: swift/api: 192.168.0.7 swift/replication: 192.168.1.7 node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '130' + uid: '130' + user_node_name: node-130 + node-131: + fqdn: node-131.test.domain.local + name: node-131 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.4 + ceilometer/api: 192.168.0.4 + ceph/public: 192.168.1.4 + ceph/replication: 192.168.1.4 + cinder/api: 192.168.0.4 + cinder/iscsi: 192.168.1.4 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.4 + glance/glare: 192.168.0.4 + heat/api: 192.168.0.4 + horizon: 192.168.0.4 + ironic/api: 192.168.0.4 + keystone/api: 192.168.0.4 + management: 192.168.0.4 + mgmt/corosync: 192.168.0.4 + mgmt/database: 192.168.0.4 + mgmt/memcache: 192.168.0.4 + mgmt/messaging: 192.168.0.4 + mgmt/vip: 192.168.0.4 + mongo/db: 192.168.0.4 + murano/api: 192.168.0.4 + murano/cfapi: 192.168.0.4 + neutron/api: 192.168.0.4 + neutron/floating: null + neutron/mesh: 192.168.2.4 + neutron/private: null + nova/api: 192.168.0.4 + nova/migration: 192.168.0.4 + sahara/api: 192.168.0.4 + storage: 192.168.1.4 + swift/api: 192.168.0.4 + swift/replication: 192.168.1.4 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '131' + uid: '131' + user_node_name: node-131 + node-132: + fqdn: node-132.test.domain.local + name: node-132 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/mesh: 192.168.2.1 + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '132' + uid: '132' + user_node_name: node-132 vips: management: ipaddr: 192.168.0.9 @@ -577,18 +584,18 @@ network_scheme: IP: none br-fw-admin: IP: - - 10.145.0.101/24 + - 10.109.15.103/24 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - - 192.168.2.1/24 + - 192.168.2.2/24 br-mgmt: IP: - - 192.168.0.1/24 + - 192.168.0.2/24 br-storage: IP: - - 192.168.1.1/24 + - 192.168.1.2/24 interfaces: enp0s3: vendor_specific: @@ -944,85 +951,84 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-730.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-126.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-730 + name: node-126 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: primary-controller + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '126' + uid: '126' + user_node_name: node-126 +- fqdn: node-127.test.domain.local + internal_address: 192.168.0.3 + internal_netmask: 255.255.255.0 + name: node-127 + role: compute storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '730' - uid: '730' - user_node_name: node-730 -- fqdn: node-731.domain.tld - internal_address: 192.168.0.1 + swift_zone: '127' + uid: '127' + user_node_name: node-127 +- fqdn: node-128.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-731 + name: node-128 + role: ceph-osd + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '128' + uid: '128' + user_node_name: node-128 +- fqdn: node-129.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-129 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '731' - uid: '731' - user_node_name: node-731 -- fqdn: node-732.domain.tld - internal_address: 192.168.0.4 - internal_netmask: 255.255.255.0 - name: node-732 - role: compute - storage_address: 192.168.1.4 - storage_netmask: 255.255.255.0 - swift_zone: '732' - uid: '732' - user_node_name: node-732 -- fqdn: node-733.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-733 - role: ceph-osd storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '733' - uid: '733' - user_node_name: node-733 -- fqdn: node-734.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-734 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '734' - uid: '734' - user_node_name: node-734 -- fqdn: node-735.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-735 - role: primary-mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '735' - uid: '735' - user_node_name: node-735 -- fqdn: node-736.domain.tld + swift_zone: '129' + uid: '129' + user_node_name: node-129 +- fqdn: node-130.test.domain.local internal_address: 192.168.0.7 internal_netmask: 255.255.255.0 - name: node-736 - role: mongo + name: node-130 + role: ceph-osd storage_address: 192.168.1.7 storage_netmask: 255.255.255.0 - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '130' + uid: '130' + user_node_name: node-130 +- fqdn: node-131.test.domain.local + internal_address: 192.168.0.4 + internal_netmask: 255.255.255.0 + name: node-131 + role: primary-mongo + storage_address: 192.168.1.4 + storage_netmask: 255.255.255.0 + swift_zone: '131' + uid: '131' + user_node_name: node-131 +- fqdn: node-132.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-132 + role: mongo + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '132' + uid: '132' + user_node_name: node-132 nova: - db_password: Kz189HhWN02ZUAe8nvY0t0FC - enable_hugepages: false + db_password: PVzZrklbvr2gHtJL4e8a0s6t state_path: /var/lib/nova - user_password: oMvZeE7RRAOsrUTYqkS3tSdm + user_password: f09qoLIdLU7oGLGFAGFNj1Ja nova_quota: false online: true openstack_version: newton-10.0 @@ -1034,7 +1040,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: 0U4hZMHZDgtHnVwPSuvZW3mz + password: PYRI8p75nGRMkBGgjlAvcQiu sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 192.168.2.0/24 @@ -1045,11 +1051,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1171,8 +1177,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1187,13 +1193,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: eMJorJqQ1HMFbkypwdUhouEb + passwd: wF5Kulr9K5ht8BEuIBOVQ6DG default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: kPtlHmCe5K7ndGYvKXOweEz5 + admin_password: phtXcgdXRmMafvZlNOj6hTOq metadata: - metadata_proxy_shared_secret: R7maXMRiZHBgmMEXaXZQRxV3 + metadata_proxy_shared_secret: oxbVqVac5jRx0AhdWjxg4J2x predefined_networks: admin_floating_net: L2: @@ -1227,7 +1233,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: X9IsCoHuKgys2l4GZL95MbYG + password: ov7dGMhyL8eR1ZdocMsVtCit release: attributes_metadata: editable: @@ -1335,6 +1341,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1417,6 +1466,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1837,6 +1898,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1871,8 +1935,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1949,11 +2011,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -2006,6 +2127,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2246,6 +2370,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2255,8 +2385,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2283,7 +2421,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2304,7 +2444,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2552,6 +2694,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2581,10 +2724,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2656,6 +2801,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2827,7 +2973,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2851,14 +2997,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - controller +run_ping_checker: true sahara: - db_password: PM3ymZ8WiF9RSbCrCgd6ymU9 + db_password: 4APOo0xTUZcZnCDbL7d30tjC enabled: true - user_password: 3KdRkNe5eAxoPxR4irc3jvvB + user_password: C2TKvFTJ6Vr0CCTLK0xsGK0x service_user: homedir: /var/lib/fuel metadata: @@ -2869,22 +3016,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: pLVuXVFa9C8k7hcCUVb1yWQr + password: 2eiAUTgtohRigYCRhzssNonM root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0eUhXAAAAABAA0KyotPMzzo0kg12tJcf1xg== - bootstrap_osd_key: AQC0eUhXAAAAABAAk7M7DH05JdsO8WRD31tOiw== + admin_key: AQCiB6NXAAAAABAAJpdEYCOSg4mm+Q3DvhzTYg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQCiB6NXAAAAABAA7ezVYgw+wco6h8LezEaUaA== ephemeral_ceph: true - fsid: 81099e45-f272-4954-8252-696863d84e46 + fsid: 1f77e0d5-dd4c-4254-a67f-41449f42b6c6 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0eUhXAAAAABAARk/bva9mdtRLaZ6CsnXToQ== + mon_key: AQCiB6NXAAAAABAA9qfH8vMq6+n6N2iLO7KfgQ== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2895,13 +3054,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0eUhXAAAAABAAqgFcyJYZu0IY+4J2+rsWew== + radosgw_key: AQCiB6NXAAAAABAA6wxyVYlUpMVvs9r0fpUiXQ== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: ROQ1xRVPVFShmjxplraXnPX9 + user_password: 2g77TlSldIdjCozj7BsRbKYS syslog: metadata: enabled: false @@ -2923,10 +3082,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '731' +uid: '129' use_cow_images: true use_vcenter: false -user_node_name: node-731 +user_node_name: node-129 vms_conf: [] workloads_collector: create_user: false @@ -2938,6 +3097,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 596PBfjB9KaTbfMykO2Ql54x + password: lvrXAFlB68qs9dmoTAd9EsNq tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.ceph.murano.sahara.ceil-mongo.yaml b/hiera/neut_tun.ceph.murano.sahara.ceil-mongo.yaml index c7b0205..5eadc5c 100644 --- a/hiera/neut_tun.ceph.murano.sahara.ceil-mongo.yaml +++ b/hiera/neut_tun.ceph.murano.sahara.ceil-mongo.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: TVnuHRoSLlNkCmruAvQUG8pE - user_password: gzmU2q6Qit6gBglybKb7xFoF + db_password: OhQJSjJm0wVaH1Zf4Cdhuc64 + user_password: rXzOBwcFZP95JzXoI7vRmBkr +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: 3TCG1UOCgksu31d0jUllc1ih + db_password: f93xXvBvhlSYE3JepvR0H7hb enabled: true - metering_secret: M24o7ZnNHH1bEjPAcMBGGkQs - user_password: pfhRar4G5gl9oXnjSwUjE6pq + metering_secret: dtptqyEA8eF2TrimNfON97sk + user_password: TIOxrbWzOKLdVx4j8wsEtYkn cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RFec66UQlk1OPwBmfSl8Qufi - fixed_key: 53b4f50eb158baa8d3f9684e868e4066bc51a5fab56ea9599cec482e6deb05d4 - user_password: c3BqXBRtapLgQYlEJ4KASP9y + db_password: 7w6TjwE9basxZfF4GGkQNk8s + fixed_key: 6b58b7cd6f88c4a928212d8293038d208071f9170baf5995ec42a6a5d836605e + user_password: 4HlkMZEZ9QlpNITzvh3h5qfZ cluster: changes: - name: attributes @@ -42,36 +52,36 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 730 + node_id: 129 - name: disks - node_id: 730 + node_id: 129 - name: interfaces - node_id: 731 + node_id: 126 - name: disks - node_id: 731 + node_id: 126 - name: interfaces - node_id: 732 + node_id: 127 - name: disks - node_id: 732 + node_id: 127 - name: interfaces - node_id: 733 + node_id: 128 - name: disks - node_id: 733 + node_id: 128 - name: interfaces - node_id: 734 + node_id: 130 - name: disks - node_id: 734 + node_id: 130 - name: interfaces - node_id: 735 + node_id: 131 - name: disks - node_id: 735 + node_id: 131 - name: interfaces - node_id: 736 + node_id: 132 - name: disks - node_id: 736 + node_id: 132 components: [] fuel_version: '10.0' - id: 40 + id: 15 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 40 +deployment_id: 15 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: false -fqdn: node-736.domain.tld +fqdn: node-132.test.domain.local fuel_version: '10.0' glance: - db_password: 5jX5psX0WDRcx0HH5VWVsrwJ + db_password: KaR8BEzKxumpu0jrZHZIfp3q image_cache_max_size: '0' - user_password: iwgWlXOVQDP1ybBvExa1SUpL + user_password: dqxfEsU22NH69XYHKSvoOZft glance_glare: - user_password: IxeiZptyqPwkvprrao2iFuTP + user_password: ZicOQetaAfLF5F35mfQaWeZI heat: - auth_encryption_key: f0952d91b1efb46d2a9d9fb10eb93e19 - db_password: 7cbWsxolRVe4PS29qv6ZI5Lv + auth_encryption_key: 6a57e1b2e402829f531ff7f45987aeef + db_password: OR2TU3cgCRbIW4n1Bn5Gik3b enabled: true - rabbit_password: s8Fv4HRy7d6SsdxXafXiWus9 - user_password: n0iLP2B2TZ2XeEH5oNWGjeX1 + rabbit_password: d3bsSu6TDQInNcqie7ZdQe2g + user_password: 7etzT4B5LOZlJuclPsPvF5of horizon: - secret_key: f4391974da0c0bc1d6c8ee82b1049935365a7ad604b7dbb240cdeb74252f31f1 + secret_key: 10e87c9effcb1eed518068e5af43d3917062992450204455209138a5eb33da6d ironic: - db_password: OQiahLeOfQWRhI8kCGG4ogTX + db_password: wHP0Cg5Q8ppz1AQvdzvI645b enabled: false - swift_tempurl_key: ATpw9THzwYMa1Lx5EpAm66vi - user_password: OFqH3jHPEyyBnuX3owXmloYI + swift_tempurl_key: gZacdW69BTAV9qZLdiYfewbW + user_password: N834zgKKpxSP07HX6LoNo2F1 kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: 6OgCNCpNZsRPtBQt91NSxyJ8 - db_password: pPdhfiOsEA7fHGwVs3sGGMoQ -last_controller: node-731 + admin_token: JFdL4xwDqvZgM1MMhzJFNxbl + db_password: ZJojiaj5wfCAMavNMU7wmgwH +last_controller: node-129 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: yPfazptrewWnKKPPqaQc06ye + db_password: wXQid97d9hM3coUvX8TfAlur enabled: true - rabbit_password: FAHLmPxu3Au8ZEUXHzCH5ZVv - user_password: K6MTgsvNHJckQbue9JlhWTtT + rabbit_password: 0dgbRU3ZxJko7OEqCaV8ZTas + user_password: 1Vh14W5MDxid2mW8N0jAPlSK murano-cfapi: - db_password: 1gQ7AGWIzNyrp7I0GClXeql0 + db_password: niVR5w3OzkwVSKHKbGeMcNKc enabled: false - rabbit_password: rt8WggTS9AwB1bdmkbHo99wz - user_password: jrVg0vMxlokzUOUzTzA2oGi8 + rabbit_password: riHKhQgDmNjsGd9DgQcBK2FU + user_password: JzebRmfzUpB8KyhiPWCb8i9j murano_settings: metadata: group: openstack_services @@ -205,204 +212,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: nrOg6S3o5Ho5Ec09ksVKQmHq - wsrep_password: n11lhXNzDvQnjMToIhSi1snG + root_password: jbCMP5VtxAvItyOywOOhV1Pb + wsrep_password: gkHPIpKcgXQLDILYlthWNGWi network_metadata: nodes: - node-730: - fqdn: node-730.domain.tld - name: node-730 + node-126: + fqdn: node-126.test.domain.local + name: node-126 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 - neutron/floating: null - neutron/mesh: 192.168.2.3 - neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '730' - uid: '730' - user_node_name: node-730 - node-731: - fqdn: node-731.domain.tld - name: node-731 - network_roles: - admin/pxe: 10.145.0.101 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/radosgw: 172.16.0.2 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - ex: 172.16.0.2 - fw-admin: 10.145.0.101 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/mesh: 192.168.2.1 - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - public/vip: 172.16.0.2 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '731' - uid: '731' - user_node_name: node-731 - node-732: - fqdn: node-732.domain.tld - name: node-732 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.4 - ceilometer/api: 192.168.0.4 - ceph/public: 192.168.1.4 - ceph/replication: 192.168.1.4 - cinder/api: 192.168.0.4 - cinder/iscsi: 192.168.1.4 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.4 - glance/glare: 192.168.0.4 - heat/api: 192.168.0.4 - horizon: 192.168.0.4 - ironic/api: 192.168.0.4 - keystone/api: 192.168.0.4 - management: 192.168.0.4 - mgmt/corosync: 192.168.0.4 - mgmt/database: 192.168.0.4 - mgmt/memcache: 192.168.0.4 - mgmt/messaging: 192.168.0.4 - mgmt/vip: 192.168.0.4 - mongo/db: 192.168.0.4 - murano/api: 192.168.0.4 - murano/cfapi: 192.168.0.4 - neutron/api: 192.168.0.4 - neutron/floating: null - neutron/mesh: 192.168.2.4 - neutron/private: null - nova/api: 192.168.0.4 - nova/migration: 192.168.0.4 - sahara/api: 192.168.0.4 - storage: 192.168.1.4 - swift/api: 192.168.0.4 - swift/replication: 192.168.1.4 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '732' - uid: '732' - user_node_name: node-732 - node-733: - fqdn: node-733.domain.tld - name: node-733 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/mesh: 192.168.2.2 - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '733' - uid: '733' - user_node_name: node-733 - node-734: - fqdn: node-734.domain.tld - name: node-734 - network_roles: - admin/pxe: 10.145.0.104 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.6 ceilometer/api: 192.168.0.6 ceph/public: 192.168.1.6 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.6 cinder/api: 192.168.0.6 cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 + ex: 172.16.0.3 + fw-admin: 10.109.15.100 glance/api: 192.168.0.6 glance/glare: 192.168.0.6 heat/api: 192.168.0.6 @@ -424,29 +251,74 @@ network_metadata: neutron/private: null nova/api: 192.168.0.6 nova/migration: 192.168.0.6 + public/vip: 172.16.0.3 sahara/api: 192.168.0.6 storage: 192.168.1.6 swift/api: 192.168.0.6 swift/replication: 192.168.1.6 node_roles: - - ceph-osd + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '734' - uid: '734' - user_node_name: node-734 - node-735: - fqdn: node-735.domain.tld - name: node-735 + swift_zone: '126' + uid: '126' + user_node_name: node-126 + node-127: + fqdn: node-127.test.domain.local + name: node-127 network_roles: - admin/pxe: 10.145.0.105 + admin/pxe: 10.109.15.101 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + fw-admin: 10.109.15.101 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 + neutron/floating: null + neutron/mesh: 192.168.2.3 + neutron/private: null + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '127' + uid: '127' + user_node_name: node-127 + node-128: + fqdn: node-128.test.domain.local + name: node-128 + network_roles: + admin/pxe: 10.109.15.102 aodh/api: 192.168.0.5 ceilometer/api: 192.168.0.5 ceph/public: 192.168.1.5 ceph/replication: 192.168.1.5 cinder/api: 192.168.0.5 cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 + fw-admin: 10.109.15.102 glance/api: 192.168.0.5 glance/glare: 192.168.0.5 heat/api: 192.168.0.5 @@ -473,24 +345,71 @@ network_metadata: swift/api: 192.168.0.5 swift/replication: 192.168.1.5 node_roles: - - primary-mongo + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '735' - uid: '735' - user_node_name: node-735 - node-736: - fqdn: node-736.domain.tld - name: node-736 + swift_zone: '128' + uid: '128' + user_node_name: node-128 + node-129: + fqdn: node-129.test.domain.local + name: node-129 network_roles: - admin/pxe: 10.145.0.106 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + ex: 172.16.0.2 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/mesh: 192.168.2.2 + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '129' + uid: '129' + user_node_name: node-129 + node-130: + fqdn: node-130.test.domain.local + name: node-130 + network_roles: + admin/pxe: 10.109.15.104 aodh/api: 192.168.0.7 ceilometer/api: 192.168.0.7 ceph/public: 192.168.1.7 ceph/replication: 192.168.1.7 cinder/api: 192.168.0.7 cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 + fw-admin: 10.109.15.104 glance/api: 192.168.0.7 glance/glare: 192.168.0.7 heat/api: 192.168.0.7 @@ -517,12 +436,100 @@ network_metadata: swift/api: 192.168.0.7 swift/replication: 192.168.1.7 node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '130' + uid: '130' + user_node_name: node-130 + node-131: + fqdn: node-131.test.domain.local + name: node-131 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.4 + ceilometer/api: 192.168.0.4 + ceph/public: 192.168.1.4 + ceph/replication: 192.168.1.4 + cinder/api: 192.168.0.4 + cinder/iscsi: 192.168.1.4 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.4 + glance/glare: 192.168.0.4 + heat/api: 192.168.0.4 + horizon: 192.168.0.4 + ironic/api: 192.168.0.4 + keystone/api: 192.168.0.4 + management: 192.168.0.4 + mgmt/corosync: 192.168.0.4 + mgmt/database: 192.168.0.4 + mgmt/memcache: 192.168.0.4 + mgmt/messaging: 192.168.0.4 + mgmt/vip: 192.168.0.4 + mongo/db: 192.168.0.4 + murano/api: 192.168.0.4 + murano/cfapi: 192.168.0.4 + neutron/api: 192.168.0.4 + neutron/floating: null + neutron/mesh: 192.168.2.4 + neutron/private: null + nova/api: 192.168.0.4 + nova/migration: 192.168.0.4 + sahara/api: 192.168.0.4 + storage: 192.168.1.4 + swift/api: 192.168.0.4 + swift/replication: 192.168.1.4 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '131' + uid: '131' + user_node_name: node-131 + node-132: + fqdn: node-132.test.domain.local + name: node-132 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/mesh: 192.168.2.1 + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '132' + uid: '132' + user_node_name: node-132 vips: management: ipaddr: 192.168.0.9 @@ -569,19 +576,19 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.106/24 - gateway: 10.145.0.1 + - 10.109.15.106/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - - 192.168.2.7/24 + - 192.168.2.1/24 br-mgmt: IP: - - 192.168.0.7/24 + - 192.168.0.1/24 br-storage: IP: - - 192.168.1.7/24 + - 192.168.1.1/24 interfaces: enp0s3: vendor_specific: @@ -849,85 +856,84 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-730.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-126.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-730 + name: node-126 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: primary-controller + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '126' + uid: '126' + user_node_name: node-126 +- fqdn: node-127.test.domain.local + internal_address: 192.168.0.3 + internal_netmask: 255.255.255.0 + name: node-127 + role: compute storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '730' - uid: '730' - user_node_name: node-730 -- fqdn: node-731.domain.tld - internal_address: 192.168.0.1 + swift_zone: '127' + uid: '127' + user_node_name: node-127 +- fqdn: node-128.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-731 + name: node-128 + role: ceph-osd + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '128' + uid: '128' + user_node_name: node-128 +- fqdn: node-129.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-129 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '731' - uid: '731' - user_node_name: node-731 -- fqdn: node-732.domain.tld - internal_address: 192.168.0.4 - internal_netmask: 255.255.255.0 - name: node-732 - role: compute - storage_address: 192.168.1.4 - storage_netmask: 255.255.255.0 - swift_zone: '732' - uid: '732' - user_node_name: node-732 -- fqdn: node-733.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-733 - role: ceph-osd storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '733' - uid: '733' - user_node_name: node-733 -- fqdn: node-734.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-734 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '734' - uid: '734' - user_node_name: node-734 -- fqdn: node-735.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-735 - role: primary-mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '735' - uid: '735' - user_node_name: node-735 -- fqdn: node-736.domain.tld + swift_zone: '129' + uid: '129' + user_node_name: node-129 +- fqdn: node-130.test.domain.local internal_address: 192.168.0.7 internal_netmask: 255.255.255.0 - name: node-736 - role: mongo + name: node-130 + role: ceph-osd storage_address: 192.168.1.7 storage_netmask: 255.255.255.0 - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '130' + uid: '130' + user_node_name: node-130 +- fqdn: node-131.test.domain.local + internal_address: 192.168.0.4 + internal_netmask: 255.255.255.0 + name: node-131 + role: primary-mongo + storage_address: 192.168.1.4 + storage_netmask: 255.255.255.0 + swift_zone: '131' + uid: '131' + user_node_name: node-131 +- fqdn: node-132.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-132 + role: mongo + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '132' + uid: '132' + user_node_name: node-132 nova: - db_password: Kz189HhWN02ZUAe8nvY0t0FC - enable_hugepages: false + db_password: PVzZrklbvr2gHtJL4e8a0s6t state_path: /var/lib/nova - user_password: oMvZeE7RRAOsrUTYqkS3tSdm + user_password: f09qoLIdLU7oGLGFAGFNj1Ja nova_quota: false online: true openstack_version: newton-10.0 @@ -939,7 +945,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: 0U4hZMHZDgtHnVwPSuvZW3mz + password: PYRI8p75nGRMkBGgjlAvcQiu sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 192.168.2.0/24 @@ -950,11 +956,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1076,8 +1082,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1092,13 +1098,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: eMJorJqQ1HMFbkypwdUhouEb + passwd: wF5Kulr9K5ht8BEuIBOVQ6DG default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: kPtlHmCe5K7ndGYvKXOweEz5 + admin_password: phtXcgdXRmMafvZlNOj6hTOq metadata: - metadata_proxy_shared_secret: R7maXMRiZHBgmMEXaXZQRxV3 + metadata_proxy_shared_secret: oxbVqVac5jRx0AhdWjxg4J2x predefined_networks: admin_floating_net: L2: @@ -1132,7 +1138,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: X9IsCoHuKgys2l4GZL95MbYG + password: ov7dGMhyL8eR1ZdocMsVtCit release: attributes_metadata: editable: @@ -1240,6 +1246,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1322,6 +1371,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1742,6 +1803,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1776,8 +1840,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1854,11 +1916,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1911,6 +2032,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2151,6 +2275,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2160,8 +2290,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2188,7 +2326,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2209,7 +2349,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2457,6 +2599,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2486,10 +2629,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2561,6 +2706,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2732,7 +2878,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2756,14 +2902,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - mongo +run_ping_checker: true sahara: - db_password: PM3ymZ8WiF9RSbCrCgd6ymU9 + db_password: 4APOo0xTUZcZnCDbL7d30tjC enabled: true - user_password: 3KdRkNe5eAxoPxR4irc3jvvB + user_password: C2TKvFTJ6Vr0CCTLK0xsGK0x service_user: homedir: /var/lib/fuel metadata: @@ -2774,22 +2921,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: pLVuXVFa9C8k7hcCUVb1yWQr + password: 2eiAUTgtohRigYCRhzssNonM root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0eUhXAAAAABAA0KyotPMzzo0kg12tJcf1xg== - bootstrap_osd_key: AQC0eUhXAAAAABAAk7M7DH05JdsO8WRD31tOiw== + admin_key: AQCiB6NXAAAAABAAJpdEYCOSg4mm+Q3DvhzTYg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQCiB6NXAAAAABAA7ezVYgw+wco6h8LezEaUaA== ephemeral_ceph: true - fsid: 81099e45-f272-4954-8252-696863d84e46 + fsid: 1f77e0d5-dd4c-4254-a67f-41449f42b6c6 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0eUhXAAAAABAARk/bva9mdtRLaZ6CsnXToQ== + mon_key: AQCiB6NXAAAAABAA9qfH8vMq6+n6N2iLO7KfgQ== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2800,13 +2959,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0eUhXAAAAABAAqgFcyJYZu0IY+4J2+rsWew== + radosgw_key: AQCiB6NXAAAAABAA6wxyVYlUpMVvs9r0fpUiXQ== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: ROQ1xRVPVFShmjxplraXnPX9 + user_password: 2g77TlSldIdjCozj7BsRbKYS syslog: metadata: enabled: false @@ -2828,10 +2987,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '736' +uid: '132' use_cow_images: true use_vcenter: false -user_node_name: node-736 +user_node_name: node-132 vms_conf: [] workloads_collector: create_user: false @@ -2843,6 +3002,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 596PBfjB9KaTbfMykO2Ql54x + password: lvrXAFlB68qs9dmoTAd9EsNq tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.ceph.murano.sahara.ceil-primary-controller.yaml b/hiera/neut_tun.ceph.murano.sahara.ceil-primary-controller.yaml index 5b52bbc..5ee1083 100644 --- a/hiera/neut_tun.ceph.murano.sahara.ceil-primary-controller.yaml +++ b/hiera/neut_tun.ceph.murano.sahara.ceil-primary-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: TVnuHRoSLlNkCmruAvQUG8pE - user_password: gzmU2q6Qit6gBglybKb7xFoF + db_password: OhQJSjJm0wVaH1Zf4Cdhuc64 + user_password: rXzOBwcFZP95JzXoI7vRmBkr +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: 3TCG1UOCgksu31d0jUllc1ih + db_password: f93xXvBvhlSYE3JepvR0H7hb enabled: true - metering_secret: M24o7ZnNHH1bEjPAcMBGGkQs - user_password: pfhRar4G5gl9oXnjSwUjE6pq + metering_secret: dtptqyEA8eF2TrimNfON97sk + user_password: TIOxrbWzOKLdVx4j8wsEtYkn cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RFec66UQlk1OPwBmfSl8Qufi - fixed_key: 53b4f50eb158baa8d3f9684e868e4066bc51a5fab56ea9599cec482e6deb05d4 - user_password: c3BqXBRtapLgQYlEJ4KASP9y + db_password: 7w6TjwE9basxZfF4GGkQNk8s + fixed_key: 6b58b7cd6f88c4a928212d8293038d208071f9170baf5995ec42a6a5d836605e + user_password: 4HlkMZEZ9QlpNITzvh3h5qfZ cluster: changes: - name: attributes @@ -42,36 +52,36 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 730 + node_id: 129 - name: disks - node_id: 730 + node_id: 129 - name: interfaces - node_id: 731 + node_id: 126 - name: disks - node_id: 731 + node_id: 126 - name: interfaces - node_id: 732 + node_id: 127 - name: disks - node_id: 732 + node_id: 127 - name: interfaces - node_id: 733 + node_id: 128 - name: disks - node_id: 733 + node_id: 128 - name: interfaces - node_id: 734 + node_id: 130 - name: disks - node_id: 734 + node_id: 130 - name: interfaces - node_id: 735 + node_id: 131 - name: disks - node_id: 735 + node_id: 131 - name: interfaces - node_id: 736 + node_id: 132 - name: disks - node_id: 736 + node_id: 132 components: [] fuel_version: '10.0' - id: 40 + id: 15 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 40 +deployment_id: 15 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-730.domain.tld +fqdn: node-126.test.domain.local fuel_version: '10.0' glance: - db_password: 5jX5psX0WDRcx0HH5VWVsrwJ + db_password: KaR8BEzKxumpu0jrZHZIfp3q image_cache_max_size: '0' - user_password: iwgWlXOVQDP1ybBvExa1SUpL + user_password: dqxfEsU22NH69XYHKSvoOZft glance_glare: - user_password: IxeiZptyqPwkvprrao2iFuTP + user_password: ZicOQetaAfLF5F35mfQaWeZI heat: - auth_encryption_key: f0952d91b1efb46d2a9d9fb10eb93e19 - db_password: 7cbWsxolRVe4PS29qv6ZI5Lv + auth_encryption_key: 6a57e1b2e402829f531ff7f45987aeef + db_password: OR2TU3cgCRbIW4n1Bn5Gik3b enabled: true - rabbit_password: s8Fv4HRy7d6SsdxXafXiWus9 - user_password: n0iLP2B2TZ2XeEH5oNWGjeX1 + rabbit_password: d3bsSu6TDQInNcqie7ZdQe2g + user_password: 7etzT4B5LOZlJuclPsPvF5of horizon: - secret_key: f4391974da0c0bc1d6c8ee82b1049935365a7ad604b7dbb240cdeb74252f31f1 + secret_key: 10e87c9effcb1eed518068e5af43d3917062992450204455209138a5eb33da6d ironic: - db_password: OQiahLeOfQWRhI8kCGG4ogTX + db_password: wHP0Cg5Q8ppz1AQvdzvI645b enabled: false - swift_tempurl_key: ATpw9THzwYMa1Lx5EpAm66vi - user_password: OFqH3jHPEyyBnuX3owXmloYI + swift_tempurl_key: gZacdW69BTAV9qZLdiYfewbW + user_password: N834zgKKpxSP07HX6LoNo2F1 kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: 6OgCNCpNZsRPtBQt91NSxyJ8 - db_password: pPdhfiOsEA7fHGwVs3sGGMoQ -last_controller: node-731 + admin_token: JFdL4xwDqvZgM1MMhzJFNxbl + db_password: ZJojiaj5wfCAMavNMU7wmgwH +last_controller: node-129 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: yPfazptrewWnKKPPqaQc06ye + db_password: wXQid97d9hM3coUvX8TfAlur enabled: true - rabbit_password: FAHLmPxu3Au8ZEUXHzCH5ZVv - user_password: K6MTgsvNHJckQbue9JlhWTtT + rabbit_password: 0dgbRU3ZxJko7OEqCaV8ZTas + user_password: 1Vh14W5MDxid2mW8N0jAPlSK murano-cfapi: - db_password: 1gQ7AGWIzNyrp7I0GClXeql0 + db_password: niVR5w3OzkwVSKHKbGeMcNKc enabled: false - rabbit_password: rt8WggTS9AwB1bdmkbHo99wz - user_password: jrVg0vMxlokzUOUzTzA2oGi8 + rabbit_password: riHKhQgDmNjsGd9DgQcBK2FU + user_password: JzebRmfzUpB8KyhiPWCb8i9j murano_settings: metadata: group: openstack_services @@ -205,204 +212,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: nrOg6S3o5Ho5Ec09ksVKQmHq - wsrep_password: n11lhXNzDvQnjMToIhSi1snG + root_password: jbCMP5VtxAvItyOywOOhV1Pb + wsrep_password: gkHPIpKcgXQLDILYlthWNGWi network_metadata: nodes: - node-730: - fqdn: node-730.domain.tld - name: node-730 + node-126: + fqdn: node-126.test.domain.local + name: node-126 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 - neutron/floating: null - neutron/mesh: 192.168.2.3 - neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '730' - uid: '730' - user_node_name: node-730 - node-731: - fqdn: node-731.domain.tld - name: node-731 - network_roles: - admin/pxe: 10.145.0.101 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/radosgw: 172.16.0.2 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - ex: 172.16.0.2 - fw-admin: 10.145.0.101 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/mesh: 192.168.2.1 - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - public/vip: 172.16.0.2 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '731' - uid: '731' - user_node_name: node-731 - node-732: - fqdn: node-732.domain.tld - name: node-732 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.4 - ceilometer/api: 192.168.0.4 - ceph/public: 192.168.1.4 - ceph/replication: 192.168.1.4 - cinder/api: 192.168.0.4 - cinder/iscsi: 192.168.1.4 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.4 - glance/glare: 192.168.0.4 - heat/api: 192.168.0.4 - horizon: 192.168.0.4 - ironic/api: 192.168.0.4 - keystone/api: 192.168.0.4 - management: 192.168.0.4 - mgmt/corosync: 192.168.0.4 - mgmt/database: 192.168.0.4 - mgmt/memcache: 192.168.0.4 - mgmt/messaging: 192.168.0.4 - mgmt/vip: 192.168.0.4 - mongo/db: 192.168.0.4 - murano/api: 192.168.0.4 - murano/cfapi: 192.168.0.4 - neutron/api: 192.168.0.4 - neutron/floating: null - neutron/mesh: 192.168.2.4 - neutron/private: null - nova/api: 192.168.0.4 - nova/migration: 192.168.0.4 - sahara/api: 192.168.0.4 - storage: 192.168.1.4 - swift/api: 192.168.0.4 - swift/replication: 192.168.1.4 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '732' - uid: '732' - user_node_name: node-732 - node-733: - fqdn: node-733.domain.tld - name: node-733 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/mesh: 192.168.2.2 - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '733' - uid: '733' - user_node_name: node-733 - node-734: - fqdn: node-734.domain.tld - name: node-734 - network_roles: - admin/pxe: 10.145.0.104 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.6 ceilometer/api: 192.168.0.6 ceph/public: 192.168.1.6 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.6 cinder/api: 192.168.0.6 cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 + ex: 172.16.0.3 + fw-admin: 10.109.15.100 glance/api: 192.168.0.6 glance/glare: 192.168.0.6 heat/api: 192.168.0.6 @@ -424,29 +251,74 @@ network_metadata: neutron/private: null nova/api: 192.168.0.6 nova/migration: 192.168.0.6 + public/vip: 172.16.0.3 sahara/api: 192.168.0.6 storage: 192.168.1.6 swift/api: 192.168.0.6 swift/replication: 192.168.1.6 node_roles: - - ceph-osd + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '734' - uid: '734' - user_node_name: node-734 - node-735: - fqdn: node-735.domain.tld - name: node-735 + swift_zone: '126' + uid: '126' + user_node_name: node-126 + node-127: + fqdn: node-127.test.domain.local + name: node-127 network_roles: - admin/pxe: 10.145.0.105 + admin/pxe: 10.109.15.101 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + fw-admin: 10.109.15.101 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 + neutron/floating: null + neutron/mesh: 192.168.2.3 + neutron/private: null + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '127' + uid: '127' + user_node_name: node-127 + node-128: + fqdn: node-128.test.domain.local + name: node-128 + network_roles: + admin/pxe: 10.109.15.102 aodh/api: 192.168.0.5 ceilometer/api: 192.168.0.5 ceph/public: 192.168.1.5 ceph/replication: 192.168.1.5 cinder/api: 192.168.0.5 cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 + fw-admin: 10.109.15.102 glance/api: 192.168.0.5 glance/glare: 192.168.0.5 heat/api: 192.168.0.5 @@ -473,24 +345,71 @@ network_metadata: swift/api: 192.168.0.5 swift/replication: 192.168.1.5 node_roles: - - primary-mongo + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '735' - uid: '735' - user_node_name: node-735 - node-736: - fqdn: node-736.domain.tld - name: node-736 + swift_zone: '128' + uid: '128' + user_node_name: node-128 + node-129: + fqdn: node-129.test.domain.local + name: node-129 network_roles: - admin/pxe: 10.145.0.106 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + ex: 172.16.0.2 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/mesh: 192.168.2.2 + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '129' + uid: '129' + user_node_name: node-129 + node-130: + fqdn: node-130.test.domain.local + name: node-130 + network_roles: + admin/pxe: 10.109.15.104 aodh/api: 192.168.0.7 ceilometer/api: 192.168.0.7 ceph/public: 192.168.1.7 ceph/replication: 192.168.1.7 cinder/api: 192.168.0.7 cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 + fw-admin: 10.109.15.104 glance/api: 192.168.0.7 glance/glare: 192.168.0.7 heat/api: 192.168.0.7 @@ -517,12 +436,100 @@ network_metadata: swift/api: 192.168.0.7 swift/replication: 192.168.1.7 node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '130' + uid: '130' + user_node_name: node-130 + node-131: + fqdn: node-131.test.domain.local + name: node-131 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.4 + ceilometer/api: 192.168.0.4 + ceph/public: 192.168.1.4 + ceph/replication: 192.168.1.4 + cinder/api: 192.168.0.4 + cinder/iscsi: 192.168.1.4 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.4 + glance/glare: 192.168.0.4 + heat/api: 192.168.0.4 + horizon: 192.168.0.4 + ironic/api: 192.168.0.4 + keystone/api: 192.168.0.4 + management: 192.168.0.4 + mgmt/corosync: 192.168.0.4 + mgmt/database: 192.168.0.4 + mgmt/memcache: 192.168.0.4 + mgmt/messaging: 192.168.0.4 + mgmt/vip: 192.168.0.4 + mongo/db: 192.168.0.4 + murano/api: 192.168.0.4 + murano/cfapi: 192.168.0.4 + neutron/api: 192.168.0.4 + neutron/floating: null + neutron/mesh: 192.168.2.4 + neutron/private: null + nova/api: 192.168.0.4 + nova/migration: 192.168.0.4 + sahara/api: 192.168.0.4 + storage: 192.168.1.4 + swift/api: 192.168.0.4 + swift/replication: 192.168.1.4 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '131' + uid: '131' + user_node_name: node-131 + node-132: + fqdn: node-132.test.domain.local + name: node-132 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/mesh: 192.168.2.1 + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '132' + uid: '132' + user_node_name: node-132 vips: management: ipaddr: 192.168.0.9 @@ -577,18 +584,18 @@ network_scheme: IP: none br-fw-admin: IP: - - 10.145.0.100/24 + - 10.109.15.100/24 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - - 192.168.2.3/24 + - 192.168.2.6/24 br-mgmt: IP: - - 192.168.0.3/24 + - 192.168.0.6/24 br-storage: IP: - - 192.168.1.3/24 + - 192.168.1.6/24 interfaces: enp0s3: vendor_specific: @@ -944,85 +951,84 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-730.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-126.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-730 + name: node-126 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: primary-controller + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '126' + uid: '126' + user_node_name: node-126 +- fqdn: node-127.test.domain.local + internal_address: 192.168.0.3 + internal_netmask: 255.255.255.0 + name: node-127 + role: compute storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '730' - uid: '730' - user_node_name: node-730 -- fqdn: node-731.domain.tld - internal_address: 192.168.0.1 + swift_zone: '127' + uid: '127' + user_node_name: node-127 +- fqdn: node-128.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-731 + name: node-128 + role: ceph-osd + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '128' + uid: '128' + user_node_name: node-128 +- fqdn: node-129.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-129 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '731' - uid: '731' - user_node_name: node-731 -- fqdn: node-732.domain.tld - internal_address: 192.168.0.4 - internal_netmask: 255.255.255.0 - name: node-732 - role: compute - storage_address: 192.168.1.4 - storage_netmask: 255.255.255.0 - swift_zone: '732' - uid: '732' - user_node_name: node-732 -- fqdn: node-733.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-733 - role: ceph-osd storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '733' - uid: '733' - user_node_name: node-733 -- fqdn: node-734.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-734 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '734' - uid: '734' - user_node_name: node-734 -- fqdn: node-735.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-735 - role: primary-mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '735' - uid: '735' - user_node_name: node-735 -- fqdn: node-736.domain.tld + swift_zone: '129' + uid: '129' + user_node_name: node-129 +- fqdn: node-130.test.domain.local internal_address: 192.168.0.7 internal_netmask: 255.255.255.0 - name: node-736 - role: mongo + name: node-130 + role: ceph-osd storage_address: 192.168.1.7 storage_netmask: 255.255.255.0 - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '130' + uid: '130' + user_node_name: node-130 +- fqdn: node-131.test.domain.local + internal_address: 192.168.0.4 + internal_netmask: 255.255.255.0 + name: node-131 + role: primary-mongo + storage_address: 192.168.1.4 + storage_netmask: 255.255.255.0 + swift_zone: '131' + uid: '131' + user_node_name: node-131 +- fqdn: node-132.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-132 + role: mongo + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '132' + uid: '132' + user_node_name: node-132 nova: - db_password: Kz189HhWN02ZUAe8nvY0t0FC - enable_hugepages: false + db_password: PVzZrklbvr2gHtJL4e8a0s6t state_path: /var/lib/nova - user_password: oMvZeE7RRAOsrUTYqkS3tSdm + user_password: f09qoLIdLU7oGLGFAGFNj1Ja nova_quota: false online: true openstack_version: newton-10.0 @@ -1034,7 +1040,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: 0U4hZMHZDgtHnVwPSuvZW3mz + password: PYRI8p75nGRMkBGgjlAvcQiu sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 192.168.2.0/24 @@ -1045,11 +1051,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1171,8 +1177,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1187,13 +1193,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: eMJorJqQ1HMFbkypwdUhouEb + passwd: wF5Kulr9K5ht8BEuIBOVQ6DG default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: kPtlHmCe5K7ndGYvKXOweEz5 + admin_password: phtXcgdXRmMafvZlNOj6hTOq metadata: - metadata_proxy_shared_secret: R7maXMRiZHBgmMEXaXZQRxV3 + metadata_proxy_shared_secret: oxbVqVac5jRx0AhdWjxg4J2x predefined_networks: admin_floating_net: L2: @@ -1227,7 +1233,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: X9IsCoHuKgys2l4GZL95MbYG + password: ov7dGMhyL8eR1ZdocMsVtCit release: attributes_metadata: editable: @@ -1335,6 +1341,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1417,6 +1466,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1837,6 +1898,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1871,8 +1935,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1949,11 +2011,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -2006,6 +2127,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2246,6 +2370,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2255,8 +2385,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2283,7 +2421,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2304,7 +2444,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2552,6 +2694,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2581,10 +2724,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2656,6 +2801,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2827,7 +2973,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2851,14 +2997,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-controller +run_ping_checker: true sahara: - db_password: PM3ymZ8WiF9RSbCrCgd6ymU9 + db_password: 4APOo0xTUZcZnCDbL7d30tjC enabled: true - user_password: 3KdRkNe5eAxoPxR4irc3jvvB + user_password: C2TKvFTJ6Vr0CCTLK0xsGK0x service_user: homedir: /var/lib/fuel metadata: @@ -2869,22 +3016,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: pLVuXVFa9C8k7hcCUVb1yWQr + password: 2eiAUTgtohRigYCRhzssNonM root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0eUhXAAAAABAA0KyotPMzzo0kg12tJcf1xg== - bootstrap_osd_key: AQC0eUhXAAAAABAAk7M7DH05JdsO8WRD31tOiw== + admin_key: AQCiB6NXAAAAABAAJpdEYCOSg4mm+Q3DvhzTYg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQCiB6NXAAAAABAA7ezVYgw+wco6h8LezEaUaA== ephemeral_ceph: true - fsid: 81099e45-f272-4954-8252-696863d84e46 + fsid: 1f77e0d5-dd4c-4254-a67f-41449f42b6c6 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0eUhXAAAAABAARk/bva9mdtRLaZ6CsnXToQ== + mon_key: AQCiB6NXAAAAABAA9qfH8vMq6+n6N2iLO7KfgQ== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2895,13 +3054,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0eUhXAAAAABAAqgFcyJYZu0IY+4J2+rsWew== + radosgw_key: AQCiB6NXAAAAABAA6wxyVYlUpMVvs9r0fpUiXQ== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: ROQ1xRVPVFShmjxplraXnPX9 + user_password: 2g77TlSldIdjCozj7BsRbKYS syslog: metadata: enabled: false @@ -2923,10 +3082,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '730' +uid: '126' use_cow_images: true use_vcenter: false -user_node_name: node-730 +user_node_name: node-126 vms_conf: [] workloads_collector: create_user: false @@ -2938,6 +3097,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 596PBfjB9KaTbfMykO2Ql54x + password: lvrXAFlB68qs9dmoTAd9EsNq tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.ceph.murano.sahara.ceil-primary-mongo.yaml b/hiera/neut_tun.ceph.murano.sahara.ceil-primary-mongo.yaml index d7d00c3..6ed96ab 100644 --- a/hiera/neut_tun.ceph.murano.sahara.ceil-primary-mongo.yaml +++ b/hiera/neut_tun.ceph.murano.sahara.ceil-primary-mongo.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: TVnuHRoSLlNkCmruAvQUG8pE - user_password: gzmU2q6Qit6gBglybKb7xFoF + db_password: OhQJSjJm0wVaH1Zf4Cdhuc64 + user_password: rXzOBwcFZP95JzXoI7vRmBkr +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: 3TCG1UOCgksu31d0jUllc1ih + db_password: f93xXvBvhlSYE3JepvR0H7hb enabled: true - metering_secret: M24o7ZnNHH1bEjPAcMBGGkQs - user_password: pfhRar4G5gl9oXnjSwUjE6pq + metering_secret: dtptqyEA8eF2TrimNfON97sk + user_password: TIOxrbWzOKLdVx4j8wsEtYkn cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RFec66UQlk1OPwBmfSl8Qufi - fixed_key: 53b4f50eb158baa8d3f9684e868e4066bc51a5fab56ea9599cec482e6deb05d4 - user_password: c3BqXBRtapLgQYlEJ4KASP9y + db_password: 7w6TjwE9basxZfF4GGkQNk8s + fixed_key: 6b58b7cd6f88c4a928212d8293038d208071f9170baf5995ec42a6a5d836605e + user_password: 4HlkMZEZ9QlpNITzvh3h5qfZ cluster: changes: - name: attributes @@ -42,36 +52,36 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 730 + node_id: 129 - name: disks - node_id: 730 + node_id: 129 - name: interfaces - node_id: 731 + node_id: 126 - name: disks - node_id: 731 + node_id: 126 - name: interfaces - node_id: 732 + node_id: 127 - name: disks - node_id: 732 + node_id: 127 - name: interfaces - node_id: 733 + node_id: 128 - name: disks - node_id: 733 + node_id: 128 - name: interfaces - node_id: 734 + node_id: 130 - name: disks - node_id: 734 + node_id: 130 - name: interfaces - node_id: 735 + node_id: 131 - name: disks - node_id: 735 + node_id: 131 - name: interfaces - node_id: 736 + node_id: 132 - name: disks - node_id: 736 + node_id: 132 components: [] fuel_version: '10.0' - id: 40 + id: 15 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 40 +deployment_id: 15 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-735.domain.tld +fqdn: node-131.test.domain.local fuel_version: '10.0' glance: - db_password: 5jX5psX0WDRcx0HH5VWVsrwJ + db_password: KaR8BEzKxumpu0jrZHZIfp3q image_cache_max_size: '0' - user_password: iwgWlXOVQDP1ybBvExa1SUpL + user_password: dqxfEsU22NH69XYHKSvoOZft glance_glare: - user_password: IxeiZptyqPwkvprrao2iFuTP + user_password: ZicOQetaAfLF5F35mfQaWeZI heat: - auth_encryption_key: f0952d91b1efb46d2a9d9fb10eb93e19 - db_password: 7cbWsxolRVe4PS29qv6ZI5Lv + auth_encryption_key: 6a57e1b2e402829f531ff7f45987aeef + db_password: OR2TU3cgCRbIW4n1Bn5Gik3b enabled: true - rabbit_password: s8Fv4HRy7d6SsdxXafXiWus9 - user_password: n0iLP2B2TZ2XeEH5oNWGjeX1 + rabbit_password: d3bsSu6TDQInNcqie7ZdQe2g + user_password: 7etzT4B5LOZlJuclPsPvF5of horizon: - secret_key: f4391974da0c0bc1d6c8ee82b1049935365a7ad604b7dbb240cdeb74252f31f1 + secret_key: 10e87c9effcb1eed518068e5af43d3917062992450204455209138a5eb33da6d ironic: - db_password: OQiahLeOfQWRhI8kCGG4ogTX + db_password: wHP0Cg5Q8ppz1AQvdzvI645b enabled: false - swift_tempurl_key: ATpw9THzwYMa1Lx5EpAm66vi - user_password: OFqH3jHPEyyBnuX3owXmloYI + swift_tempurl_key: gZacdW69BTAV9qZLdiYfewbW + user_password: N834zgKKpxSP07HX6LoNo2F1 kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: 6OgCNCpNZsRPtBQt91NSxyJ8 - db_password: pPdhfiOsEA7fHGwVs3sGGMoQ -last_controller: node-731 + admin_token: JFdL4xwDqvZgM1MMhzJFNxbl + db_password: ZJojiaj5wfCAMavNMU7wmgwH +last_controller: node-129 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: yPfazptrewWnKKPPqaQc06ye + db_password: wXQid97d9hM3coUvX8TfAlur enabled: true - rabbit_password: FAHLmPxu3Au8ZEUXHzCH5ZVv - user_password: K6MTgsvNHJckQbue9JlhWTtT + rabbit_password: 0dgbRU3ZxJko7OEqCaV8ZTas + user_password: 1Vh14W5MDxid2mW8N0jAPlSK murano-cfapi: - db_password: 1gQ7AGWIzNyrp7I0GClXeql0 + db_password: niVR5w3OzkwVSKHKbGeMcNKc enabled: false - rabbit_password: rt8WggTS9AwB1bdmkbHo99wz - user_password: jrVg0vMxlokzUOUzTzA2oGi8 + rabbit_password: riHKhQgDmNjsGd9DgQcBK2FU + user_password: JzebRmfzUpB8KyhiPWCb8i9j murano_settings: metadata: group: openstack_services @@ -205,204 +212,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: nrOg6S3o5Ho5Ec09ksVKQmHq - wsrep_password: n11lhXNzDvQnjMToIhSi1snG + root_password: jbCMP5VtxAvItyOywOOhV1Pb + wsrep_password: gkHPIpKcgXQLDILYlthWNGWi network_metadata: nodes: - node-730: - fqdn: node-730.domain.tld - name: node-730 + node-126: + fqdn: node-126.test.domain.local + name: node-126 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 - neutron/floating: null - neutron/mesh: 192.168.2.3 - neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '730' - uid: '730' - user_node_name: node-730 - node-731: - fqdn: node-731.domain.tld - name: node-731 - network_roles: - admin/pxe: 10.145.0.101 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/radosgw: 172.16.0.2 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - ex: 172.16.0.2 - fw-admin: 10.145.0.101 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/mesh: 192.168.2.1 - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - public/vip: 172.16.0.2 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '731' - uid: '731' - user_node_name: node-731 - node-732: - fqdn: node-732.domain.tld - name: node-732 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.4 - ceilometer/api: 192.168.0.4 - ceph/public: 192.168.1.4 - ceph/replication: 192.168.1.4 - cinder/api: 192.168.0.4 - cinder/iscsi: 192.168.1.4 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.4 - glance/glare: 192.168.0.4 - heat/api: 192.168.0.4 - horizon: 192.168.0.4 - ironic/api: 192.168.0.4 - keystone/api: 192.168.0.4 - management: 192.168.0.4 - mgmt/corosync: 192.168.0.4 - mgmt/database: 192.168.0.4 - mgmt/memcache: 192.168.0.4 - mgmt/messaging: 192.168.0.4 - mgmt/vip: 192.168.0.4 - mongo/db: 192.168.0.4 - murano/api: 192.168.0.4 - murano/cfapi: 192.168.0.4 - neutron/api: 192.168.0.4 - neutron/floating: null - neutron/mesh: 192.168.2.4 - neutron/private: null - nova/api: 192.168.0.4 - nova/migration: 192.168.0.4 - sahara/api: 192.168.0.4 - storage: 192.168.1.4 - swift/api: 192.168.0.4 - swift/replication: 192.168.1.4 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '732' - uid: '732' - user_node_name: node-732 - node-733: - fqdn: node-733.domain.tld - name: node-733 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/mesh: 192.168.2.2 - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '733' - uid: '733' - user_node_name: node-733 - node-734: - fqdn: node-734.domain.tld - name: node-734 - network_roles: - admin/pxe: 10.145.0.104 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.6 ceilometer/api: 192.168.0.6 ceph/public: 192.168.1.6 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.6 cinder/api: 192.168.0.6 cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 + ex: 172.16.0.3 + fw-admin: 10.109.15.100 glance/api: 192.168.0.6 glance/glare: 192.168.0.6 heat/api: 192.168.0.6 @@ -424,29 +251,74 @@ network_metadata: neutron/private: null nova/api: 192.168.0.6 nova/migration: 192.168.0.6 + public/vip: 172.16.0.3 sahara/api: 192.168.0.6 storage: 192.168.1.6 swift/api: 192.168.0.6 swift/replication: 192.168.1.6 node_roles: - - ceph-osd + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '734' - uid: '734' - user_node_name: node-734 - node-735: - fqdn: node-735.domain.tld - name: node-735 + swift_zone: '126' + uid: '126' + user_node_name: node-126 + node-127: + fqdn: node-127.test.domain.local + name: node-127 network_roles: - admin/pxe: 10.145.0.105 + admin/pxe: 10.109.15.101 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + fw-admin: 10.109.15.101 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 + neutron/floating: null + neutron/mesh: 192.168.2.3 + neutron/private: null + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '127' + uid: '127' + user_node_name: node-127 + node-128: + fqdn: node-128.test.domain.local + name: node-128 + network_roles: + admin/pxe: 10.109.15.102 aodh/api: 192.168.0.5 ceilometer/api: 192.168.0.5 ceph/public: 192.168.1.5 ceph/replication: 192.168.1.5 cinder/api: 192.168.0.5 cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 + fw-admin: 10.109.15.102 glance/api: 192.168.0.5 glance/glare: 192.168.0.5 heat/api: 192.168.0.5 @@ -473,24 +345,71 @@ network_metadata: swift/api: 192.168.0.5 swift/replication: 192.168.1.5 node_roles: - - primary-mongo + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '735' - uid: '735' - user_node_name: node-735 - node-736: - fqdn: node-736.domain.tld - name: node-736 + swift_zone: '128' + uid: '128' + user_node_name: node-128 + node-129: + fqdn: node-129.test.domain.local + name: node-129 network_roles: - admin/pxe: 10.145.0.106 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + ex: 172.16.0.2 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/mesh: 192.168.2.2 + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '129' + uid: '129' + user_node_name: node-129 + node-130: + fqdn: node-130.test.domain.local + name: node-130 + network_roles: + admin/pxe: 10.109.15.104 aodh/api: 192.168.0.7 ceilometer/api: 192.168.0.7 ceph/public: 192.168.1.7 ceph/replication: 192.168.1.7 cinder/api: 192.168.0.7 cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 + fw-admin: 10.109.15.104 glance/api: 192.168.0.7 glance/glare: 192.168.0.7 heat/api: 192.168.0.7 @@ -517,12 +436,100 @@ network_metadata: swift/api: 192.168.0.7 swift/replication: 192.168.1.7 node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '130' + uid: '130' + user_node_name: node-130 + node-131: + fqdn: node-131.test.domain.local + name: node-131 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.4 + ceilometer/api: 192.168.0.4 + ceph/public: 192.168.1.4 + ceph/replication: 192.168.1.4 + cinder/api: 192.168.0.4 + cinder/iscsi: 192.168.1.4 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.4 + glance/glare: 192.168.0.4 + heat/api: 192.168.0.4 + horizon: 192.168.0.4 + ironic/api: 192.168.0.4 + keystone/api: 192.168.0.4 + management: 192.168.0.4 + mgmt/corosync: 192.168.0.4 + mgmt/database: 192.168.0.4 + mgmt/memcache: 192.168.0.4 + mgmt/messaging: 192.168.0.4 + mgmt/vip: 192.168.0.4 + mongo/db: 192.168.0.4 + murano/api: 192.168.0.4 + murano/cfapi: 192.168.0.4 + neutron/api: 192.168.0.4 + neutron/floating: null + neutron/mesh: 192.168.2.4 + neutron/private: null + nova/api: 192.168.0.4 + nova/migration: 192.168.0.4 + sahara/api: 192.168.0.4 + storage: 192.168.1.4 + swift/api: 192.168.0.4 + swift/replication: 192.168.1.4 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '131' + uid: '131' + user_node_name: node-131 + node-132: + fqdn: node-132.test.domain.local + name: node-132 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/mesh: 192.168.2.1 + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '132' + uid: '132' + user_node_name: node-132 vips: management: ipaddr: 192.168.0.9 @@ -569,19 +576,19 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.105/24 - gateway: 10.145.0.1 + - 10.109.15.105/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - - 192.168.2.5/24 + - 192.168.2.4/24 br-mgmt: IP: - - 192.168.0.5/24 + - 192.168.0.4/24 br-storage: IP: - - 192.168.1.5/24 + - 192.168.1.4/24 interfaces: enp0s3: vendor_specific: @@ -849,85 +856,84 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-730.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-126.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-730 + name: node-126 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: primary-controller + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '126' + uid: '126' + user_node_name: node-126 +- fqdn: node-127.test.domain.local + internal_address: 192.168.0.3 + internal_netmask: 255.255.255.0 + name: node-127 + role: compute storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '730' - uid: '730' - user_node_name: node-730 -- fqdn: node-731.domain.tld - internal_address: 192.168.0.1 + swift_zone: '127' + uid: '127' + user_node_name: node-127 +- fqdn: node-128.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-731 + name: node-128 + role: ceph-osd + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '128' + uid: '128' + user_node_name: node-128 +- fqdn: node-129.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-129 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '731' - uid: '731' - user_node_name: node-731 -- fqdn: node-732.domain.tld - internal_address: 192.168.0.4 - internal_netmask: 255.255.255.0 - name: node-732 - role: compute - storage_address: 192.168.1.4 - storage_netmask: 255.255.255.0 - swift_zone: '732' - uid: '732' - user_node_name: node-732 -- fqdn: node-733.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-733 - role: ceph-osd storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '733' - uid: '733' - user_node_name: node-733 -- fqdn: node-734.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-734 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '734' - uid: '734' - user_node_name: node-734 -- fqdn: node-735.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-735 - role: primary-mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '735' - uid: '735' - user_node_name: node-735 -- fqdn: node-736.domain.tld + swift_zone: '129' + uid: '129' + user_node_name: node-129 +- fqdn: node-130.test.domain.local internal_address: 192.168.0.7 internal_netmask: 255.255.255.0 - name: node-736 - role: mongo + name: node-130 + role: ceph-osd storage_address: 192.168.1.7 storage_netmask: 255.255.255.0 - swift_zone: '736' - uid: '736' - user_node_name: node-736 + swift_zone: '130' + uid: '130' + user_node_name: node-130 +- fqdn: node-131.test.domain.local + internal_address: 192.168.0.4 + internal_netmask: 255.255.255.0 + name: node-131 + role: primary-mongo + storage_address: 192.168.1.4 + storage_netmask: 255.255.255.0 + swift_zone: '131' + uid: '131' + user_node_name: node-131 +- fqdn: node-132.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-132 + role: mongo + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '132' + uid: '132' + user_node_name: node-132 nova: - db_password: Kz189HhWN02ZUAe8nvY0t0FC - enable_hugepages: false + db_password: PVzZrklbvr2gHtJL4e8a0s6t state_path: /var/lib/nova - user_password: oMvZeE7RRAOsrUTYqkS3tSdm + user_password: f09qoLIdLU7oGLGFAGFNj1Ja nova_quota: false online: true openstack_version: newton-10.0 @@ -939,7 +945,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: 0U4hZMHZDgtHnVwPSuvZW3mz + password: PYRI8p75nGRMkBGgjlAvcQiu sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 192.168.2.0/24 @@ -950,11 +956,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_40_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_15_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1076,8 +1082,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1092,13 +1098,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: eMJorJqQ1HMFbkypwdUhouEb + passwd: wF5Kulr9K5ht8BEuIBOVQ6DG default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: kPtlHmCe5K7ndGYvKXOweEz5 + admin_password: phtXcgdXRmMafvZlNOj6hTOq metadata: - metadata_proxy_shared_secret: R7maXMRiZHBgmMEXaXZQRxV3 + metadata_proxy_shared_secret: oxbVqVac5jRx0AhdWjxg4J2x predefined_networks: admin_floating_net: L2: @@ -1132,7 +1138,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: X9IsCoHuKgys2l4GZL95MbYG + password: ov7dGMhyL8eR1ZdocMsVtCit release: attributes_metadata: editable: @@ -1240,6 +1246,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1322,6 +1371,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1742,6 +1803,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1776,8 +1840,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1854,11 +1916,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1911,6 +2032,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2151,6 +2275,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2160,8 +2290,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2188,7 +2326,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2209,7 +2349,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2457,6 +2599,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2486,10 +2629,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2561,6 +2706,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2732,7 +2878,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2756,14 +2902,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-mongo +run_ping_checker: true sahara: - db_password: PM3ymZ8WiF9RSbCrCgd6ymU9 + db_password: 4APOo0xTUZcZnCDbL7d30tjC enabled: true - user_password: 3KdRkNe5eAxoPxR4irc3jvvB + user_password: C2TKvFTJ6Vr0CCTLK0xsGK0x service_user: homedir: /var/lib/fuel metadata: @@ -2774,22 +2921,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: pLVuXVFa9C8k7hcCUVb1yWQr + password: 2eiAUTgtohRigYCRhzssNonM root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0eUhXAAAAABAA0KyotPMzzo0kg12tJcf1xg== - bootstrap_osd_key: AQC0eUhXAAAAABAAk7M7DH05JdsO8WRD31tOiw== + admin_key: AQCiB6NXAAAAABAAJpdEYCOSg4mm+Q3DvhzTYg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQCiB6NXAAAAABAA7ezVYgw+wco6h8LezEaUaA== ephemeral_ceph: true - fsid: 81099e45-f272-4954-8252-696863d84e46 + fsid: 1f77e0d5-dd4c-4254-a67f-41449f42b6c6 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0eUhXAAAAABAARk/bva9mdtRLaZ6CsnXToQ== + mon_key: AQCiB6NXAAAAABAA9qfH8vMq6+n6N2iLO7KfgQ== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2800,13 +2959,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0eUhXAAAAABAAqgFcyJYZu0IY+4J2+rsWew== + radosgw_key: AQCiB6NXAAAAABAA6wxyVYlUpMVvs9r0fpUiXQ== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: ROQ1xRVPVFShmjxplraXnPX9 + user_password: 2g77TlSldIdjCozj7BsRbKYS syslog: metadata: enabled: false @@ -2828,10 +2987,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '735' +uid: '131' use_cow_images: true use_vcenter: false -user_node_name: node-735 +user_node_name: node-131 vms_conf: [] workloads_collector: create_user: false @@ -2843,6 +3002,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 596PBfjB9KaTbfMykO2Ql54x + password: lvrXAFlB68qs9dmoTAd9EsNq tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.ironic-ironic.yaml b/hiera/neut_tun.ironic-ironic.yaml index c4fd342..3e79811 100644 --- a/hiera/neut_tun.ironic-ironic.yaml +++ b/hiera/neut_tun.ironic-ironic.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: hiN0y3o2OFkF3f3YSTNjHiOa - user_password: x8jlEMpftPAAraa0ZLQpJUNv + db_password: XK3t8hwKU4oTYgZbhnCaPcDH + user_password: Is9h5h6ZtQBuTTSZsH0EIEom +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: OEdIztuktwNOnB84iQYMiEFV + db_password: CZso0oeyPUsfnVFFLMoxIm0D enabled: false - metering_secret: sRlCMHRF8DlJoowPlI9bmyu1 - user_password: yGYZVvKKbS9xrutMQRzBxoxf + metering_secret: mxFV1GvykmXPA6OmmehDYga0 + user_password: GibSwXcus87vQOa3NNcAZKvf cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: CkCcgdSrfEgk9tECQwwkvKXx - fixed_key: d525efbe18d743cb285319c8cd29b9c7260ad20be778331771c36cbc48f742a1 - user_password: jNafNiZpYfADPKcuMWCAxAGt + db_password: tSJqjoqPJ8W5P4v4pyZtF4q5 + fixed_key: d58b43cceee3b2c4ab0d02492823aca692a0cee09a1724f78946d2d4348be62d + user_password: wAhfP2Q7BH1QWry4b7EsiiUA cluster: changes: - name: attributes @@ -42,16 +52,16 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 740 + node_id: 136 - name: disks - node_id: 740 + node_id: 136 - name: interfaces - node_id: 741 + node_id: 137 - name: disks - node_id: 741 + node_id: 137 components: [] fuel_version: '10.0' - id: 41 + id: 16 is_customized: false is_locked: false mode: ha_compact @@ -84,12 +94,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 41 +deployment_id: 16 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -115,31 +124,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: false -fqdn: node-741.domain.tld +fqdn: node-137.test.domain.local fuel_version: '10.0' glance: - db_password: gVYTXLFWV7WSteVDyXxnRWKl - image_cache_max_size: '5368709120' - user_password: V7JwaZYhYOxc5JdUobV1CLnO + db_password: aV95ERc1H2awsqBv5ynsVzCs + image_cache_max_size: '0' + user_password: GbyVT2aXIYM9QbOElIp5L42u glance_glare: - user_password: quxjT5v3BpJt2TKxAtmER41f + user_password: IlesA89fZfUPihdhb6mFiT6x heat: - auth_encryption_key: f5d3fbe51de52233a33f5835e5b3baa0 - db_password: VjX33KG2He73XV12oSKfHUEU + auth_encryption_key: e38713ea207e90bcad229ab47f602eca + db_password: L6IRVtCuYkMT6oBwlmYJj29F enabled: true - rabbit_password: YNbypOhrsUovBbx2SNkVzQas - user_password: 1m0kuWGegb0EdPJ3YMgU3rAm + rabbit_password: uqznniJtms7iXS78SoaqZg7A + user_password: GKSbrt4xvdz31EWHdbMjyVlv horizon: - secret_key: 0eb852eabb8ca3f0936d2afcaa49b17f0d671fd1879feab7c4d75cb4d7c6d0dd + secret_key: 783f0f68c486bada03e8b7972a7ac4eff6b00faed6cca53dfabd2111643f9521 ironic: - db_password: SpHcDEIeSM0yYsReW3t30X0v + db_password: ijBdO4emlYkRiE8PRdde2QPu enabled: true - swift_tempurl_key: ic78itqg4AwOypiYAUjDviRo - user_password: sildb8VJkARs8fXD50HsjKWe + swift_tempurl_key: 1ve491fImsNM9EHEFOWlPNs7 + user_password: actShEvuis2N2zACV90aHDVA kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -147,12 +154,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: pd48fFOmCUVVGISQjAbwOaCZ - db_password: Lao9Hl9DusSiaWUt4aSMNEt2 -last_controller: node-740 + admin_token: DDlLc2JjWdfA8uHLafkzi2lR + db_password: lDhJ0v8CcNRVvU74frO0Bk6z +last_controller: node-136 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -164,15 +171,15 @@ mp: - point: '2' weight: '2' murano: - db_password: 7rrEzKatGDMPnSCTfArIYQMt + db_password: yZHREyf745Nkg5dbOcOBzhwl enabled: false - rabbit_password: nm6a1orjVXn8Y2knaJ1TEvOg - user_password: ZKADcckGwZkZulNkbuHGk4MZ + rabbit_password: wVUsePS5WGKafTxEla5HpNx9 + user_password: USiEN1Rtj3VmGfxRzKVGdzwz murano-cfapi: - db_password: 9g5o2ueo6k29eEUeTGlNVPaD + db_password: 88HCOq67r1Jj8hJ77EBgECw4 enabled: false - rabbit_password: kubLDDFDFav3izWFRZuMfZU6 - user_password: U9MjJayjpEeVx8t8alI5OOs8 + rabbit_password: K9w9IlR2MBLRH2GABe6v1GvM + user_password: WqNTH5DXWrYq02wNjREaliwJ murano_settings: metadata: group: openstack_services @@ -185,15 +192,15 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: Y1Mq8J9MhxWeCfdMPlpHMFx0 - wsrep_password: vUKmeqyDX4Ljo7VpRf6uFdU1 + root_password: 5vMWTCbWnrzItzBpAHMttD53 + wsrep_password: iE19Tmxi69uBVWdF7ic7Yxrc network_metadata: nodes: - node-740: - fqdn: node-740.domain.tld - name: node-740 + node-136: + fqdn: node-136.test.domain.local + name: node-136 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 @@ -202,7 +209,7 @@ network_metadata: cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.100 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -233,21 +240,21 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '740' - uid: '740' - user_node_name: node-740 - node-741: - fqdn: node-741.domain.tld - name: node-741 + swift_zone: '136' + uid: '136' + user_node_name: node-136 + node-137: + fqdn: node-137.test.domain.local + name: node-137 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.101 aodh/api: 192.168.0.1 ceilometer/api: 192.168.0.1 ceph/public: 192.168.1.1 ceph/replication: 192.168.1.1 cinder/api: 192.168.0.1 cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.101 glance/api: 192.168.0.1 glance/glare: 192.168.0.1 heat/api: 192.168.0.1 @@ -277,9 +284,9 @@ network_metadata: - ironic nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '741' - uid: '741' - user_node_name: node-741 + swift_zone: '137' + uid: '137' + user_node_name: node-137 vips: baremetal: ipaddr: 192.168.3.4 @@ -351,10 +358,10 @@ network_scheme: - 192.168.3.2/24 br-fw-admin: IP: - - 10.145.0.101/24 - gateway: 10.145.0.1 + - 10.109.15.101/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - 192.168.0.1/24 @@ -648,33 +655,32 @@ node_volumes: size: 10240 type: lv nodes: -- fqdn: node-740.domain.tld +- fqdn: node-136.test.domain.local internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-740 + name: node-136 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '740' - uid: '740' - user_node_name: node-740 -- fqdn: node-741.domain.tld + swift_zone: '136' + uid: '136' + user_node_name: node-136 +- fqdn: node-137.test.domain.local internal_address: 192.168.0.1 internal_netmask: 255.255.255.0 - name: node-741 + name: node-137 role: ironic storage_address: 192.168.1.1 storage_netmask: 255.255.255.0 - swift_zone: '741' - uid: '741' - user_node_name: node-741 + swift_zone: '137' + uid: '137' + user_node_name: node-137 nova: - db_password: ximHMQh7wIu6fTNtd4F74AKg - enable_hugepages: false + db_password: 18zVWBhBwdoIK35EypULM1Zu state_path: /var/lib/nova - user_password: ZcQNkzkXWFTxtFnu9tdAql2w + user_password: VeZGjOU9hNaKN45n9Fthmyvw nova_quota: false online: true openstack_version: newton-10.0 @@ -686,7 +692,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: wD9IlVwqhzq1zhXpazD25x6r + password: 3tNpoXbQvRKZHZ9psDygPVg3 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -696,11 +702,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_41_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_16_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_41_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_16_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -822,8 +828,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -843,13 +849,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: pZ4pgrDVFXSG2obDDj3Vwnaz + passwd: ZEJrfn9yx71l5aYyKBZJMdt4 default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: XFaVfyWNLjsQ4GNpOspB8xaA + admin_password: adsQgnCTB8cBPXNSeOVZglpn metadata: - metadata_proxy_shared_secret: 6oEnHzzkWBlDcf4btBTLGx0t + metadata_proxy_shared_secret: HBY2MsQRtFqok6acSnmm93pM predefined_networks: admin_floating_net: L2: @@ -899,7 +905,7 @@ quantum_settings: shared: true tenant: admin rabbit: - password: MDx8hLMqPNKdnM0v2tAVbz54 + password: w6mkP2ae9VxqAvVTCt5QLXL7 release: attributes_metadata: editable: @@ -1007,6 +1013,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1089,6 +1138,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1509,6 +1570,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1543,8 +1607,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1621,11 +1683,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1678,6 +1799,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -1918,6 +2042,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -1927,8 +2057,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -1955,7 +2093,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -1976,7 +2116,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2224,6 +2366,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2253,10 +2396,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2328,6 +2473,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2499,7 +2645,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2523,14 +2669,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - ironic +run_ping_checker: true sahara: - db_password: 5GouiTv573FXUKSa2JfE2it0 + db_password: fyBBOKHmjHXJBzwKg6znoojB enabled: false - user_password: sUFDBiM0LhyEqWCHxvK42N1D + user_password: xnpoIx0CBaJKmeumgAThJ6yC service_user: homedir: /var/lib/fuel metadata: @@ -2541,22 +2688,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 3nD8uFmJWnF1rrOHdidayYuW + password: 9paPtyxDUWvzFuubRywN8wa2 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQAiekhXAAAAABAADbWfvinwBeGWEi7JRaWgag== - bootstrap_osd_key: AQAiekhXAAAAABAAamKsawxkXm99kXmEhWaSGw== + admin_key: AQANCKNXAAAAABAAICIGZeGjdsW4rt37/MYwPg== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQANCKNXAAAAABAA4XLpGtBmnq+8ECO0ASkafA== ephemeral_ceph: false - fsid: 6da4a04e-fd5c-4ec8-a394-ae009c5c2f92 + fsid: be75cde4-f083-41b2-a4ca-c3f03e85ff10 images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQAiekhXAAAAABAARw76hwzKmf/x/I0uoyUsnA== + mon_key: AQANCKNXAAAAABAAIUS/B+09OlDWDN7VfezDFw== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2567,13 +2726,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQAiekhXAAAAABAABpQ0tuYU91Jzib/P7uohdw== + radosgw_key: AQANCKNXAAAAABAAUBrikUvMh/a+EG8+eIq3VA== volumes_block_device: false volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: vB61iOPXKRG66V9taTym4NjB + user_password: GSQibP0IGrKQkAfXr9INmFUU syslog: metadata: enabled: false @@ -2595,10 +2754,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '741' +uid: '137' use_cow_images: true use_vcenter: false -user_node_name: node-741 +user_node_name: node-137 vms_conf: [] workloads_collector: create_user: false @@ -2610,6 +2769,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: Np6WzPrfRrNNg88sRYY0mp7l + password: lxMOZvzTNujuIE7lVdaQyzzP tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.ironic-primary-controller.yaml b/hiera/neut_tun.ironic-primary-controller.yaml index a7619bc..136e5c8 100644 --- a/hiera/neut_tun.ironic-primary-controller.yaml +++ b/hiera/neut_tun.ironic-primary-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: hiN0y3o2OFkF3f3YSTNjHiOa - user_password: x8jlEMpftPAAraa0ZLQpJUNv + db_password: XK3t8hwKU4oTYgZbhnCaPcDH + user_password: Is9h5h6ZtQBuTTSZsH0EIEom +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: OEdIztuktwNOnB84iQYMiEFV + db_password: CZso0oeyPUsfnVFFLMoxIm0D enabled: false - metering_secret: sRlCMHRF8DlJoowPlI9bmyu1 - user_password: yGYZVvKKbS9xrutMQRzBxoxf + metering_secret: mxFV1GvykmXPA6OmmehDYga0 + user_password: GibSwXcus87vQOa3NNcAZKvf cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: CkCcgdSrfEgk9tECQwwkvKXx - fixed_key: d525efbe18d743cb285319c8cd29b9c7260ad20be778331771c36cbc48f742a1 - user_password: jNafNiZpYfADPKcuMWCAxAGt + db_password: tSJqjoqPJ8W5P4v4pyZtF4q5 + fixed_key: d58b43cceee3b2c4ab0d02492823aca692a0cee09a1724f78946d2d4348be62d + user_password: wAhfP2Q7BH1QWry4b7EsiiUA cluster: changes: - name: attributes @@ -42,16 +52,16 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 740 + node_id: 136 - name: disks - node_id: 740 + node_id: 136 - name: interfaces - node_id: 741 + node_id: 137 - name: disks - node_id: 741 + node_id: 137 components: [] fuel_version: '10.0' - id: 41 + id: 16 is_customized: false is_locked: false mode: ha_compact @@ -84,12 +94,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 41 +deployment_id: 16 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -115,31 +124,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-740.domain.tld +fqdn: node-136.test.domain.local fuel_version: '10.0' glance: - db_password: gVYTXLFWV7WSteVDyXxnRWKl + db_password: aV95ERc1H2awsqBv5ynsVzCs image_cache_max_size: '389537175961' - user_password: V7JwaZYhYOxc5JdUobV1CLnO + user_password: GbyVT2aXIYM9QbOElIp5L42u glance_glare: - user_password: quxjT5v3BpJt2TKxAtmER41f + user_password: IlesA89fZfUPihdhb6mFiT6x heat: - auth_encryption_key: f5d3fbe51de52233a33f5835e5b3baa0 - db_password: VjX33KG2He73XV12oSKfHUEU + auth_encryption_key: e38713ea207e90bcad229ab47f602eca + db_password: L6IRVtCuYkMT6oBwlmYJj29F enabled: true - rabbit_password: YNbypOhrsUovBbx2SNkVzQas - user_password: 1m0kuWGegb0EdPJ3YMgU3rAm + rabbit_password: uqznniJtms7iXS78SoaqZg7A + user_password: GKSbrt4xvdz31EWHdbMjyVlv horizon: - secret_key: 0eb852eabb8ca3f0936d2afcaa49b17f0d671fd1879feab7c4d75cb4d7c6d0dd + secret_key: 783f0f68c486bada03e8b7972a7ac4eff6b00faed6cca53dfabd2111643f9521 ironic: - db_password: SpHcDEIeSM0yYsReW3t30X0v + db_password: ijBdO4emlYkRiE8PRdde2QPu enabled: true - swift_tempurl_key: ic78itqg4AwOypiYAUjDviRo - user_password: sildb8VJkARs8fXD50HsjKWe + swift_tempurl_key: 1ve491fImsNM9EHEFOWlPNs7 + user_password: actShEvuis2N2zACV90aHDVA kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -147,12 +154,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: pd48fFOmCUVVGISQjAbwOaCZ - db_password: Lao9Hl9DusSiaWUt4aSMNEt2 -last_controller: node-740 + admin_token: DDlLc2JjWdfA8uHLafkzi2lR + db_password: lDhJ0v8CcNRVvU74frO0Bk6z +last_controller: node-136 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -164,15 +171,15 @@ mp: - point: '2' weight: '2' murano: - db_password: 7rrEzKatGDMPnSCTfArIYQMt + db_password: yZHREyf745Nkg5dbOcOBzhwl enabled: false - rabbit_password: nm6a1orjVXn8Y2knaJ1TEvOg - user_password: ZKADcckGwZkZulNkbuHGk4MZ + rabbit_password: wVUsePS5WGKafTxEla5HpNx9 + user_password: USiEN1Rtj3VmGfxRzKVGdzwz murano-cfapi: - db_password: 9g5o2ueo6k29eEUeTGlNVPaD + db_password: 88HCOq67r1Jj8hJ77EBgECw4 enabled: false - rabbit_password: kubLDDFDFav3izWFRZuMfZU6 - user_password: U9MjJayjpEeVx8t8alI5OOs8 + rabbit_password: K9w9IlR2MBLRH2GABe6v1GvM + user_password: WqNTH5DXWrYq02wNjREaliwJ murano_settings: metadata: group: openstack_services @@ -185,15 +192,15 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: Y1Mq8J9MhxWeCfdMPlpHMFx0 - wsrep_password: vUKmeqyDX4Ljo7VpRf6uFdU1 + root_password: 5vMWTCbWnrzItzBpAHMttD53 + wsrep_password: iE19Tmxi69uBVWdF7ic7Yxrc network_metadata: nodes: - node-740: - fqdn: node-740.domain.tld - name: node-740 + node-136: + fqdn: node-136.test.domain.local + name: node-136 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 @@ -202,7 +209,7 @@ network_metadata: cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.100 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -233,21 +240,21 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '740' - uid: '740' - user_node_name: node-740 - node-741: - fqdn: node-741.domain.tld - name: node-741 + swift_zone: '136' + uid: '136' + user_node_name: node-136 + node-137: + fqdn: node-137.test.domain.local + name: node-137 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.101 aodh/api: 192.168.0.1 ceilometer/api: 192.168.0.1 ceph/public: 192.168.1.1 ceph/replication: 192.168.1.1 cinder/api: 192.168.0.1 cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.101 glance/api: 192.168.0.1 glance/glare: 192.168.0.1 heat/api: 192.168.0.1 @@ -277,9 +284,9 @@ network_metadata: - ironic nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '741' - uid: '741' - user_node_name: node-741 + swift_zone: '137' + uid: '137' + user_node_name: node-137 vips: baremetal: ipaddr: 192.168.3.4 @@ -359,9 +366,9 @@ network_scheme: IP: none br-fw-admin: IP: - - 10.145.0.100/24 + - 10.109.15.100/24 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - 192.168.0.2/24 @@ -778,33 +785,32 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-740.domain.tld +- fqdn: node-136.test.domain.local internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-740 + name: node-136 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '740' - uid: '740' - user_node_name: node-740 -- fqdn: node-741.domain.tld + swift_zone: '136' + uid: '136' + user_node_name: node-136 +- fqdn: node-137.test.domain.local internal_address: 192.168.0.1 internal_netmask: 255.255.255.0 - name: node-741 + name: node-137 role: ironic storage_address: 192.168.1.1 storage_netmask: 255.255.255.0 - swift_zone: '741' - uid: '741' - user_node_name: node-741 + swift_zone: '137' + uid: '137' + user_node_name: node-137 nova: - db_password: ximHMQh7wIu6fTNtd4F74AKg - enable_hugepages: false + db_password: 18zVWBhBwdoIK35EypULM1Zu state_path: /var/lib/nova - user_password: ZcQNkzkXWFTxtFnu9tdAql2w + user_password: VeZGjOU9hNaKN45n9Fthmyvw nova_quota: false online: true openstack_version: newton-10.0 @@ -816,7 +822,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: wD9IlVwqhzq1zhXpazD25x6r + password: 3tNpoXbQvRKZHZ9psDygPVg3 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -826,11 +832,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_41_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_16_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_41_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_16_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -952,8 +958,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -973,13 +979,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: pZ4pgrDVFXSG2obDDj3Vwnaz + passwd: ZEJrfn9yx71l5aYyKBZJMdt4 default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: XFaVfyWNLjsQ4GNpOspB8xaA + admin_password: adsQgnCTB8cBPXNSeOVZglpn metadata: - metadata_proxy_shared_secret: 6oEnHzzkWBlDcf4btBTLGx0t + metadata_proxy_shared_secret: HBY2MsQRtFqok6acSnmm93pM predefined_networks: admin_floating_net: L2: @@ -1029,7 +1035,7 @@ quantum_settings: shared: true tenant: admin rabbit: - password: MDx8hLMqPNKdnM0v2tAVbz54 + password: w6mkP2ae9VxqAvVTCt5QLXL7 release: attributes_metadata: editable: @@ -1137,6 +1143,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1219,6 +1268,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1639,6 +1700,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1673,8 +1737,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1751,11 +1813,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1808,6 +1929,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2048,6 +2172,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2057,8 +2187,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2085,7 +2223,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2106,7 +2246,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2354,6 +2496,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2383,10 +2526,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2458,6 +2603,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2629,7 +2775,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2653,14 +2799,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-controller +run_ping_checker: true sahara: - db_password: 5GouiTv573FXUKSa2JfE2it0 + db_password: fyBBOKHmjHXJBzwKg6znoojB enabled: false - user_password: sUFDBiM0LhyEqWCHxvK42N1D + user_password: xnpoIx0CBaJKmeumgAThJ6yC service_user: homedir: /var/lib/fuel metadata: @@ -2671,22 +2818,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 3nD8uFmJWnF1rrOHdidayYuW + password: 9paPtyxDUWvzFuubRywN8wa2 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQAiekhXAAAAABAADbWfvinwBeGWEi7JRaWgag== - bootstrap_osd_key: AQAiekhXAAAAABAAamKsawxkXm99kXmEhWaSGw== + admin_key: AQANCKNXAAAAABAAICIGZeGjdsW4rt37/MYwPg== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQANCKNXAAAAABAA4XLpGtBmnq+8ECO0ASkafA== ephemeral_ceph: false - fsid: 6da4a04e-fd5c-4ec8-a394-ae009c5c2f92 + fsid: be75cde4-f083-41b2-a4ca-c3f03e85ff10 images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQAiekhXAAAAABAARw76hwzKmf/x/I0uoyUsnA== + mon_key: AQANCKNXAAAAABAAIUS/B+09OlDWDN7VfezDFw== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2697,13 +2856,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQAiekhXAAAAABAABpQ0tuYU91Jzib/P7uohdw== + radosgw_key: AQANCKNXAAAAABAAUBrikUvMh/a+EG8+eIq3VA== volumes_block_device: false volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: vB61iOPXKRG66V9taTym4NjB + user_password: GSQibP0IGrKQkAfXr9INmFUU syslog: metadata: enabled: false @@ -2725,10 +2884,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '740' +uid: '136' use_cow_images: true use_vcenter: false -user_node_name: node-740 +user_node_name: node-136 vms_conf: [] workloads_collector: create_user: false @@ -2740,6 +2899,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: Np6WzPrfRrNNg88sRYY0mp7l + password: lxMOZvzTNujuIE7lVdaQyzzP tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.l3ha.nova_quota-primary-controller.yaml b/hiera/neut_tun.l3ha.nova_quota-primary-controller.yaml index 1a9efbf..22eea11 100644 --- a/hiera/neut_tun.l3ha.nova_quota-primary-controller.yaml +++ b/hiera/neut_tun.l3ha.nova_quota-primary-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: 7j3w5vVSvgjbq34JSyQ75dN7 - user_password: xK3HqxRvj6yccZcQcKw1HsiK + db_password: fTG2UYBvKZDeNDA9TAu9pH1D + user_password: 4Ld23EdM8F7eeqn2j2MbEsDk +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: ucnMYHhGTaxRt8pdfTAhejJB + db_password: oWhPeenq8xLR1oSCgQWvDTTV enabled: false - metering_secret: BUek3Z44dLw4dJFHCRiKpvwF - user_password: vYsfWtMK3mez3bTP2b7JULIy + metering_secret: rMMSspJxqlFQ0gNkBMRfWZe4 + user_password: oFJ3w48Vno34ojMWYmlQ2cau cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: o1MiNAm7BXJjctXPV7KDAlvZ - fixed_key: ea26f10c6feb8f10069796997d6d1189c9288023d1461236cf2fc962849e70fa - user_password: VddFPJO9aj8xTZgaGcgiKLeM + db_password: Mh0PPiud65Qn3r3qXeYVgqDj + fixed_key: 4c286a83354367390797cf7c751eb2144db45a80fbc9b4277f0ab699e9a11b3b + user_password: 5bmKBYRy3iRAzJ4IEqs86NdT cluster: changes: - name: attributes @@ -42,20 +52,20 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 750 + node_id: 146 - name: disks - node_id: 750 + node_id: 146 - name: interfaces - node_id: 751 + node_id: 147 - name: disks - node_id: 751 + node_id: 147 - name: interfaces - node_id: 752 + node_id: 148 - name: disks - node_id: 752 + node_id: 148 components: [] fuel_version: '10.0' - id: 42 + id: 17 is_customized: false is_locked: false mode: ha_compact @@ -88,12 +98,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 42 +deployment_id: 17 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -119,31 +128,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-750.domain.tld +fqdn: node-146.test.domain.local fuel_version: '10.0' glance: - db_password: KwfH9ZWNIdSxRnYCNmiagUdk + db_password: GYxtQiMKDb5K7tmZo0rFTut1 image_cache_max_size: '389537175961' - user_password: g7wSdgapZGaLH5s0ccFrdYr7 + user_password: SfPI5FYXK2wfTBkLL2z6ZVMK glance_glare: - user_password: hsj5zoOrR78l0rp0ia5ouEzt + user_password: mGvWAhWF6FJRgn9usmpUTarY heat: - auth_encryption_key: 40032089313a012a4a9f9f3540c61e9a - db_password: RaG0yb1ts5gcK6IZXJk2hVx9 + auth_encryption_key: a26dc66ee5b68c2b9cfb7fe085728e86 + db_password: EsvLELan6iukN5yDLPJ2fyh5 enabled: true - rabbit_password: jVuBaw5bkTuSQX9jnzVkPd5z - user_password: QJFWNaGQTALMwA2E2xmJsnBn + rabbit_password: oxzRc7tSDwKCm4PStz7gC1aW + user_password: LHFstLqeT9L93Tj3EDCoyYbD horizon: - secret_key: f38f3ac617f74ff20cb579ef1bce66ae77763f26b16ca6491260ab1feaa448b4 + secret_key: 542dad2c900902d116d7d11e1a24dc95526bb96920ad63b2103c3dd8c4f9ea84 ironic: - db_password: lJoowNRvUuCf6zT4V1QPXZe2 + db_password: UfnJMWqNxd3UC9ryzaUsP0W2 enabled: false - swift_tempurl_key: w9NTMHS4tOmGPpzCAmFwzlB5 - user_password: WUecqWZZmsheyt4i9qvP5St5 + swift_tempurl_key: lW2cBzuTOBoruzoPMb46BUJK + user_password: C9Zen8KoOYPJlOH90A0UD6I5 kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -151,12 +158,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: 8hxLbNdn8o9pT3nSTLmY3AJu - db_password: maVEtYGyZ65HUXiRbZJIIs2v -last_controller: node-752 + admin_token: 7Kq1CywuBMQUnqcEi4kEPTNH + db_password: yrJShNwbNlPKgeGRnJn8cHll +last_controller: node-148 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -168,15 +175,15 @@ mp: - point: '2' weight: '2' murano: - db_password: lqxY73mPKA1etCUW1By1uJ55 + db_password: 7YG26rZKPLESGohgInb18FyT enabled: false - rabbit_password: jheazxWvz0XlTXmyUj0RxfCX - user_password: l9fBki5GRiRRhuYFFUxx3w88 + rabbit_password: kNyHQIfyaTfB5dQXoL0AZnML + user_password: hTOgx33sIP7mynagqpd3q8Ut murano-cfapi: - db_password: XmoTRj6WHdO2ejel389tcBA3 + db_password: eRKU8BMu9GEwxvXPo3M47c6Y enabled: false - rabbit_password: VGBZK9x0BHrBJXagf1eXGfV4 - user_password: P3uFu4JbnwmIvosjo8ksEWyo + rabbit_password: PmttpiIvsyI5D6iiW8zFncyy + user_password: U4Xv4TMqOrfTUlELubsbY3ql murano_settings: metadata: group: openstack_services @@ -189,15 +196,62 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: MguARNj9HbYrPaTxIMnQ9zii - wsrep_password: oH39uJM2PEk6YiTux6JnXWB7 + root_password: jrKJrlkH2V33stGRS83sKcp9 + wsrep_password: 7ZWGnr7Tj6LtY9olzmNYRQI3 network_metadata: nodes: - node-750: - fqdn: node-750.domain.tld - name: node-750 + node-146: + fqdn: node-146.test.domain.local + name: node-146 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.100 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/radosgw: 172.16.0.4 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + ex: 172.16.0.4 + fw-admin: 10.109.15.100 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 + neutron/floating: null + neutron/mesh: 192.168.2.3 + neutron/private: null + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + public/vip: 172.16.0.4 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 + node_roles: + - primary-controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '146' + uid: '146' + user_node_name: node-146 + node-147: + fqdn: node-147.test.domain.local + name: node-147 + network_roles: + admin/pxe: 10.109.15.101 aodh/api: 192.168.0.1 ceilometer/api: 192.168.0.1 ceph/public: 192.168.1.1 @@ -206,7 +260,7 @@ network_metadata: cinder/api: 192.168.0.1 cinder/iscsi: 192.168.1.1 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.101 glance/api: 192.168.0.1 glance/glare: 192.168.0.1 heat/api: 192.168.0.1 @@ -234,17 +288,17 @@ network_metadata: swift/api: 192.168.0.1 swift/replication: 192.168.1.1 node_roles: - - primary-controller + - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '750' - uid: '750' - user_node_name: node-750 - node-751: - fqdn: node-751.domain.tld - name: node-751 + swift_zone: '147' + uid: '147' + user_node_name: node-147 + node-148: + fqdn: node-148.test.domain.local + name: node-148 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.102 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 @@ -253,7 +307,7 @@ network_metadata: cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.102 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -284,56 +338,9 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '751' - uid: '751' - user_node_name: node-751 - node-752: - fqdn: node-752.domain.tld - name: node-752 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.4 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.4 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 - neutron/floating: null - neutron/mesh: 192.168.2.3 - neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.4 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '752' - uid: '752' - user_node_name: node-752 + swift_zone: '148' + uid: '148' + user_node_name: node-148 vips: management: ipaddr: 192.168.0.5 @@ -380,7 +387,7 @@ network_scheme: endpoints: br-ex: IP: - - 172.16.0.2/24 + - 172.16.0.4/24 gateway: 172.16.0.1 vendor_specific: provider_gateway: 172.16.0.1 @@ -388,18 +395,18 @@ network_scheme: IP: none br-fw-admin: IP: - - 10.145.0.100/24 + - 10.109.15.100/24 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - - 192.168.2.1/24 + - 192.168.2.3/24 br-mgmt: IP: - - 192.168.0.1/24 + - 192.168.0.3/24 br-storage: IP: - - 192.168.1.1/24 + - 192.168.1.3/24 interfaces: enp0s3: vendor_specific: @@ -790,47 +797,46 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-750.domain.tld - internal_address: 192.168.0.1 +- fqdn: node-146.test.domain.local + internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-750 - public_address: 172.16.0.2 + name: node-146 + public_address: 172.16.0.4 public_netmask: 255.255.255.0 role: primary-controller + storage_address: 192.168.1.3 + storage_netmask: 255.255.255.0 + swift_zone: '146' + uid: '146' + user_node_name: node-146 +- fqdn: node-147.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-147 + public_address: 172.16.0.2 + public_netmask: 255.255.255.0 + role: controller storage_address: 192.168.1.1 storage_netmask: 255.255.255.0 - swift_zone: '750' - uid: '750' - user_node_name: node-750 -- fqdn: node-751.domain.tld + swift_zone: '147' + uid: '147' + user_node_name: node-147 +- fqdn: node-148.test.domain.local internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-751 + name: node-148 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '751' - uid: '751' - user_node_name: node-751 -- fqdn: node-752.domain.tld - internal_address: 192.168.0.3 - internal_netmask: 255.255.255.0 - name: node-752 - public_address: 172.16.0.4 - public_netmask: 255.255.255.0 - role: controller - storage_address: 192.168.1.3 - storage_netmask: 255.255.255.0 - swift_zone: '752' - uid: '752' - user_node_name: node-752 + swift_zone: '148' + uid: '148' + user_node_name: node-148 nova: - db_password: dVxM3nlBe0JziZeF5NIc630X - enable_hugepages: false + db_password: hWAZkudqAeGGhl1SatLfMEC5 state_path: /var/lib/nova - user_password: jGuKfRlMm0q9vn9ZzqbItMI3 + user_password: 1zxvrXLlRd4CjKRbmEYbejh2 nova_quota: true online: true openstack_version: newton-10.0 @@ -842,7 +848,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: xT8T4DNQ2QqkJFUZodoWREDy + password: d2FKWdMzL5ZrjCxa52Bo3JS5 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 192.168.2.0/24 @@ -853,11 +859,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_42_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_17_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_42_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_17_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -979,8 +985,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -995,13 +1001,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: 8sbWW3CaFK76H4RLEpNOsfLd + passwd: AGikUII5cPBFkzlIKuAArThr default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: LfzRpFDQNKvkaVBLP8ddBpZl + admin_password: qgsijpWEtQOaBnbRJSdjlw5l metadata: - metadata_proxy_shared_secret: zdLsHUINrwbg8NspxSn7qvx3 + metadata_proxy_shared_secret: YgshdIPQ6fuu8qjf0zGK7GeJ predefined_networks: admin_floating_net: L2: @@ -1035,7 +1041,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: krpm3JNObYWWhDl9VahYaVWs + password: lbGFVr9BdCAdvobuR7rur3up release: attributes_metadata: editable: @@ -1143,6 +1149,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1225,6 +1274,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1645,6 +1706,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1679,8 +1743,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1757,11 +1819,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1814,6 +1935,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2054,6 +2178,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2063,8 +2193,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2091,7 +2229,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2112,7 +2252,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2360,6 +2502,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2389,10 +2532,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2464,6 +2609,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2635,7 +2781,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2659,14 +2805,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-controller +run_ping_checker: true sahara: - db_password: DRapFQcmeHvueGCqssEIa2bQ + db_password: CM60aYlmA5spqiqDApaby7xR enabled: false - user_password: o6fkFsUDNDhc4YqRd0T9gOJE + user_password: lB1yDC38IKmz6M557UcjJfAg service_user: homedir: /var/lib/fuel metadata: @@ -2677,22 +2824,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: kBx8RG4db3zQAzqVKh44Gm4d + password: cPYnLS5PfIUite7eBpjSrI9z root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQCCekhXAAAAABAAXlxgNtLXFTdaF6nR2MGOaw== - bootstrap_osd_key: AQCCekhXAAAAABAASnyCLDjd1XWTH106pH9TLQ== + admin_key: AQBrCKNXAAAAABAAI3edn6qeFUQbO0ootzuOuw== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQBrCKNXAAAAABAAwsTYwSQzfIUqx1kM0HKZGQ== ephemeral_ceph: false - fsid: e352376f-e4bd-43c1-bf8f-0db2061497c2 + fsid: c662c281-5820-4cde-824e-5f0ed024dad3 images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQCCekhXAAAAABAAtv9DdUBCre3ZDwrWSltHWA== + mon_key: AQBrCKNXAAAAABAASQ1JTHUn7DdvlexE1FdFMA== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2703,13 +2862,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQCCekhXAAAAABAA8QOMIJfsNC+cY9e66M0xrA== + radosgw_key: AQBrCKNXAAAAABAADvz5+lOy2LLWhWAfqr+Urw== volumes_block_device: false volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: UTky8v3RK3cq3CQIJ3N8hlHA + user_password: xNJ7vy9MIakC8RVpKaBrrdc3 syslog: metadata: enabled: false @@ -2731,10 +2890,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '750' +uid: '146' use_cow_images: true use_vcenter: false -user_node_name: node-750 +user_node_name: node-146 vms_conf: [] workloads_collector: create_user: false @@ -2746,6 +2905,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: T2Feby0Vtz9DM6F4IDwjMOz6 + password: tBJ3WHNvxQRwqnIbuKZIu9k0 tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-ceph-osd.yaml b/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-ceph-osd.yaml index 5917284..9f04fa9 100644 --- a/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-ceph-osd.yaml +++ b/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-ceph-osd.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: BbGR52cd3LwohWb8TR9nPBwe - user_password: mdvzyl5bn1EyXUpCzlsYnP4A + db_password: M84vqpK4GS8BFVPCWzIBX2op + user_password: dSnu7i69V8woVAipRBfWpkAW +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.110.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: x1vXQVbx3QozWCsdeqO4pXI8 + db_password: IdzwGob6PswM4AQm5CfkS2GN enabled: true - metering_secret: FoOep7ohlScQkaHld0URFj0z - user_password: FLvSIKT54BUlaein3hqG3wwB + metering_secret: ISmdXiD6VS7u5sGQG4tTKwcL + user_password: vLJ2vrra7m2h3SMth1CrU0tq cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RUZBIY7QKhUoE1Jcq7lktN7s - fixed_key: 32351e49c6ee8e5f9c2f40c5541471b6098b07a7e61916a0a44811aeaa19a371 - user_password: nHHcNT6k9kdY5M2w8dPwczGb + db_password: 0bXTM3SEqAtiQq9M39CYwlcl + fixed_key: fe0270bd2fe1707b8d7c5bb75649108923893831657eadf46eb919cceeebd42a + user_password: OYmyX0ZkJfDpdM9pB3czSzdJ cluster: changes: - name: attributes @@ -42,40 +52,40 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 103 + node_id: 166 - name: disks - node_id: 103 + node_id: 166 - name: interfaces - node_id: 100 + node_id: 167 - name: disks - node_id: 100 + node_id: 167 - name: interfaces - node_id: 101 + node_id: 168 - name: disks - node_id: 101 + node_id: 168 - name: interfaces - node_id: 102 + node_id: 169 - name: disks - node_id: 102 + node_id: 169 - name: interfaces - node_id: 104 + node_id: 170 - name: disks - node_id: 104 + node_id: 170 - name: interfaces - node_id: 105 + node_id: 171 - name: disks - node_id: 105 + node_id: 171 - name: interfaces - node_id: 106 + node_id: 172 - name: disks - node_id: 106 + node_id: 172 - name: interfaces - node_id: 107 + node_id: 173 - name: disks - node_id: 107 + node_id: 173 components: [] fuel_version: '10.0' - id: 10 + id: 19 is_customized: false is_locked: false mode: ha_compact @@ -108,12 +118,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 10 +deployment_id: 19 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.110.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -139,29 +148,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 10.110.0.1 + - 10.109.15.1 fail_if_error: true -fqdn: node-106.test.domain.local +fqdn: node-172.test.domain.local fuel_version: '10.0' glance: - db_password: MsDiE541ui8k7CwOz30Gi9Xp + db_password: 3MG3g16ckWyd7AL7vj8dxPAO image_cache_max_size: '0' - user_password: TpzGJUJEKot5sTL5uHV0xg8I + user_password: hBaMbsDUZ3SALjaR2Cd078j4 glance_glare: - user_password: zfh2MuZRAeSFNEdeSsOpAQMu + user_password: fa2pz7SXzlr8y3C03VdxBwoi heat: - auth_encryption_key: 7dd1d369666993576b5950b8a1ef0ce3 - db_password: NPIG0kaAdd58x0fjjbbYLrYG + auth_encryption_key: 566a70c9468b32fa5f50fd64b01de3ae + db_password: ExCzV5GPSk7VIXXoGOPLVfik enabled: true - rabbit_password: Uw8zycD9KPpcvU44kWpKQv6A - user_password: IraoQkd21UPZMtRFx1ELuoLK + rabbit_password: 2XvuO3EYLTcfPxRFb6a6NJjP + user_password: EkKRAw65IsuUSbW8mQP5kyxZ horizon: - secret_key: 620b46d924af5b4bce034a608b1506fd7f3cfff533d54550782faf53b2e799ce + secret_key: 303e204e2b1c1170ebe725b8fdbea21269e9c6d5981ebdbe4b2ece434ad25bdb ironic: - db_password: n3lQIYlRVqglMHY9fpXDz85E + db_password: YuJFhoOuf2VfRjyMn1BGdghd enabled: false - swift_tempurl_key: PnuSg4VTChK8Cp2iV7LqyWZU - user_password: dpgoORnuYah1FpTiuoQNqQ3h + swift_tempurl_key: f9Ysxq2BrDIJEXFUWOmWS3MM + user_password: qnDpSW8pbtJV70HSWBsBojBo kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -169,12 +178,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: agJRuo348CBUvbqZfEKZrEfB - db_password: Q1otRNekrY9olWcPsLwL8o4J -last_controller: node-103 + admin_token: nbChjrgwEqYl9rPR7f0hJ9H5 + db_password: 1lV4Tka0GiXvZ34Q4gN4Dg4U +last_controller: node-168 libvirt_type: qemu management_network_range: 10.11.2.0/24 -master_ip: 10.110.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -186,15 +195,15 @@ mp: - point: '2' weight: '2' murano: - db_password: BdaF3e9MCU8bDgtzfAJcUNY3 + db_password: Nnor8L14GVTdQEHyokoL7sSq enabled: true - rabbit_password: bEwGlVTXfTw2nnVPDWXKYvf7 - user_password: OXGTowYHMTzpZUar3qbdeNda + rabbit_password: 0IgXAIhYjRTkURM9wy58SCTF + user_password: nPVzQPRaxnKYrnvZ8tcu8fho murano-cfapi: - db_password: jfOHzSzwoVOYTqkqIFE34B74 + db_password: 2T8kkAaHZxkSwSmcnUzLjY6p enabled: false - rabbit_password: tQdim6W8BEjYNnHn4toAknYf - user_password: b11u7kqEpk3QyPl9nrSsvMcV + rabbit_password: sQOYKyYaYu0vSoBtijvb8w7K + user_password: YifuvUuLALrUWrGlsHlP75pm murano_settings: metadata: group: openstack_services @@ -207,116 +216,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: HavpEYSrZVjmiGBCgG8flWKW - wsrep_password: HTuahKx1Il2Ow34epS9sLK5h + root_password: Olmhh6vQjRU6a6qU5Z9shWNY + wsrep_password: AP3RiOX0y6bT2PQrGC9ZXWXB network_metadata: nodes: - node-100: - fqdn: node-100.test.domain.local - name: node-100 + node-166: + fqdn: node-166.test.domain.local + name: node-166 network_roles: admin/pxe: 9.9.9.150 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - ex: 172.16.0.3 - fw-admin: 9.9.9.150 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/mesh: 192.168.2.5 - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '100' - uid: '100' - user_node_name: node-100 - node-101: - fqdn: node-101.test.domain.local - name: node-101 - network_roles: - admin/pxe: 9.9.9.151 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/radosgw: 172.16.0.4 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - ex: 172.16.0.4 - fw-admin: 9.9.9.151 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/mesh: 192.168.2.6 - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - public/vip: 172.16.0.4 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '101' - uid: '101' - user_node_name: node-101 - node-102: - fqdn: node-102.test.domain.local - name: node-102 - network_roles: - admin/pxe: 9.9.9.152 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 ceph/replication: 192.168.1.2 cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 - fw-admin: 9.9.9.152 + ex: 172.16.0.2 + fw-admin: 9.9.9.150 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -338,31 +255,79 @@ network_metadata: neutron/private: null nova/api: 192.168.0.2 nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 sahara/api: 192.168.0.2 storage: 192.168.1.2 swift/api: 192.168.0.2 swift/replication: 192.168.1.2 node_roles: - - primary-mongo + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '102' - uid: '102' - user_node_name: node-102 - node-103: - fqdn: node-103.test.domain.local - name: node-103 + swift_zone: '166' + uid: '166' + user_node_name: node-166 + node-167: + fqdn: node-167.test.domain.local + name: node-167 network_roles: - admin/pxe: 9.9.9.153 + admin/pxe: 9.9.9.151 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/radosgw: 172.16.0.4 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + ex: 172.16.0.4 + fw-admin: 9.9.9.151 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/mesh: 192.168.2.5 + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + public/vip: 172.16.0.4 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '167' + uid: '167' + user_node_name: node-167 + node-168: + fqdn: node-168.test.domain.local + name: node-168 + network_roles: + admin/pxe: 9.9.9.152 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 - ceph/radosgw: 172.16.0.2 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.4 cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 - ex: 172.16.0.2 - fw-admin: 9.9.9.153 + ex: 172.16.0.3 + fw-admin: 9.9.9.152 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -384,7 +349,7 @@ network_metadata: neutron/private: null nova/api: 192.168.0.4 nova/migration: 192.168.0.4 - public/vip: 172.16.0.2 + public/vip: 172.16.0.3 sahara/api: 192.168.0.4 storage: 192.168.1.4 swift/api: 192.168.0.4 @@ -393,21 +358,21 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '103' - uid: '103' - user_node_name: node-103 - node-104: - fqdn: node-104.test.domain.local - name: node-104 + swift_zone: '168' + uid: '168' + user_node_name: node-168 + node-169: + fqdn: node-169.test.domain.local + name: node-169 network_roles: - admin/pxe: 9.9.9.154 + admin/pxe: 9.9.9.153 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 ceph/replication: 192.168.1.3 cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 - fw-admin: 9.9.9.154 + fw-admin: 9.9.9.153 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -434,68 +399,112 @@ network_metadata: swift/api: 192.168.0.3 swift/replication: 192.168.1.3 node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '169' + uid: '169' + user_node_name: node-169 + node-170: + fqdn: node-170.test.domain.local + name: node-170 + network_roles: + admin/pxe: 9.9.9.154 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 9.9.9.154 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/mesh: 192.168.2.6 + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '104' - uid: '104' - user_node_name: node-104 - node-105: - fqdn: node-105.test.domain.local - name: node-105 + swift_zone: '170' + uid: '170' + user_node_name: node-170 + node-171: + fqdn: node-171.test.domain.local + name: node-171 network_roles: - admin/pxe: 10.110.0.105 - aodh/api: 10.11.2.2 - ceilometer/api: 10.11.2.2 - ceph/public: 10.11.3.2 - ceph/replication: 10.11.3.2 - cinder/api: 10.11.2.2 - cinder/iscsi: 10.11.3.2 - fw-admin: 10.110.0.105 - glance/api: 10.11.2.2 - glance/glare: 10.11.2.2 - heat/api: 10.11.2.2 - horizon: 10.11.2.2 - ironic/api: 10.11.2.2 - keystone/api: 10.11.2.2 - management: 10.11.2.2 - mgmt/corosync: 10.11.2.2 - mgmt/database: 10.11.2.2 - mgmt/memcache: 10.11.2.2 - mgmt/messaging: 10.11.2.2 - mgmt/vip: 10.11.2.2 - mongo/db: 10.11.2.2 - murano/api: 10.11.2.2 - murano/cfapi: 10.11.2.2 - neutron/api: 10.11.2.2 + admin/pxe: 10.109.15.100 + aodh/api: 10.11.2.4 + ceilometer/api: 10.11.2.4 + ceph/public: 10.11.3.4 + ceph/replication: 10.11.3.4 + cinder/api: 10.11.2.4 + cinder/iscsi: 10.11.3.4 + fw-admin: 10.109.15.100 + glance/api: 10.11.2.4 + glance/glare: 10.11.2.4 + heat/api: 10.11.2.4 + horizon: 10.11.2.4 + ironic/api: 10.11.2.4 + keystone/api: 10.11.2.4 + management: 10.11.2.4 + mgmt/corosync: 10.11.2.4 + mgmt/database: 10.11.2.4 + mgmt/memcache: 10.11.2.4 + mgmt/messaging: 10.11.2.4 + mgmt/vip: 10.11.2.4 + mongo/db: 10.11.2.4 + murano/api: 10.11.2.4 + murano/cfapi: 10.11.2.4 + neutron/api: 10.11.2.4 neutron/floating: null - neutron/mesh: 10.11.4.2 + neutron/mesh: 10.11.4.4 neutron/private: null - nova/api: 10.11.2.2 - nova/migration: 10.11.2.2 - sahara/api: 10.11.2.2 - storage: 10.11.3.2 - swift/api: 10.11.2.2 - swift/replication: 10.11.3.2 + nova/api: 10.11.2.4 + nova/migration: 10.11.2.4 + sahara/api: 10.11.2.4 + storage: 10.11.3.4 + swift/api: 10.11.2.4 + swift/replication: 10.11.3.4 node_roles: - compute nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '105' - uid: '105' - user_node_name: node-105 - node-106: - fqdn: node-106.test.domain.local - name: node-106 + swift_zone: '171' + uid: '171' + user_node_name: node-171 + node-172: + fqdn: node-172.test.domain.local + name: node-172 network_roles: - admin/pxe: 10.110.0.106 + admin/pxe: 10.109.15.101 aodh/api: 10.11.2.3 ceilometer/api: 10.11.2.3 ceph/public: 10.11.3.3 ceph/replication: 10.11.3.3 cinder/api: 10.11.2.3 cinder/iscsi: 10.11.3.3 - fw-admin: 10.110.0.106 + fw-admin: 10.109.15.101 glance/api: 10.11.2.3 glance/glare: 10.11.2.3 heat/api: 10.11.2.3 @@ -525,53 +534,53 @@ network_metadata: - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '106' - uid: '106' - user_node_name: node-106 - node-107: - fqdn: node-107.test.domain.local - name: node-107 + swift_zone: '172' + uid: '172' + user_node_name: node-172 + node-173: + fqdn: node-173.test.domain.local + name: node-173 network_roles: - admin/pxe: 10.110.0.107 - aodh/api: 10.11.2.4 - ceilometer/api: 10.11.2.4 - ceph/public: 10.11.3.4 - ceph/replication: 10.11.3.4 - cinder/api: 10.11.2.4 - cinder/iscsi: 10.11.3.4 - fw-admin: 10.110.0.107 - glance/api: 10.11.2.4 - glance/glare: 10.11.2.4 - heat/api: 10.11.2.4 - horizon: 10.11.2.4 - ironic/api: 10.11.2.4 - keystone/api: 10.11.2.4 - management: 10.11.2.4 - mgmt/corosync: 10.11.2.4 - mgmt/database: 10.11.2.4 - mgmt/memcache: 10.11.2.4 - mgmt/messaging: 10.11.2.4 - mgmt/vip: 10.11.2.4 - mongo/db: 10.11.2.4 - murano/api: 10.11.2.4 - murano/cfapi: 10.11.2.4 - neutron/api: 10.11.2.4 + admin/pxe: 10.109.15.102 + aodh/api: 10.11.2.2 + ceilometer/api: 10.11.2.2 + ceph/public: 10.11.3.2 + ceph/replication: 10.11.3.2 + cinder/api: 10.11.2.2 + cinder/iscsi: 10.11.3.2 + fw-admin: 10.109.15.102 + glance/api: 10.11.2.2 + glance/glare: 10.11.2.2 + heat/api: 10.11.2.2 + horizon: 10.11.2.2 + ironic/api: 10.11.2.2 + keystone/api: 10.11.2.2 + management: 10.11.2.2 + mgmt/corosync: 10.11.2.2 + mgmt/database: 10.11.2.2 + mgmt/memcache: 10.11.2.2 + mgmt/messaging: 10.11.2.2 + mgmt/vip: 10.11.2.2 + mongo/db: 10.11.2.2 + murano/api: 10.11.2.2 + murano/cfapi: 10.11.2.2 + neutron/api: 10.11.2.2 neutron/floating: null - neutron/mesh: 10.11.4.4 + neutron/mesh: 10.11.4.2 neutron/private: null - nova/api: 10.11.2.4 - nova/migration: 10.11.2.4 - sahara/api: 10.11.2.4 - storage: 10.11.3.4 - swift/api: 10.11.2.4 - swift/replication: 10.11.3.4 + nova/api: 10.11.2.2 + nova/migration: 10.11.2.2 + sahara/api: 10.11.2.2 + storage: 10.11.3.2 + swift/api: 10.11.2.2 + swift/replication: 10.11.3.2 node_roles: - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '107' - uid: '107' - user_node_name: node-107 + swift_zone: '173' + uid: '173' + user_node_name: node-173 vips: management: ipaddr: 192.168.0.8 @@ -618,13 +627,13 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.110.0.106/24 - gateway: 10.110.0.1 + - 10.109.15.101/24 + gateway: 10.109.15.1 routes: - net: 9.9.9.0/24 - via: 10.110.0.1 + via: 10.109.15.1 vendor_specific: - provider_gateway: 10.110.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - 10.11.4.3/24 @@ -965,97 +974,96 @@ node_volumes: size: 4096 type: lv nodes: -- fqdn: node-100.test.domain.local - internal_address: 192.168.0.5 +- fqdn: node-166.test.domain.local + internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-100 - public_address: 172.16.0.3 + name: node-166 + public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller - storage_address: 192.168.1.5 + storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '100' - uid: '100' - user_node_name: node-100 -- fqdn: node-101.test.domain.local - internal_address: 192.168.0.6 + swift_zone: '166' + uid: '166' + user_node_name: node-166 +- fqdn: node-167.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-101 + name: node-167 public_address: 172.16.0.4 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.6 + storage_address: 192.168.1.5 storage_netmask: 255.255.255.0 - swift_zone: '101' - uid: '101' - user_node_name: node-101 -- fqdn: node-102.test.domain.local - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-102 - role: primary-mongo - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '102' - uid: '102' - user_node_name: node-102 -- fqdn: node-103.test.domain.local + swift_zone: '167' + uid: '167' + user_node_name: node-167 +- fqdn: node-168.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-103 - public_address: 172.16.0.2 + name: node-168 + public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '103' - uid: '103' - user_node_name: node-103 -- fqdn: node-104.test.domain.local + swift_zone: '168' + uid: '168' + user_node_name: node-168 +- fqdn: node-169.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-104 - role: mongo + name: node-169 + role: primary-mongo storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '104' - uid: '104' - user_node_name: node-104 -- fqdn: node-105.test.domain.local - internal_address: 10.11.2.2 + swift_zone: '169' + uid: '169' + user_node_name: node-169 +- fqdn: node-170.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-105 - role: compute - storage_address: 10.11.3.2 + name: node-170 + role: mongo + storage_address: 192.168.1.6 storage_netmask: 255.255.255.0 - swift_zone: '105' - uid: '105' - user_node_name: node-105 -- fqdn: node-106.test.domain.local + swift_zone: '170' + uid: '170' + user_node_name: node-170 +- fqdn: node-171.test.domain.local + internal_address: 10.11.2.4 + internal_netmask: 255.255.255.0 + name: node-171 + role: compute + storage_address: 10.11.3.4 + storage_netmask: 255.255.255.0 + swift_zone: '171' + uid: '171' + user_node_name: node-171 +- fqdn: node-172.test.domain.local internal_address: 10.11.2.3 internal_netmask: 255.255.255.0 - name: node-106 + name: node-172 role: ceph-osd storage_address: 10.11.3.3 storage_netmask: 255.255.255.0 - swift_zone: '106' - uid: '106' - user_node_name: node-106 -- fqdn: node-107.test.domain.local - internal_address: 10.11.2.4 + swift_zone: '172' + uid: '172' + user_node_name: node-172 +- fqdn: node-173.test.domain.local + internal_address: 10.11.2.2 internal_netmask: 255.255.255.0 - name: node-107 + name: node-173 role: ceph-osd - storage_address: 10.11.3.4 + storage_address: 10.11.3.2 storage_netmask: 255.255.255.0 - swift_zone: '107' - uid: '107' - user_node_name: node-107 + swift_zone: '173' + uid: '173' + user_node_name: node-173 nova: - db_password: SC1N9S2jEEierqZQAlQzI4AG - enable_hugepages: false + db_password: 0gT5fZcJJEF5tj5JUsTAvNEM state_path: /var/lib/nova - user_password: HgY4rfPZvDBkUhv3eMG7tB38 + user_password: PSZ0K3JJz8tNDen5CcBKGiYG nova_quota: false online: true openstack_version: newton-10.0 @@ -1067,7 +1075,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: WFOckl12uMCnsLBLw3IjdGY3 + password: lWXduHshhqgM3yZUemvVm3X1 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 10.11.4.0/24 @@ -1078,11 +1086,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.110.0.2:8080/targetimages/env_10_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_19_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.110.0.2:8080/targetimages/env_10_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_19_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1204,8 +1212,8 @@ public_ssl: weight: 110 services: true puppet: - manifests: rsync://10.110.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.110.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1220,13 +1228,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: XQZbE7Ks6vJQVebi5t2qbWJ2 + passwd: DZIgJm9OOwyAVvR3igiuxeD4 default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: wm98EF3UsPr1eFLoRpZbaymT + admin_password: QXeNOWbZMAU7LDzLSBUCLGne metadata: - metadata_proxy_shared_secret: 9M4caqi6Rof07CrTnrfcH8dk + metadata_proxy_shared_secret: Q1IKwkARVhRz96nyI2kvWoGx predefined_networks: admin_floating_net: L2: @@ -1260,7 +1268,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: b3nzKgJNV6Il6RUwtkbpJSAy + password: 3wWWsIQyY8FQH4aQYKzZJzR3 release: attributes_metadata: editable: @@ -1368,6 +1376,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1450,6 +1501,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1870,6 +1933,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1904,8 +1970,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1982,11 +2046,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -2039,6 +2162,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2279,6 +2405,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2288,8 +2420,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2316,7 +2456,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2337,7 +2479,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2585,6 +2729,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2614,10 +2759,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2689,6 +2836,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2860,7 +3008,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.110.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2884,14 +3032,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.110.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - ceph-osd +run_ping_checker: true sahara: - db_password: Q6IQUhuwxxKRM5VT9h7obsOl + db_password: 6ktBXBB5FMjXQr7r1sdYsaLF enabled: true - user_password: fDR7LmZh0re1QnIe3IJ2wrXm + user_password: C0Fo6CQenaUzgdImpCWm6mU2 service_user: homedir: /var/lib/fuel metadata: @@ -2902,22 +3051,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: Y3lRpIPBtnHBWW9DQYp1oVgi + password: MIq1RJ0M3Mp2vTb6Z3FJpide root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0ZkxXAAAAABAA0CuALQKRMrWL4n+oDJYTYg== - bootstrap_osd_key: AQC0ZkxXAAAAABAAZVNysCu1aGHZS+wgsaLKYg== + admin_key: AQAqCaNXAAAAABAA7Ho2APSkkW7utFeot9vEfQ== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQAqCaNXAAAAABAAMyYcZoky3DPJJVE+Xoeo5w== ephemeral_ceph: true - fsid: 76c54382-db54-44f5-9861-406eafd4a23d + fsid: f4d53901-6968-4c18-8002-9d3219e34752 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0ZkxXAAAAABAAZqzyD3A9bxY6Au1p4W+aWQ== + mon_key: AQAqCaNXAAAAABAA19CR5wYIpFwgzIuL2jw8Og== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2928,13 +3089,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0ZkxXAAAAABAAO4zK7xt/7DtLGq/oPi5MAQ== + radosgw_key: AQAqCaNXAAAAABAAITslGKFCeJ81bd8WvT9r7g== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 10.11.3.0/24 swift: - user_password: ifU7DL7xG7bijqSPIcahMo9c + user_password: Dj6nmr9IcpcGcpZ5hC806i4x syslog: metadata: enabled: false @@ -2956,10 +3117,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '106' +uid: '172' use_cow_images: true use_vcenter: false -user_node_name: node-106 +user_node_name: node-172 vms_conf: [] workloads_collector: create_user: false @@ -2971,6 +3132,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 6wff0hvHmfNIxjqnNDUUN5c4 + password: GxzJK9EbevYqSsNyKd2SnbQE tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-compute.yaml b/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-compute.yaml index e390d57..3a87757 100644 --- a/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-compute.yaml +++ b/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-compute.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: BbGR52cd3LwohWb8TR9nPBwe - user_password: mdvzyl5bn1EyXUpCzlsYnP4A + db_password: M84vqpK4GS8BFVPCWzIBX2op + user_password: dSnu7i69V8woVAipRBfWpkAW +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.110.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: x1vXQVbx3QozWCsdeqO4pXI8 + db_password: IdzwGob6PswM4AQm5CfkS2GN enabled: true - metering_secret: FoOep7ohlScQkaHld0URFj0z - user_password: FLvSIKT54BUlaein3hqG3wwB + metering_secret: ISmdXiD6VS7u5sGQG4tTKwcL + user_password: vLJ2vrra7m2h3SMth1CrU0tq cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RUZBIY7QKhUoE1Jcq7lktN7s - fixed_key: 32351e49c6ee8e5f9c2f40c5541471b6098b07a7e61916a0a44811aeaa19a371 - user_password: nHHcNT6k9kdY5M2w8dPwczGb + db_password: 0bXTM3SEqAtiQq9M39CYwlcl + fixed_key: fe0270bd2fe1707b8d7c5bb75649108923893831657eadf46eb919cceeebd42a + user_password: OYmyX0ZkJfDpdM9pB3czSzdJ cluster: changes: - name: attributes @@ -42,40 +52,40 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 103 + node_id: 166 - name: disks - node_id: 103 + node_id: 166 - name: interfaces - node_id: 100 + node_id: 167 - name: disks - node_id: 100 + node_id: 167 - name: interfaces - node_id: 101 + node_id: 168 - name: disks - node_id: 101 + node_id: 168 - name: interfaces - node_id: 102 + node_id: 169 - name: disks - node_id: 102 + node_id: 169 - name: interfaces - node_id: 104 + node_id: 170 - name: disks - node_id: 104 + node_id: 170 - name: interfaces - node_id: 105 + node_id: 171 - name: disks - node_id: 105 + node_id: 171 - name: interfaces - node_id: 106 + node_id: 172 - name: disks - node_id: 106 + node_id: 172 - name: interfaces - node_id: 107 + node_id: 173 - name: disks - node_id: 107 + node_id: 173 components: [] fuel_version: '10.0' - id: 10 + id: 19 is_customized: false is_locked: false mode: ha_compact @@ -108,12 +118,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 10 +deployment_id: 19 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.110.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -139,29 +148,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 10.110.0.1 + - 10.109.15.1 fail_if_error: false -fqdn: node-105.test.domain.local +fqdn: node-171.test.domain.local fuel_version: '10.0' glance: - db_password: MsDiE541ui8k7CwOz30Gi9Xp + db_password: 3MG3g16ckWyd7AL7vj8dxPAO image_cache_max_size: '0' - user_password: TpzGJUJEKot5sTL5uHV0xg8I + user_password: hBaMbsDUZ3SALjaR2Cd078j4 glance_glare: - user_password: zfh2MuZRAeSFNEdeSsOpAQMu + user_password: fa2pz7SXzlr8y3C03VdxBwoi heat: - auth_encryption_key: 7dd1d369666993576b5950b8a1ef0ce3 - db_password: NPIG0kaAdd58x0fjjbbYLrYG + auth_encryption_key: 566a70c9468b32fa5f50fd64b01de3ae + db_password: ExCzV5GPSk7VIXXoGOPLVfik enabled: true - rabbit_password: Uw8zycD9KPpcvU44kWpKQv6A - user_password: IraoQkd21UPZMtRFx1ELuoLK + rabbit_password: 2XvuO3EYLTcfPxRFb6a6NJjP + user_password: EkKRAw65IsuUSbW8mQP5kyxZ horizon: - secret_key: 620b46d924af5b4bce034a608b1506fd7f3cfff533d54550782faf53b2e799ce + secret_key: 303e204e2b1c1170ebe725b8fdbea21269e9c6d5981ebdbe4b2ece434ad25bdb ironic: - db_password: n3lQIYlRVqglMHY9fpXDz85E + db_password: YuJFhoOuf2VfRjyMn1BGdghd enabled: false - swift_tempurl_key: PnuSg4VTChK8Cp2iV7LqyWZU - user_password: dpgoORnuYah1FpTiuoQNqQ3h + swift_tempurl_key: f9Ysxq2BrDIJEXFUWOmWS3MM + user_password: qnDpSW8pbtJV70HSWBsBojBo kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -169,12 +178,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: agJRuo348CBUvbqZfEKZrEfB - db_password: Q1otRNekrY9olWcPsLwL8o4J -last_controller: node-103 + admin_token: nbChjrgwEqYl9rPR7f0hJ9H5 + db_password: 1lV4Tka0GiXvZ34Q4gN4Dg4U +last_controller: node-168 libvirt_type: qemu management_network_range: 10.11.2.0/24 -master_ip: 10.110.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -186,15 +195,15 @@ mp: - point: '2' weight: '2' murano: - db_password: BdaF3e9MCU8bDgtzfAJcUNY3 + db_password: Nnor8L14GVTdQEHyokoL7sSq enabled: true - rabbit_password: bEwGlVTXfTw2nnVPDWXKYvf7 - user_password: OXGTowYHMTzpZUar3qbdeNda + rabbit_password: 0IgXAIhYjRTkURM9wy58SCTF + user_password: nPVzQPRaxnKYrnvZ8tcu8fho murano-cfapi: - db_password: jfOHzSzwoVOYTqkqIFE34B74 + db_password: 2T8kkAaHZxkSwSmcnUzLjY6p enabled: false - rabbit_password: tQdim6W8BEjYNnHn4toAknYf - user_password: b11u7kqEpk3QyPl9nrSsvMcV + rabbit_password: sQOYKyYaYu0vSoBtijvb8w7K + user_password: YifuvUuLALrUWrGlsHlP75pm murano_settings: metadata: group: openstack_services @@ -207,116 +216,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: HavpEYSrZVjmiGBCgG8flWKW - wsrep_password: HTuahKx1Il2Ow34epS9sLK5h + root_password: Olmhh6vQjRU6a6qU5Z9shWNY + wsrep_password: AP3RiOX0y6bT2PQrGC9ZXWXB network_metadata: nodes: - node-100: - fqdn: node-100.test.domain.local - name: node-100 + node-166: + fqdn: node-166.test.domain.local + name: node-166 network_roles: admin/pxe: 9.9.9.150 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - ex: 172.16.0.3 - fw-admin: 9.9.9.150 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/mesh: 192.168.2.5 - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '100' - uid: '100' - user_node_name: node-100 - node-101: - fqdn: node-101.test.domain.local - name: node-101 - network_roles: - admin/pxe: 9.9.9.151 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/radosgw: 172.16.0.4 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - ex: 172.16.0.4 - fw-admin: 9.9.9.151 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/mesh: 192.168.2.6 - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - public/vip: 172.16.0.4 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '101' - uid: '101' - user_node_name: node-101 - node-102: - fqdn: node-102.test.domain.local - name: node-102 - network_roles: - admin/pxe: 9.9.9.152 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 ceph/replication: 192.168.1.2 cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 - fw-admin: 9.9.9.152 + ex: 172.16.0.2 + fw-admin: 9.9.9.150 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -338,31 +255,79 @@ network_metadata: neutron/private: null nova/api: 192.168.0.2 nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 sahara/api: 192.168.0.2 storage: 192.168.1.2 swift/api: 192.168.0.2 swift/replication: 192.168.1.2 node_roles: - - primary-mongo + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '102' - uid: '102' - user_node_name: node-102 - node-103: - fqdn: node-103.test.domain.local - name: node-103 + swift_zone: '166' + uid: '166' + user_node_name: node-166 + node-167: + fqdn: node-167.test.domain.local + name: node-167 network_roles: - admin/pxe: 9.9.9.153 + admin/pxe: 9.9.9.151 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/radosgw: 172.16.0.4 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + ex: 172.16.0.4 + fw-admin: 9.9.9.151 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/mesh: 192.168.2.5 + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + public/vip: 172.16.0.4 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '167' + uid: '167' + user_node_name: node-167 + node-168: + fqdn: node-168.test.domain.local + name: node-168 + network_roles: + admin/pxe: 9.9.9.152 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 - ceph/radosgw: 172.16.0.2 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.4 cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 - ex: 172.16.0.2 - fw-admin: 9.9.9.153 + ex: 172.16.0.3 + fw-admin: 9.9.9.152 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -384,7 +349,7 @@ network_metadata: neutron/private: null nova/api: 192.168.0.4 nova/migration: 192.168.0.4 - public/vip: 172.16.0.2 + public/vip: 172.16.0.3 sahara/api: 192.168.0.4 storage: 192.168.1.4 swift/api: 192.168.0.4 @@ -393,21 +358,21 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '103' - uid: '103' - user_node_name: node-103 - node-104: - fqdn: node-104.test.domain.local - name: node-104 + swift_zone: '168' + uid: '168' + user_node_name: node-168 + node-169: + fqdn: node-169.test.domain.local + name: node-169 network_roles: - admin/pxe: 9.9.9.154 + admin/pxe: 9.9.9.153 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 ceph/replication: 192.168.1.3 cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 - fw-admin: 9.9.9.154 + fw-admin: 9.9.9.153 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -434,68 +399,112 @@ network_metadata: swift/api: 192.168.0.3 swift/replication: 192.168.1.3 node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '169' + uid: '169' + user_node_name: node-169 + node-170: + fqdn: node-170.test.domain.local + name: node-170 + network_roles: + admin/pxe: 9.9.9.154 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 9.9.9.154 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/mesh: 192.168.2.6 + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '104' - uid: '104' - user_node_name: node-104 - node-105: - fqdn: node-105.test.domain.local - name: node-105 + swift_zone: '170' + uid: '170' + user_node_name: node-170 + node-171: + fqdn: node-171.test.domain.local + name: node-171 network_roles: - admin/pxe: 10.110.0.105 - aodh/api: 10.11.2.2 - ceilometer/api: 10.11.2.2 - ceph/public: 10.11.3.2 - ceph/replication: 10.11.3.2 - cinder/api: 10.11.2.2 - cinder/iscsi: 10.11.3.2 - fw-admin: 10.110.0.105 - glance/api: 10.11.2.2 - glance/glare: 10.11.2.2 - heat/api: 10.11.2.2 - horizon: 10.11.2.2 - ironic/api: 10.11.2.2 - keystone/api: 10.11.2.2 - management: 10.11.2.2 - mgmt/corosync: 10.11.2.2 - mgmt/database: 10.11.2.2 - mgmt/memcache: 10.11.2.2 - mgmt/messaging: 10.11.2.2 - mgmt/vip: 10.11.2.2 - mongo/db: 10.11.2.2 - murano/api: 10.11.2.2 - murano/cfapi: 10.11.2.2 - neutron/api: 10.11.2.2 + admin/pxe: 10.109.15.100 + aodh/api: 10.11.2.4 + ceilometer/api: 10.11.2.4 + ceph/public: 10.11.3.4 + ceph/replication: 10.11.3.4 + cinder/api: 10.11.2.4 + cinder/iscsi: 10.11.3.4 + fw-admin: 10.109.15.100 + glance/api: 10.11.2.4 + glance/glare: 10.11.2.4 + heat/api: 10.11.2.4 + horizon: 10.11.2.4 + ironic/api: 10.11.2.4 + keystone/api: 10.11.2.4 + management: 10.11.2.4 + mgmt/corosync: 10.11.2.4 + mgmt/database: 10.11.2.4 + mgmt/memcache: 10.11.2.4 + mgmt/messaging: 10.11.2.4 + mgmt/vip: 10.11.2.4 + mongo/db: 10.11.2.4 + murano/api: 10.11.2.4 + murano/cfapi: 10.11.2.4 + neutron/api: 10.11.2.4 neutron/floating: null - neutron/mesh: 10.11.4.2 + neutron/mesh: 10.11.4.4 neutron/private: null - nova/api: 10.11.2.2 - nova/migration: 10.11.2.2 - sahara/api: 10.11.2.2 - storage: 10.11.3.2 - swift/api: 10.11.2.2 - swift/replication: 10.11.3.2 + nova/api: 10.11.2.4 + nova/migration: 10.11.2.4 + sahara/api: 10.11.2.4 + storage: 10.11.3.4 + swift/api: 10.11.2.4 + swift/replication: 10.11.3.4 node_roles: - compute nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '105' - uid: '105' - user_node_name: node-105 - node-106: - fqdn: node-106.test.domain.local - name: node-106 + swift_zone: '171' + uid: '171' + user_node_name: node-171 + node-172: + fqdn: node-172.test.domain.local + name: node-172 network_roles: - admin/pxe: 10.110.0.106 + admin/pxe: 10.109.15.101 aodh/api: 10.11.2.3 ceilometer/api: 10.11.2.3 ceph/public: 10.11.3.3 ceph/replication: 10.11.3.3 cinder/api: 10.11.2.3 cinder/iscsi: 10.11.3.3 - fw-admin: 10.110.0.106 + fw-admin: 10.109.15.101 glance/api: 10.11.2.3 glance/glare: 10.11.2.3 heat/api: 10.11.2.3 @@ -525,53 +534,53 @@ network_metadata: - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '106' - uid: '106' - user_node_name: node-106 - node-107: - fqdn: node-107.test.domain.local - name: node-107 + swift_zone: '172' + uid: '172' + user_node_name: node-172 + node-173: + fqdn: node-173.test.domain.local + name: node-173 network_roles: - admin/pxe: 10.110.0.107 - aodh/api: 10.11.2.4 - ceilometer/api: 10.11.2.4 - ceph/public: 10.11.3.4 - ceph/replication: 10.11.3.4 - cinder/api: 10.11.2.4 - cinder/iscsi: 10.11.3.4 - fw-admin: 10.110.0.107 - glance/api: 10.11.2.4 - glance/glare: 10.11.2.4 - heat/api: 10.11.2.4 - horizon: 10.11.2.4 - ironic/api: 10.11.2.4 - keystone/api: 10.11.2.4 - management: 10.11.2.4 - mgmt/corosync: 10.11.2.4 - mgmt/database: 10.11.2.4 - mgmt/memcache: 10.11.2.4 - mgmt/messaging: 10.11.2.4 - mgmt/vip: 10.11.2.4 - mongo/db: 10.11.2.4 - murano/api: 10.11.2.4 - murano/cfapi: 10.11.2.4 - neutron/api: 10.11.2.4 + admin/pxe: 10.109.15.102 + aodh/api: 10.11.2.2 + ceilometer/api: 10.11.2.2 + ceph/public: 10.11.3.2 + ceph/replication: 10.11.3.2 + cinder/api: 10.11.2.2 + cinder/iscsi: 10.11.3.2 + fw-admin: 10.109.15.102 + glance/api: 10.11.2.2 + glance/glare: 10.11.2.2 + heat/api: 10.11.2.2 + horizon: 10.11.2.2 + ironic/api: 10.11.2.2 + keystone/api: 10.11.2.2 + management: 10.11.2.2 + mgmt/corosync: 10.11.2.2 + mgmt/database: 10.11.2.2 + mgmt/memcache: 10.11.2.2 + mgmt/messaging: 10.11.2.2 + mgmt/vip: 10.11.2.2 + mongo/db: 10.11.2.2 + murano/api: 10.11.2.2 + murano/cfapi: 10.11.2.2 + neutron/api: 10.11.2.2 neutron/floating: null - neutron/mesh: 10.11.4.4 + neutron/mesh: 10.11.4.2 neutron/private: null - nova/api: 10.11.2.4 - nova/migration: 10.11.2.4 - sahara/api: 10.11.2.4 - storage: 10.11.3.4 - swift/api: 10.11.2.4 - swift/replication: 10.11.3.4 + nova/api: 10.11.2.2 + nova/migration: 10.11.2.2 + sahara/api: 10.11.2.2 + storage: 10.11.3.2 + swift/api: 10.11.2.2 + swift/replication: 10.11.3.2 node_roles: - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '107' - uid: '107' - user_node_name: node-107 + swift_zone: '173' + uid: '173' + user_node_name: node-173 vips: management: ipaddr: 192.168.0.8 @@ -618,16 +627,16 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.110.0.105/24 - gateway: 10.110.0.1 + - 10.109.15.100/24 + gateway: 10.109.15.1 routes: - net: 9.9.9.0/24 - via: 10.110.0.1 + via: 10.109.15.1 vendor_specific: - provider_gateway: 10.110.0.1 + provider_gateway: 10.109.15.1 br-mesh: IP: - - 10.11.4.2/24 + - 10.11.4.4/24 routes: - net: 192.168.2.0/24 via: 10.11.4.1 @@ -635,7 +644,7 @@ network_scheme: provider_gateway: 10.11.4.1 br-mgmt: IP: - - 10.11.2.2/24 + - 10.11.2.4/24 routes: - net: 192.168.0.0/24 via: 10.11.2.1 @@ -643,7 +652,7 @@ network_scheme: provider_gateway: 10.11.2.1 br-storage: IP: - - 10.11.3.2/24 + - 10.11.3.4/24 routes: - net: 192.168.1.0/24 via: 10.11.3.1 @@ -916,97 +925,96 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-100.test.domain.local - internal_address: 192.168.0.5 +- fqdn: node-166.test.domain.local + internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-100 - public_address: 172.16.0.3 + name: node-166 + public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller - storage_address: 192.168.1.5 + storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '100' - uid: '100' - user_node_name: node-100 -- fqdn: node-101.test.domain.local - internal_address: 192.168.0.6 + swift_zone: '166' + uid: '166' + user_node_name: node-166 +- fqdn: node-167.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-101 + name: node-167 public_address: 172.16.0.4 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.6 + storage_address: 192.168.1.5 storage_netmask: 255.255.255.0 - swift_zone: '101' - uid: '101' - user_node_name: node-101 -- fqdn: node-102.test.domain.local - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-102 - role: primary-mongo - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '102' - uid: '102' - user_node_name: node-102 -- fqdn: node-103.test.domain.local + swift_zone: '167' + uid: '167' + user_node_name: node-167 +- fqdn: node-168.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-103 - public_address: 172.16.0.2 + name: node-168 + public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '103' - uid: '103' - user_node_name: node-103 -- fqdn: node-104.test.domain.local + swift_zone: '168' + uid: '168' + user_node_name: node-168 +- fqdn: node-169.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-104 - role: mongo + name: node-169 + role: primary-mongo storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '104' - uid: '104' - user_node_name: node-104 -- fqdn: node-105.test.domain.local - internal_address: 10.11.2.2 + swift_zone: '169' + uid: '169' + user_node_name: node-169 +- fqdn: node-170.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-105 - role: compute - storage_address: 10.11.3.2 + name: node-170 + role: mongo + storage_address: 192.168.1.6 storage_netmask: 255.255.255.0 - swift_zone: '105' - uid: '105' - user_node_name: node-105 -- fqdn: node-106.test.domain.local + swift_zone: '170' + uid: '170' + user_node_name: node-170 +- fqdn: node-171.test.domain.local + internal_address: 10.11.2.4 + internal_netmask: 255.255.255.0 + name: node-171 + role: compute + storage_address: 10.11.3.4 + storage_netmask: 255.255.255.0 + swift_zone: '171' + uid: '171' + user_node_name: node-171 +- fqdn: node-172.test.domain.local internal_address: 10.11.2.3 internal_netmask: 255.255.255.0 - name: node-106 + name: node-172 role: ceph-osd storage_address: 10.11.3.3 storage_netmask: 255.255.255.0 - swift_zone: '106' - uid: '106' - user_node_name: node-106 -- fqdn: node-107.test.domain.local - internal_address: 10.11.2.4 + swift_zone: '172' + uid: '172' + user_node_name: node-172 +- fqdn: node-173.test.domain.local + internal_address: 10.11.2.2 internal_netmask: 255.255.255.0 - name: node-107 + name: node-173 role: ceph-osd - storage_address: 10.11.3.4 + storage_address: 10.11.3.2 storage_netmask: 255.255.255.0 - swift_zone: '107' - uid: '107' - user_node_name: node-107 + swift_zone: '173' + uid: '173' + user_node_name: node-173 nova: - db_password: SC1N9S2jEEierqZQAlQzI4AG - enable_hugepages: false + db_password: 0gT5fZcJJEF5tj5JUsTAvNEM state_path: /var/lib/nova - user_password: HgY4rfPZvDBkUhv3eMG7tB38 + user_password: PSZ0K3JJz8tNDen5CcBKGiYG nova_quota: false online: true openstack_version: newton-10.0 @@ -1018,7 +1026,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: WFOckl12uMCnsLBLw3IjdGY3 + password: lWXduHshhqgM3yZUemvVm3X1 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] private_network_range: 10.11.4.0/24 @@ -1029,11 +1037,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.110.0.2:8080/targetimages/env_10_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_19_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.110.0.2:8080/targetimages/env_10_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_19_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1155,8 +1163,8 @@ public_ssl: weight: 110 services: true puppet: - manifests: rsync://10.110.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.110.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1171,13 +1179,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: XQZbE7Ks6vJQVebi5t2qbWJ2 + passwd: DZIgJm9OOwyAVvR3igiuxeD4 default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: wm98EF3UsPr1eFLoRpZbaymT + admin_password: QXeNOWbZMAU7LDzLSBUCLGne metadata: - metadata_proxy_shared_secret: 9M4caqi6Rof07CrTnrfcH8dk + metadata_proxy_shared_secret: Q1IKwkARVhRz96nyI2kvWoGx predefined_networks: admin_floating_net: L2: @@ -1211,7 +1219,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: b3nzKgJNV6Il6RUwtkbpJSAy + password: 3wWWsIQyY8FQH4aQYKzZJzR3 release: attributes_metadata: editable: @@ -1319,6 +1327,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1401,6 +1452,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1821,6 +1884,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1855,8 +1921,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1933,11 +1997,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1990,6 +2113,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2230,6 +2356,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2239,8 +2371,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2267,7 +2407,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2288,7 +2430,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2536,6 +2680,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2565,10 +2710,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2640,6 +2787,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2811,7 +2959,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.110.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2835,14 +2983,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.110.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - compute +run_ping_checker: true sahara: - db_password: Q6IQUhuwxxKRM5VT9h7obsOl + db_password: 6ktBXBB5FMjXQr7r1sdYsaLF enabled: true - user_password: fDR7LmZh0re1QnIe3IJ2wrXm + user_password: C0Fo6CQenaUzgdImpCWm6mU2 service_user: homedir: /var/lib/fuel metadata: @@ -2853,22 +3002,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: Y3lRpIPBtnHBWW9DQYp1oVgi + password: MIq1RJ0M3Mp2vTb6Z3FJpide root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0ZkxXAAAAABAA0CuALQKRMrWL4n+oDJYTYg== - bootstrap_osd_key: AQC0ZkxXAAAAABAAZVNysCu1aGHZS+wgsaLKYg== + admin_key: AQAqCaNXAAAAABAA7Ho2APSkkW7utFeot9vEfQ== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQAqCaNXAAAAABAAMyYcZoky3DPJJVE+Xoeo5w== ephemeral_ceph: true - fsid: 76c54382-db54-44f5-9861-406eafd4a23d + fsid: f4d53901-6968-4c18-8002-9d3219e34752 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0ZkxXAAAAABAAZqzyD3A9bxY6Au1p4W+aWQ== + mon_key: AQAqCaNXAAAAABAA19CR5wYIpFwgzIuL2jw8Og== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2879,13 +3040,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0ZkxXAAAAABAAO4zK7xt/7DtLGq/oPi5MAQ== + radosgw_key: AQAqCaNXAAAAABAAITslGKFCeJ81bd8WvT9r7g== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 10.11.3.0/24 swift: - user_password: ifU7DL7xG7bijqSPIcahMo9c + user_password: Dj6nmr9IcpcGcpZ5hC806i4x syslog: metadata: enabled: false @@ -2907,10 +3068,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '105' +uid: '171' use_cow_images: true use_vcenter: false -user_node_name: node-105 +user_node_name: node-171 vms_conf: [] workloads_collector: create_user: false @@ -2922,6 +3083,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 6wff0hvHmfNIxjqnNDUUN5c4 + password: GxzJK9EbevYqSsNyKd2SnbQE tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-controller.yaml b/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-controller.yaml index f598764..e3b58f8 100644 --- a/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-controller.yaml +++ b/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: BbGR52cd3LwohWb8TR9nPBwe - user_password: mdvzyl5bn1EyXUpCzlsYnP4A + db_password: M84vqpK4GS8BFVPCWzIBX2op + user_password: dSnu7i69V8woVAipRBfWpkAW +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.110.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: x1vXQVbx3QozWCsdeqO4pXI8 + db_password: IdzwGob6PswM4AQm5CfkS2GN enabled: true - metering_secret: FoOep7ohlScQkaHld0URFj0z - user_password: FLvSIKT54BUlaein3hqG3wwB + metering_secret: ISmdXiD6VS7u5sGQG4tTKwcL + user_password: vLJ2vrra7m2h3SMth1CrU0tq cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RUZBIY7QKhUoE1Jcq7lktN7s - fixed_key: 32351e49c6ee8e5f9c2f40c5541471b6098b07a7e61916a0a44811aeaa19a371 - user_password: nHHcNT6k9kdY5M2w8dPwczGb + db_password: 0bXTM3SEqAtiQq9M39CYwlcl + fixed_key: fe0270bd2fe1707b8d7c5bb75649108923893831657eadf46eb919cceeebd42a + user_password: OYmyX0ZkJfDpdM9pB3czSzdJ cluster: changes: - name: attributes @@ -42,40 +52,40 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 103 + node_id: 166 - name: disks - node_id: 103 + node_id: 166 - name: interfaces - node_id: 100 + node_id: 167 - name: disks - node_id: 100 + node_id: 167 - name: interfaces - node_id: 101 + node_id: 168 - name: disks - node_id: 101 + node_id: 168 - name: interfaces - node_id: 102 + node_id: 169 - name: disks - node_id: 102 + node_id: 169 - name: interfaces - node_id: 104 + node_id: 170 - name: disks - node_id: 104 + node_id: 170 - name: interfaces - node_id: 105 + node_id: 171 - name: disks - node_id: 105 + node_id: 171 - name: interfaces - node_id: 106 + node_id: 172 - name: disks - node_id: 106 + node_id: 172 - name: interfaces - node_id: 107 + node_id: 173 - name: disks - node_id: 107 + node_id: 173 components: [] fuel_version: '10.0' - id: 10 + id: 19 is_customized: false is_locked: false mode: ha_compact @@ -108,12 +118,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 10 +deployment_id: 19 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.110.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -139,29 +148,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 10.110.0.1 + - 10.109.15.1 fail_if_error: true -fqdn: node-100.test.domain.local +fqdn: node-166.test.domain.local fuel_version: '10.0' glance: - db_password: MsDiE541ui8k7CwOz30Gi9Xp + db_password: 3MG3g16ckWyd7AL7vj8dxPAO image_cache_max_size: '0' - user_password: TpzGJUJEKot5sTL5uHV0xg8I + user_password: hBaMbsDUZ3SALjaR2Cd078j4 glance_glare: - user_password: zfh2MuZRAeSFNEdeSsOpAQMu + user_password: fa2pz7SXzlr8y3C03VdxBwoi heat: - auth_encryption_key: 7dd1d369666993576b5950b8a1ef0ce3 - db_password: NPIG0kaAdd58x0fjjbbYLrYG + auth_encryption_key: 566a70c9468b32fa5f50fd64b01de3ae + db_password: ExCzV5GPSk7VIXXoGOPLVfik enabled: true - rabbit_password: Uw8zycD9KPpcvU44kWpKQv6A - user_password: IraoQkd21UPZMtRFx1ELuoLK + rabbit_password: 2XvuO3EYLTcfPxRFb6a6NJjP + user_password: EkKRAw65IsuUSbW8mQP5kyxZ horizon: - secret_key: 620b46d924af5b4bce034a608b1506fd7f3cfff533d54550782faf53b2e799ce + secret_key: 303e204e2b1c1170ebe725b8fdbea21269e9c6d5981ebdbe4b2ece434ad25bdb ironic: - db_password: n3lQIYlRVqglMHY9fpXDz85E + db_password: YuJFhoOuf2VfRjyMn1BGdghd enabled: false - swift_tempurl_key: PnuSg4VTChK8Cp2iV7LqyWZU - user_password: dpgoORnuYah1FpTiuoQNqQ3h + swift_tempurl_key: f9Ysxq2BrDIJEXFUWOmWS3MM + user_password: qnDpSW8pbtJV70HSWBsBojBo kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -169,12 +178,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: agJRuo348CBUvbqZfEKZrEfB - db_password: Q1otRNekrY9olWcPsLwL8o4J -last_controller: node-103 + admin_token: nbChjrgwEqYl9rPR7f0hJ9H5 + db_password: 1lV4Tka0GiXvZ34Q4gN4Dg4U +last_controller: node-168 libvirt_type: qemu -management_network_range: 10.11.2.0/24 -master_ip: 10.110.0.2 +management_network_range: 192.168.0.0/24 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -186,15 +195,15 @@ mp: - point: '2' weight: '2' murano: - db_password: BdaF3e9MCU8bDgtzfAJcUNY3 + db_password: Nnor8L14GVTdQEHyokoL7sSq enabled: true - rabbit_password: bEwGlVTXfTw2nnVPDWXKYvf7 - user_password: OXGTowYHMTzpZUar3qbdeNda + rabbit_password: 0IgXAIhYjRTkURM9wy58SCTF + user_password: nPVzQPRaxnKYrnvZ8tcu8fho murano-cfapi: - db_password: jfOHzSzwoVOYTqkqIFE34B74 + db_password: 2T8kkAaHZxkSwSmcnUzLjY6p enabled: false - rabbit_password: tQdim6W8BEjYNnHn4toAknYf - user_password: b11u7kqEpk3QyPl9nrSsvMcV + rabbit_password: sQOYKyYaYu0vSoBtijvb8w7K + user_password: YifuvUuLALrUWrGlsHlP75pm murano_settings: metadata: group: openstack_services @@ -207,116 +216,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: HavpEYSrZVjmiGBCgG8flWKW - wsrep_password: HTuahKx1Il2Ow34epS9sLK5h + root_password: Olmhh6vQjRU6a6qU5Z9shWNY + wsrep_password: AP3RiOX0y6bT2PQrGC9ZXWXB network_metadata: nodes: - node-100: - fqdn: node-100.test.domain.local - name: node-100 + node-166: + fqdn: node-166.test.domain.local + name: node-166 network_roles: admin/pxe: 9.9.9.150 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - ex: 172.16.0.3 - fw-admin: 9.9.9.150 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/mesh: 192.168.2.5 - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '100' - uid: '100' - user_node_name: node-100 - node-101: - fqdn: node-101.test.domain.local - name: node-101 - network_roles: - admin/pxe: 9.9.9.151 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/radosgw: 172.16.0.4 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - ex: 172.16.0.4 - fw-admin: 9.9.9.151 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/mesh: 192.168.2.6 - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - public/vip: 172.16.0.4 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '101' - uid: '101' - user_node_name: node-101 - node-102: - fqdn: node-102.test.domain.local - name: node-102 - network_roles: - admin/pxe: 9.9.9.152 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 ceph/replication: 192.168.1.2 cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 - fw-admin: 9.9.9.152 + ex: 172.16.0.2 + fw-admin: 9.9.9.150 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -338,31 +255,79 @@ network_metadata: neutron/private: null nova/api: 192.168.0.2 nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 sahara/api: 192.168.0.2 storage: 192.168.1.2 swift/api: 192.168.0.2 swift/replication: 192.168.1.2 node_roles: - - primary-mongo + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '102' - uid: '102' - user_node_name: node-102 - node-103: - fqdn: node-103.test.domain.local - name: node-103 + swift_zone: '166' + uid: '166' + user_node_name: node-166 + node-167: + fqdn: node-167.test.domain.local + name: node-167 network_roles: - admin/pxe: 9.9.9.153 + admin/pxe: 9.9.9.151 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/radosgw: 172.16.0.4 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + ex: 172.16.0.4 + fw-admin: 9.9.9.151 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/mesh: 192.168.2.5 + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + public/vip: 172.16.0.4 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '167' + uid: '167' + user_node_name: node-167 + node-168: + fqdn: node-168.test.domain.local + name: node-168 + network_roles: + admin/pxe: 9.9.9.152 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 - ceph/radosgw: 172.16.0.2 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.4 cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 - ex: 172.16.0.2 - fw-admin: 9.9.9.153 + ex: 172.16.0.3 + fw-admin: 9.9.9.152 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -384,7 +349,7 @@ network_metadata: neutron/private: null nova/api: 192.168.0.4 nova/migration: 192.168.0.4 - public/vip: 172.16.0.2 + public/vip: 172.16.0.3 sahara/api: 192.168.0.4 storage: 192.168.1.4 swift/api: 192.168.0.4 @@ -393,21 +358,21 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '103' - uid: '103' - user_node_name: node-103 - node-104: - fqdn: node-104.test.domain.local - name: node-104 + swift_zone: '168' + uid: '168' + user_node_name: node-168 + node-169: + fqdn: node-169.test.domain.local + name: node-169 network_roles: - admin/pxe: 9.9.9.154 + admin/pxe: 9.9.9.153 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 ceph/replication: 192.168.1.3 cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 - fw-admin: 9.9.9.154 + fw-admin: 9.9.9.153 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -434,68 +399,112 @@ network_metadata: swift/api: 192.168.0.3 swift/replication: 192.168.1.3 node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '169' + uid: '169' + user_node_name: node-169 + node-170: + fqdn: node-170.test.domain.local + name: node-170 + network_roles: + admin/pxe: 9.9.9.154 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 9.9.9.154 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/mesh: 192.168.2.6 + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '104' - uid: '104' - user_node_name: node-104 - node-105: - fqdn: node-105.test.domain.local - name: node-105 + swift_zone: '170' + uid: '170' + user_node_name: node-170 + node-171: + fqdn: node-171.test.domain.local + name: node-171 network_roles: - admin/pxe: 10.110.0.105 - aodh/api: 10.11.2.2 - ceilometer/api: 10.11.2.2 - ceph/public: 10.11.3.2 - ceph/replication: 10.11.3.2 - cinder/api: 10.11.2.2 - cinder/iscsi: 10.11.3.2 - fw-admin: 10.110.0.105 - glance/api: 10.11.2.2 - glance/glare: 10.11.2.2 - heat/api: 10.11.2.2 - horizon: 10.11.2.2 - ironic/api: 10.11.2.2 - keystone/api: 10.11.2.2 - management: 10.11.2.2 - mgmt/corosync: 10.11.2.2 - mgmt/database: 10.11.2.2 - mgmt/memcache: 10.11.2.2 - mgmt/messaging: 10.11.2.2 - mgmt/vip: 10.11.2.2 - mongo/db: 10.11.2.2 - murano/api: 10.11.2.2 - murano/cfapi: 10.11.2.2 - neutron/api: 10.11.2.2 + admin/pxe: 10.109.15.100 + aodh/api: 10.11.2.4 + ceilometer/api: 10.11.2.4 + ceph/public: 10.11.3.4 + ceph/replication: 10.11.3.4 + cinder/api: 10.11.2.4 + cinder/iscsi: 10.11.3.4 + fw-admin: 10.109.15.100 + glance/api: 10.11.2.4 + glance/glare: 10.11.2.4 + heat/api: 10.11.2.4 + horizon: 10.11.2.4 + ironic/api: 10.11.2.4 + keystone/api: 10.11.2.4 + management: 10.11.2.4 + mgmt/corosync: 10.11.2.4 + mgmt/database: 10.11.2.4 + mgmt/memcache: 10.11.2.4 + mgmt/messaging: 10.11.2.4 + mgmt/vip: 10.11.2.4 + mongo/db: 10.11.2.4 + murano/api: 10.11.2.4 + murano/cfapi: 10.11.2.4 + neutron/api: 10.11.2.4 neutron/floating: null - neutron/mesh: 10.11.4.2 + neutron/mesh: 10.11.4.4 neutron/private: null - nova/api: 10.11.2.2 - nova/migration: 10.11.2.2 - sahara/api: 10.11.2.2 - storage: 10.11.3.2 - swift/api: 10.11.2.2 - swift/replication: 10.11.3.2 + nova/api: 10.11.2.4 + nova/migration: 10.11.2.4 + sahara/api: 10.11.2.4 + storage: 10.11.3.4 + swift/api: 10.11.2.4 + swift/replication: 10.11.3.4 node_roles: - compute nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '105' - uid: '105' - user_node_name: node-105 - node-106: - fqdn: node-106.test.domain.local - name: node-106 + swift_zone: '171' + uid: '171' + user_node_name: node-171 + node-172: + fqdn: node-172.test.domain.local + name: node-172 network_roles: - admin/pxe: 10.110.0.106 + admin/pxe: 10.109.15.101 aodh/api: 10.11.2.3 ceilometer/api: 10.11.2.3 ceph/public: 10.11.3.3 ceph/replication: 10.11.3.3 cinder/api: 10.11.2.3 cinder/iscsi: 10.11.3.3 - fw-admin: 10.110.0.106 + fw-admin: 10.109.15.101 glance/api: 10.11.2.3 glance/glare: 10.11.2.3 heat/api: 10.11.2.3 @@ -525,53 +534,53 @@ network_metadata: - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '106' - uid: '106' - user_node_name: node-106 - node-107: - fqdn: node-107.test.domain.local - name: node-107 + swift_zone: '172' + uid: '172' + user_node_name: node-172 + node-173: + fqdn: node-173.test.domain.local + name: node-173 network_roles: - admin/pxe: 10.110.0.107 - aodh/api: 10.11.2.4 - ceilometer/api: 10.11.2.4 - ceph/public: 10.11.3.4 - ceph/replication: 10.11.3.4 - cinder/api: 10.11.2.4 - cinder/iscsi: 10.11.3.4 - fw-admin: 10.110.0.107 - glance/api: 10.11.2.4 - glance/glare: 10.11.2.4 - heat/api: 10.11.2.4 - horizon: 10.11.2.4 - ironic/api: 10.11.2.4 - keystone/api: 10.11.2.4 - management: 10.11.2.4 - mgmt/corosync: 10.11.2.4 - mgmt/database: 10.11.2.4 - mgmt/memcache: 10.11.2.4 - mgmt/messaging: 10.11.2.4 - mgmt/vip: 10.11.2.4 - mongo/db: 10.11.2.4 - murano/api: 10.11.2.4 - murano/cfapi: 10.11.2.4 - neutron/api: 10.11.2.4 + admin/pxe: 10.109.15.102 + aodh/api: 10.11.2.2 + ceilometer/api: 10.11.2.2 + ceph/public: 10.11.3.2 + ceph/replication: 10.11.3.2 + cinder/api: 10.11.2.2 + cinder/iscsi: 10.11.3.2 + fw-admin: 10.109.15.102 + glance/api: 10.11.2.2 + glance/glare: 10.11.2.2 + heat/api: 10.11.2.2 + horizon: 10.11.2.2 + ironic/api: 10.11.2.2 + keystone/api: 10.11.2.2 + management: 10.11.2.2 + mgmt/corosync: 10.11.2.2 + mgmt/database: 10.11.2.2 + mgmt/memcache: 10.11.2.2 + mgmt/messaging: 10.11.2.2 + mgmt/vip: 10.11.2.2 + mongo/db: 10.11.2.2 + murano/api: 10.11.2.2 + murano/cfapi: 10.11.2.2 + neutron/api: 10.11.2.2 neutron/floating: null - neutron/mesh: 10.11.4.4 + neutron/mesh: 10.11.4.2 neutron/private: null - nova/api: 10.11.2.4 - nova/migration: 10.11.2.4 - sahara/api: 10.11.2.4 - storage: 10.11.3.4 - swift/api: 10.11.2.4 - swift/replication: 10.11.3.4 + nova/api: 10.11.2.2 + nova/migration: 10.11.2.2 + sahara/api: 10.11.2.2 + storage: 10.11.3.2 + swift/api: 10.11.2.2 + swift/replication: 10.11.3.2 node_roles: - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '107' - uid: '107' - user_node_name: node-107 + swift_zone: '173' + uid: '173' + user_node_name: node-173 vips: management: ipaddr: 192.168.0.8 @@ -618,7 +627,7 @@ network_scheme: endpoints: br-ex: IP: - - 172.16.0.3/24 + - 172.16.0.2/24 gateway: 172.16.0.1 routes: - net: 10.11.1.0/24 @@ -631,13 +640,13 @@ network_scheme: IP: - 9.9.9.150/24 routes: - - net: 10.110.0.0/24 + - net: 10.109.15.0/24 via: 9.9.9.1 vendor_specific: provider_gateway: 9.9.9.1 br-mesh: IP: - - 192.168.2.5/24 + - 192.168.2.2/24 routes: - net: 10.11.4.0/24 via: 192.168.2.1 @@ -645,7 +654,7 @@ network_scheme: provider_gateway: 192.168.2.1 br-mgmt: IP: - - 192.168.0.5/24 + - 192.168.0.2/24 routes: - net: 10.11.2.0/24 via: 192.168.0.1 @@ -653,7 +662,7 @@ network_scheme: provider_gateway: 192.168.0.1 br-storage: IP: - - 192.168.1.5/24 + - 192.168.1.2/24 routes: - net: 10.11.3.0/24 via: 192.168.1.1 @@ -1014,97 +1023,96 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-100.test.domain.local - internal_address: 192.168.0.5 +- fqdn: node-166.test.domain.local + internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-100 - public_address: 172.16.0.3 + name: node-166 + public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller - storage_address: 192.168.1.5 + storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '100' - uid: '100' - user_node_name: node-100 -- fqdn: node-101.test.domain.local - internal_address: 192.168.0.6 + swift_zone: '166' + uid: '166' + user_node_name: node-166 +- fqdn: node-167.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-101 + name: node-167 public_address: 172.16.0.4 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.6 + storage_address: 192.168.1.5 storage_netmask: 255.255.255.0 - swift_zone: '101' - uid: '101' - user_node_name: node-101 -- fqdn: node-102.test.domain.local - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-102 - role: primary-mongo - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '102' - uid: '102' - user_node_name: node-102 -- fqdn: node-103.test.domain.local + swift_zone: '167' + uid: '167' + user_node_name: node-167 +- fqdn: node-168.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-103 - public_address: 172.16.0.2 + name: node-168 + public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '103' - uid: '103' - user_node_name: node-103 -- fqdn: node-104.test.domain.local + swift_zone: '168' + uid: '168' + user_node_name: node-168 +- fqdn: node-169.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-104 - role: mongo + name: node-169 + role: primary-mongo storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '104' - uid: '104' - user_node_name: node-104 -- fqdn: node-105.test.domain.local - internal_address: 10.11.2.2 + swift_zone: '169' + uid: '169' + user_node_name: node-169 +- fqdn: node-170.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-105 - role: compute - storage_address: 10.11.3.2 + name: node-170 + role: mongo + storage_address: 192.168.1.6 storage_netmask: 255.255.255.0 - swift_zone: '105' - uid: '105' - user_node_name: node-105 -- fqdn: node-106.test.domain.local + swift_zone: '170' + uid: '170' + user_node_name: node-170 +- fqdn: node-171.test.domain.local + internal_address: 10.11.2.4 + internal_netmask: 255.255.255.0 + name: node-171 + role: compute + storage_address: 10.11.3.4 + storage_netmask: 255.255.255.0 + swift_zone: '171' + uid: '171' + user_node_name: node-171 +- fqdn: node-172.test.domain.local internal_address: 10.11.2.3 internal_netmask: 255.255.255.0 - name: node-106 + name: node-172 role: ceph-osd storage_address: 10.11.3.3 storage_netmask: 255.255.255.0 - swift_zone: '106' - uid: '106' - user_node_name: node-106 -- fqdn: node-107.test.domain.local - internal_address: 10.11.2.4 + swift_zone: '172' + uid: '172' + user_node_name: node-172 +- fqdn: node-173.test.domain.local + internal_address: 10.11.2.2 internal_netmask: 255.255.255.0 - name: node-107 + name: node-173 role: ceph-osd - storage_address: 10.11.3.4 + storage_address: 10.11.3.2 storage_netmask: 255.255.255.0 - swift_zone: '107' - uid: '107' - user_node_name: node-107 + swift_zone: '173' + uid: '173' + user_node_name: node-173 nova: - db_password: SC1N9S2jEEierqZQAlQzI4AG - enable_hugepages: false + db_password: 0gT5fZcJJEF5tj5JUsTAvNEM state_path: /var/lib/nova - user_password: HgY4rfPZvDBkUhv3eMG7tB38 + user_password: PSZ0K3JJz8tNDen5CcBKGiYG nova_quota: false online: true openstack_version: newton-10.0 @@ -1116,10 +1124,10 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: WFOckl12uMCnsLBLw3IjdGY3 + password: lWXduHshhqgM3yZUemvVm3X1 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] -private_network_range: 10.11.4.0/24 +private_network_range: 192.168.2.0/24 propagate_task_deploy: false provision: codename: trusty @@ -1127,11 +1135,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.110.0.2:8080/targetimages/env_10_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_19_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.110.0.2:8080/targetimages/env_10_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_19_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1253,8 +1261,8 @@ public_ssl: weight: 110 services: true puppet: - manifests: rsync://10.110.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.110.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1269,13 +1277,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: XQZbE7Ks6vJQVebi5t2qbWJ2 + passwd: DZIgJm9OOwyAVvR3igiuxeD4 default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: wm98EF3UsPr1eFLoRpZbaymT + admin_password: QXeNOWbZMAU7LDzLSBUCLGne metadata: - metadata_proxy_shared_secret: 9M4caqi6Rof07CrTnrfcH8dk + metadata_proxy_shared_secret: Q1IKwkARVhRz96nyI2kvWoGx predefined_networks: admin_floating_net: L2: @@ -1309,7 +1317,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: b3nzKgJNV6Il6RUwtkbpJSAy + password: 3wWWsIQyY8FQH4aQYKzZJzR3 release: attributes_metadata: editable: @@ -1417,6 +1425,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1499,6 +1550,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1919,6 +1982,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1953,8 +2019,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -2031,11 +2095,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -2088,6 +2211,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2328,6 +2454,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2337,8 +2469,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2365,7 +2505,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2386,7 +2528,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2634,6 +2778,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2663,10 +2808,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2738,6 +2885,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2909,7 +3057,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.110.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2933,14 +3081,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.110.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-controller +run_ping_checker: true sahara: - db_password: Q6IQUhuwxxKRM5VT9h7obsOl + db_password: 6ktBXBB5FMjXQr7r1sdYsaLF enabled: true - user_password: fDR7LmZh0re1QnIe3IJ2wrXm + user_password: C0Fo6CQenaUzgdImpCWm6mU2 service_user: homedir: /var/lib/fuel metadata: @@ -2951,22 +3100,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: Y3lRpIPBtnHBWW9DQYp1oVgi + password: MIq1RJ0M3Mp2vTb6Z3FJpide root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0ZkxXAAAAABAA0CuALQKRMrWL4n+oDJYTYg== - bootstrap_osd_key: AQC0ZkxXAAAAABAAZVNysCu1aGHZS+wgsaLKYg== + admin_key: AQAqCaNXAAAAABAA7Ho2APSkkW7utFeot9vEfQ== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQAqCaNXAAAAABAAMyYcZoky3DPJJVE+Xoeo5w== ephemeral_ceph: true - fsid: 76c54382-db54-44f5-9861-406eafd4a23d + fsid: f4d53901-6968-4c18-8002-9d3219e34752 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0ZkxXAAAAABAAZqzyD3A9bxY6Au1p4W+aWQ== + mon_key: AQAqCaNXAAAAABAA19CR5wYIpFwgzIuL2jw8Og== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2977,13 +3138,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0ZkxXAAAAABAAO4zK7xt/7DtLGq/oPi5MAQ== + radosgw_key: AQAqCaNXAAAAABAAITslGKFCeJ81bd8WvT9r7g== volumes_block_device: false volumes_ceph: true volumes_lvm: false -storage_network_range: 10.11.3.0/24 +storage_network_range: 192.168.1.0/24 swift: - user_password: ifU7DL7xG7bijqSPIcahMo9c + user_password: Dj6nmr9IcpcGcpZ5hC806i4x syslog: metadata: enabled: false @@ -3005,10 +3166,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '100' +uid: '166' use_cow_images: true use_vcenter: false -user_node_name: node-100 +user_node_name: node-166 vms_conf: [] workloads_collector: create_user: false @@ -3020,6 +3181,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 6wff0hvHmfNIxjqnNDUUN5c4 + password: GxzJK9EbevYqSsNyKd2SnbQE tenant: services username: fuel_stats_user diff --git a/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-mongo.yaml b/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-mongo.yaml index 2325074..0250a42 100644 --- a/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-mongo.yaml +++ b/hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-mongo.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: BbGR52cd3LwohWb8TR9nPBwe - user_password: mdvzyl5bn1EyXUpCzlsYnP4A + db_password: M84vqpK4GS8BFVPCWzIBX2op + user_password: dSnu7i69V8woVAipRBfWpkAW +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.110.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: x1vXQVbx3QozWCsdeqO4pXI8 + db_password: IdzwGob6PswM4AQm5CfkS2GN enabled: true - metering_secret: FoOep7ohlScQkaHld0URFj0z - user_password: FLvSIKT54BUlaein3hqG3wwB + metering_secret: ISmdXiD6VS7u5sGQG4tTKwcL + user_password: vLJ2vrra7m2h3SMth1CrU0tq cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: RUZBIY7QKhUoE1Jcq7lktN7s - fixed_key: 32351e49c6ee8e5f9c2f40c5541471b6098b07a7e61916a0a44811aeaa19a371 - user_password: nHHcNT6k9kdY5M2w8dPwczGb + db_password: 0bXTM3SEqAtiQq9M39CYwlcl + fixed_key: fe0270bd2fe1707b8d7c5bb75649108923893831657eadf46eb919cceeebd42a + user_password: OYmyX0ZkJfDpdM9pB3czSzdJ cluster: changes: - name: attributes @@ -42,40 +52,40 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 103 + node_id: 166 - name: disks - node_id: 103 + node_id: 166 - name: interfaces - node_id: 100 + node_id: 167 - name: disks - node_id: 100 + node_id: 167 - name: interfaces - node_id: 101 + node_id: 168 - name: disks - node_id: 101 + node_id: 168 - name: interfaces - node_id: 102 + node_id: 169 - name: disks - node_id: 102 + node_id: 169 - name: interfaces - node_id: 104 + node_id: 170 - name: disks - node_id: 104 + node_id: 170 - name: interfaces - node_id: 105 + node_id: 171 - name: disks - node_id: 105 + node_id: 171 - name: interfaces - node_id: 106 + node_id: 172 - name: disks - node_id: 106 + node_id: 172 - name: interfaces - node_id: 107 + node_id: 173 - name: disks - node_id: 107 + node_id: 173 components: [] fuel_version: '10.0' - id: 10 + id: 19 is_customized: false is_locked: false mode: ha_compact @@ -108,12 +118,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 10 +deployment_id: 19 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.110.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -139,29 +148,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 10.110.0.1 + - 10.109.15.1 fail_if_error: true -fqdn: node-102.test.domain.local +fqdn: node-169.test.domain.local fuel_version: '10.0' glance: - db_password: MsDiE541ui8k7CwOz30Gi9Xp + db_password: 3MG3g16ckWyd7AL7vj8dxPAO image_cache_max_size: '0' - user_password: TpzGJUJEKot5sTL5uHV0xg8I + user_password: hBaMbsDUZ3SALjaR2Cd078j4 glance_glare: - user_password: zfh2MuZRAeSFNEdeSsOpAQMu + user_password: fa2pz7SXzlr8y3C03VdxBwoi heat: - auth_encryption_key: 7dd1d369666993576b5950b8a1ef0ce3 - db_password: NPIG0kaAdd58x0fjjbbYLrYG + auth_encryption_key: 566a70c9468b32fa5f50fd64b01de3ae + db_password: ExCzV5GPSk7VIXXoGOPLVfik enabled: true - rabbit_password: Uw8zycD9KPpcvU44kWpKQv6A - user_password: IraoQkd21UPZMtRFx1ELuoLK + rabbit_password: 2XvuO3EYLTcfPxRFb6a6NJjP + user_password: EkKRAw65IsuUSbW8mQP5kyxZ horizon: - secret_key: 620b46d924af5b4bce034a608b1506fd7f3cfff533d54550782faf53b2e799ce + secret_key: 303e204e2b1c1170ebe725b8fdbea21269e9c6d5981ebdbe4b2ece434ad25bdb ironic: - db_password: n3lQIYlRVqglMHY9fpXDz85E + db_password: YuJFhoOuf2VfRjyMn1BGdghd enabled: false - swift_tempurl_key: PnuSg4VTChK8Cp2iV7LqyWZU - user_password: dpgoORnuYah1FpTiuoQNqQ3h + swift_tempurl_key: f9Ysxq2BrDIJEXFUWOmWS3MM + user_password: qnDpSW8pbtJV70HSWBsBojBo kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -169,12 +178,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: agJRuo348CBUvbqZfEKZrEfB - db_password: Q1otRNekrY9olWcPsLwL8o4J -last_controller: node-103 + admin_token: nbChjrgwEqYl9rPR7f0hJ9H5 + db_password: 1lV4Tka0GiXvZ34Q4gN4Dg4U +last_controller: node-168 libvirt_type: qemu -management_network_range: 10.11.2.0/24 -master_ip: 10.110.0.2 +management_network_range: 192.168.0.0/24 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -186,15 +195,15 @@ mp: - point: '2' weight: '2' murano: - db_password: BdaF3e9MCU8bDgtzfAJcUNY3 + db_password: Nnor8L14GVTdQEHyokoL7sSq enabled: true - rabbit_password: bEwGlVTXfTw2nnVPDWXKYvf7 - user_password: OXGTowYHMTzpZUar3qbdeNda + rabbit_password: 0IgXAIhYjRTkURM9wy58SCTF + user_password: nPVzQPRaxnKYrnvZ8tcu8fho murano-cfapi: - db_password: jfOHzSzwoVOYTqkqIFE34B74 + db_password: 2T8kkAaHZxkSwSmcnUzLjY6p enabled: false - rabbit_password: tQdim6W8BEjYNnHn4toAknYf - user_password: b11u7kqEpk3QyPl9nrSsvMcV + rabbit_password: sQOYKyYaYu0vSoBtijvb8w7K + user_password: YifuvUuLALrUWrGlsHlP75pm murano_settings: metadata: group: openstack_services @@ -207,116 +216,24 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: HavpEYSrZVjmiGBCgG8flWKW - wsrep_password: HTuahKx1Il2Ow34epS9sLK5h + root_password: Olmhh6vQjRU6a6qU5Z9shWNY + wsrep_password: AP3RiOX0y6bT2PQrGC9ZXWXB network_metadata: nodes: - node-100: - fqdn: node-100.test.domain.local - name: node-100 + node-166: + fqdn: node-166.test.domain.local + name: node-166 network_roles: admin/pxe: 9.9.9.150 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - ex: 172.16.0.3 - fw-admin: 9.9.9.150 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/mesh: 192.168.2.5 - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '100' - uid: '100' - user_node_name: node-100 - node-101: - fqdn: node-101.test.domain.local - name: node-101 - network_roles: - admin/pxe: 9.9.9.151 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/radosgw: 172.16.0.4 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - ex: 172.16.0.4 - fw-admin: 9.9.9.151 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/mesh: 192.168.2.6 - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - public/vip: 172.16.0.4 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '101' - uid: '101' - user_node_name: node-101 - node-102: - fqdn: node-102.test.domain.local - name: node-102 - network_roles: - admin/pxe: 9.9.9.152 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 + ceph/radosgw: 172.16.0.2 ceph/replication: 192.168.1.2 cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 - fw-admin: 9.9.9.152 + ex: 172.16.0.2 + fw-admin: 9.9.9.150 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -338,31 +255,79 @@ network_metadata: neutron/private: null nova/api: 192.168.0.2 nova/migration: 192.168.0.2 + public/vip: 172.16.0.2 sahara/api: 192.168.0.2 storage: 192.168.1.2 swift/api: 192.168.0.2 swift/replication: 192.168.1.2 node_roles: - - primary-mongo + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '102' - uid: '102' - user_node_name: node-102 - node-103: - fqdn: node-103.test.domain.local - name: node-103 + swift_zone: '166' + uid: '166' + user_node_name: node-166 + node-167: + fqdn: node-167.test.domain.local + name: node-167 network_roles: - admin/pxe: 9.9.9.153 + admin/pxe: 9.9.9.151 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/radosgw: 172.16.0.4 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + ex: 172.16.0.4 + fw-admin: 9.9.9.151 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/mesh: 192.168.2.5 + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + public/vip: 172.16.0.4 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '167' + uid: '167' + user_node_name: node-167 + node-168: + fqdn: node-168.test.domain.local + name: node-168 + network_roles: + admin/pxe: 9.9.9.152 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 - ceph/radosgw: 172.16.0.2 + ceph/radosgw: 172.16.0.3 ceph/replication: 192.168.1.4 cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 - ex: 172.16.0.2 - fw-admin: 9.9.9.153 + ex: 172.16.0.3 + fw-admin: 9.9.9.152 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -384,7 +349,7 @@ network_metadata: neutron/private: null nova/api: 192.168.0.4 nova/migration: 192.168.0.4 - public/vip: 172.16.0.2 + public/vip: 172.16.0.3 sahara/api: 192.168.0.4 storage: 192.168.1.4 swift/api: 192.168.0.4 @@ -393,21 +358,21 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '103' - uid: '103' - user_node_name: node-103 - node-104: - fqdn: node-104.test.domain.local - name: node-104 + swift_zone: '168' + uid: '168' + user_node_name: node-168 + node-169: + fqdn: node-169.test.domain.local + name: node-169 network_roles: - admin/pxe: 9.9.9.154 + admin/pxe: 9.9.9.153 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 ceph/replication: 192.168.1.3 cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 - fw-admin: 9.9.9.154 + fw-admin: 9.9.9.153 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -434,68 +399,112 @@ network_metadata: swift/api: 192.168.0.3 swift/replication: 192.168.1.3 node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '169' + uid: '169' + user_node_name: node-169 + node-170: + fqdn: node-170.test.domain.local + name: node-170 + network_roles: + admin/pxe: 9.9.9.154 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 9.9.9.154 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/mesh: 192.168.2.6 + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: - mongo nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '104' - uid: '104' - user_node_name: node-104 - node-105: - fqdn: node-105.test.domain.local - name: node-105 + swift_zone: '170' + uid: '170' + user_node_name: node-170 + node-171: + fqdn: node-171.test.domain.local + name: node-171 network_roles: - admin/pxe: 10.110.0.105 - aodh/api: 10.11.2.2 - ceilometer/api: 10.11.2.2 - ceph/public: 10.11.3.2 - ceph/replication: 10.11.3.2 - cinder/api: 10.11.2.2 - cinder/iscsi: 10.11.3.2 - fw-admin: 10.110.0.105 - glance/api: 10.11.2.2 - glance/glare: 10.11.2.2 - heat/api: 10.11.2.2 - horizon: 10.11.2.2 - ironic/api: 10.11.2.2 - keystone/api: 10.11.2.2 - management: 10.11.2.2 - mgmt/corosync: 10.11.2.2 - mgmt/database: 10.11.2.2 - mgmt/memcache: 10.11.2.2 - mgmt/messaging: 10.11.2.2 - mgmt/vip: 10.11.2.2 - mongo/db: 10.11.2.2 - murano/api: 10.11.2.2 - murano/cfapi: 10.11.2.2 - neutron/api: 10.11.2.2 + admin/pxe: 10.109.15.100 + aodh/api: 10.11.2.4 + ceilometer/api: 10.11.2.4 + ceph/public: 10.11.3.4 + ceph/replication: 10.11.3.4 + cinder/api: 10.11.2.4 + cinder/iscsi: 10.11.3.4 + fw-admin: 10.109.15.100 + glance/api: 10.11.2.4 + glance/glare: 10.11.2.4 + heat/api: 10.11.2.4 + horizon: 10.11.2.4 + ironic/api: 10.11.2.4 + keystone/api: 10.11.2.4 + management: 10.11.2.4 + mgmt/corosync: 10.11.2.4 + mgmt/database: 10.11.2.4 + mgmt/memcache: 10.11.2.4 + mgmt/messaging: 10.11.2.4 + mgmt/vip: 10.11.2.4 + mongo/db: 10.11.2.4 + murano/api: 10.11.2.4 + murano/cfapi: 10.11.2.4 + neutron/api: 10.11.2.4 neutron/floating: null - neutron/mesh: 10.11.4.2 + neutron/mesh: 10.11.4.4 neutron/private: null - nova/api: 10.11.2.2 - nova/migration: 10.11.2.2 - sahara/api: 10.11.2.2 - storage: 10.11.3.2 - swift/api: 10.11.2.2 - swift/replication: 10.11.3.2 + nova/api: 10.11.2.4 + nova/migration: 10.11.2.4 + sahara/api: 10.11.2.4 + storage: 10.11.3.4 + swift/api: 10.11.2.4 + swift/replication: 10.11.3.4 node_roles: - compute nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '105' - uid: '105' - user_node_name: node-105 - node-106: - fqdn: node-106.test.domain.local - name: node-106 + swift_zone: '171' + uid: '171' + user_node_name: node-171 + node-172: + fqdn: node-172.test.domain.local + name: node-172 network_roles: - admin/pxe: 10.110.0.106 + admin/pxe: 10.109.15.101 aodh/api: 10.11.2.3 ceilometer/api: 10.11.2.3 ceph/public: 10.11.3.3 ceph/replication: 10.11.3.3 cinder/api: 10.11.2.3 cinder/iscsi: 10.11.3.3 - fw-admin: 10.110.0.106 + fw-admin: 10.109.15.101 glance/api: 10.11.2.3 glance/glare: 10.11.2.3 heat/api: 10.11.2.3 @@ -525,53 +534,53 @@ network_metadata: - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '106' - uid: '106' - user_node_name: node-106 - node-107: - fqdn: node-107.test.domain.local - name: node-107 + swift_zone: '172' + uid: '172' + user_node_name: node-172 + node-173: + fqdn: node-173.test.domain.local + name: node-173 network_roles: - admin/pxe: 10.110.0.107 - aodh/api: 10.11.2.4 - ceilometer/api: 10.11.2.4 - ceph/public: 10.11.3.4 - ceph/replication: 10.11.3.4 - cinder/api: 10.11.2.4 - cinder/iscsi: 10.11.3.4 - fw-admin: 10.110.0.107 - glance/api: 10.11.2.4 - glance/glare: 10.11.2.4 - heat/api: 10.11.2.4 - horizon: 10.11.2.4 - ironic/api: 10.11.2.4 - keystone/api: 10.11.2.4 - management: 10.11.2.4 - mgmt/corosync: 10.11.2.4 - mgmt/database: 10.11.2.4 - mgmt/memcache: 10.11.2.4 - mgmt/messaging: 10.11.2.4 - mgmt/vip: 10.11.2.4 - mongo/db: 10.11.2.4 - murano/api: 10.11.2.4 - murano/cfapi: 10.11.2.4 - neutron/api: 10.11.2.4 + admin/pxe: 10.109.15.102 + aodh/api: 10.11.2.2 + ceilometer/api: 10.11.2.2 + ceph/public: 10.11.3.2 + ceph/replication: 10.11.3.2 + cinder/api: 10.11.2.2 + cinder/iscsi: 10.11.3.2 + fw-admin: 10.109.15.102 + glance/api: 10.11.2.2 + glance/glare: 10.11.2.2 + heat/api: 10.11.2.2 + horizon: 10.11.2.2 + ironic/api: 10.11.2.2 + keystone/api: 10.11.2.2 + management: 10.11.2.2 + mgmt/corosync: 10.11.2.2 + mgmt/database: 10.11.2.2 + mgmt/memcache: 10.11.2.2 + mgmt/messaging: 10.11.2.2 + mgmt/vip: 10.11.2.2 + mongo/db: 10.11.2.2 + murano/api: 10.11.2.2 + murano/cfapi: 10.11.2.2 + neutron/api: 10.11.2.2 neutron/floating: null - neutron/mesh: 10.11.4.4 + neutron/mesh: 10.11.4.2 neutron/private: null - nova/api: 10.11.2.4 - nova/migration: 10.11.2.4 - sahara/api: 10.11.2.4 - storage: 10.11.3.4 - swift/api: 10.11.2.4 - swift/replication: 10.11.3.4 + nova/api: 10.11.2.2 + nova/migration: 10.11.2.2 + sahara/api: 10.11.2.2 + storage: 10.11.3.2 + swift/api: 10.11.2.2 + swift/replication: 10.11.3.2 node_roles: - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '107' - uid: '107' - user_node_name: node-107 + swift_zone: '173' + uid: '173' + user_node_name: node-173 vips: management: ipaddr: 192.168.0.8 @@ -618,16 +627,16 @@ network_scheme: endpoints: br-fw-admin: IP: - - 9.9.9.152/24 + - 9.9.9.153/24 gateway: 9.9.9.1 routes: - - net: 10.110.0.0/24 + - net: 10.109.15.0/24 via: 9.9.9.1 vendor_specific: provider_gateway: 9.9.9.1 br-mesh: IP: - - 192.168.2.2/24 + - 192.168.2.3/24 routes: - net: 10.11.4.0/24 via: 192.168.2.1 @@ -635,7 +644,7 @@ network_scheme: provider_gateway: 192.168.2.1 br-mgmt: IP: - - 192.168.0.2/24 + - 192.168.0.3/24 routes: - net: 10.11.2.0/24 via: 192.168.0.1 @@ -643,7 +652,7 @@ network_scheme: provider_gateway: 192.168.0.1 br-storage: IP: - - 192.168.1.2/24 + - 192.168.1.3/24 routes: - net: 10.11.3.0/24 via: 192.168.1.1 @@ -916,97 +925,96 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-100.test.domain.local - internal_address: 192.168.0.5 +- fqdn: node-166.test.domain.local + internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-100 - public_address: 172.16.0.3 + name: node-166 + public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller - storage_address: 192.168.1.5 + storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '100' - uid: '100' - user_node_name: node-100 -- fqdn: node-101.test.domain.local - internal_address: 192.168.0.6 + swift_zone: '166' + uid: '166' + user_node_name: node-166 +- fqdn: node-167.test.domain.local + internal_address: 192.168.0.5 internal_netmask: 255.255.255.0 - name: node-101 + name: node-167 public_address: 172.16.0.4 public_netmask: 255.255.255.0 role: controller - storage_address: 192.168.1.6 + storage_address: 192.168.1.5 storage_netmask: 255.255.255.0 - swift_zone: '101' - uid: '101' - user_node_name: node-101 -- fqdn: node-102.test.domain.local - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-102 - role: primary-mongo - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '102' - uid: '102' - user_node_name: node-102 -- fqdn: node-103.test.domain.local + swift_zone: '167' + uid: '167' + user_node_name: node-167 +- fqdn: node-168.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-103 - public_address: 172.16.0.2 + name: node-168 + public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '103' - uid: '103' - user_node_name: node-103 -- fqdn: node-104.test.domain.local + swift_zone: '168' + uid: '168' + user_node_name: node-168 +- fqdn: node-169.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-104 - role: mongo + name: node-169 + role: primary-mongo storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '104' - uid: '104' - user_node_name: node-104 -- fqdn: node-105.test.domain.local - internal_address: 10.11.2.2 + swift_zone: '169' + uid: '169' + user_node_name: node-169 +- fqdn: node-170.test.domain.local + internal_address: 192.168.0.6 internal_netmask: 255.255.255.0 - name: node-105 - role: compute - storage_address: 10.11.3.2 + name: node-170 + role: mongo + storage_address: 192.168.1.6 storage_netmask: 255.255.255.0 - swift_zone: '105' - uid: '105' - user_node_name: node-105 -- fqdn: node-106.test.domain.local + swift_zone: '170' + uid: '170' + user_node_name: node-170 +- fqdn: node-171.test.domain.local + internal_address: 10.11.2.4 + internal_netmask: 255.255.255.0 + name: node-171 + role: compute + storage_address: 10.11.3.4 + storage_netmask: 255.255.255.0 + swift_zone: '171' + uid: '171' + user_node_name: node-171 +- fqdn: node-172.test.domain.local internal_address: 10.11.2.3 internal_netmask: 255.255.255.0 - name: node-106 + name: node-172 role: ceph-osd storage_address: 10.11.3.3 storage_netmask: 255.255.255.0 - swift_zone: '106' - uid: '106' - user_node_name: node-106 -- fqdn: node-107.test.domain.local - internal_address: 10.11.2.4 + swift_zone: '172' + uid: '172' + user_node_name: node-172 +- fqdn: node-173.test.domain.local + internal_address: 10.11.2.2 internal_netmask: 255.255.255.0 - name: node-107 + name: node-173 role: ceph-osd - storage_address: 10.11.3.4 + storage_address: 10.11.3.2 storage_netmask: 255.255.255.0 - swift_zone: '107' - uid: '107' - user_node_name: node-107 + swift_zone: '173' + uid: '173' + user_node_name: node-173 nova: - db_password: SC1N9S2jEEierqZQAlQzI4AG - enable_hugepages: false + db_password: 0gT5fZcJJEF5tj5JUsTAvNEM state_path: /var/lib/nova - user_password: HgY4rfPZvDBkUhv3eMG7tB38 + user_password: PSZ0K3JJz8tNDen5CcBKGiYG nova_quota: false online: true openstack_version: newton-10.0 @@ -1018,10 +1026,10 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: WFOckl12uMCnsLBLw3IjdGY3 + password: lWXduHshhqgM3yZUemvVm3X1 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] -private_network_range: 10.11.4.0/24 +private_network_range: 192.168.2.0/24 propagate_task_deploy: false provision: codename: trusty @@ -1029,11 +1037,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.110.0.2:8080/targetimages/env_10_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_19_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.110.0.2:8080/targetimages/env_10_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_19_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1155,8 +1163,8 @@ public_ssl: weight: 110 services: true puppet: - manifests: rsync://10.110.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.110.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1171,13 +1179,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: XQZbE7Ks6vJQVebi5t2qbWJ2 + passwd: DZIgJm9OOwyAVvR3igiuxeD4 default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: wm98EF3UsPr1eFLoRpZbaymT + admin_password: QXeNOWbZMAU7LDzLSBUCLGne metadata: - metadata_proxy_shared_secret: 9M4caqi6Rof07CrTnrfcH8dk + metadata_proxy_shared_secret: Q1IKwkARVhRz96nyI2kvWoGx predefined_networks: admin_floating_net: L2: @@ -1211,7 +1219,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: b3nzKgJNV6Il6RUwtkbpJSAy + password: 3wWWsIQyY8FQH4aQYKzZJzR3 release: attributes_metadata: editable: @@ -1319,6 +1327,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1401,6 +1452,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1821,6 +1884,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1855,8 +1921,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1933,11 +1997,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1990,6 +2113,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2230,6 +2356,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2239,8 +2371,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2267,7 +2407,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2288,7 +2430,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2536,6 +2680,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2565,10 +2710,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2640,6 +2787,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2811,7 +2959,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.110.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2835,14 +2983,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.110.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-mongo +run_ping_checker: true sahara: - db_password: Q6IQUhuwxxKRM5VT9h7obsOl + db_password: 6ktBXBB5FMjXQr7r1sdYsaLF enabled: true - user_password: fDR7LmZh0re1QnIe3IJ2wrXm + user_password: C0Fo6CQenaUzgdImpCWm6mU2 service_user: homedir: /var/lib/fuel metadata: @@ -2853,22 +3002,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: Y3lRpIPBtnHBWW9DQYp1oVgi + password: MIq1RJ0M3Mp2vTb6Z3FJpide root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQC0ZkxXAAAAABAA0CuALQKRMrWL4n+oDJYTYg== - bootstrap_osd_key: AQC0ZkxXAAAAABAAZVNysCu1aGHZS+wgsaLKYg== + admin_key: AQAqCaNXAAAAABAA7Ho2APSkkW7utFeot9vEfQ== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQAqCaNXAAAAABAAMyYcZoky3DPJJVE+Xoeo5w== ephemeral_ceph: true - fsid: 76c54382-db54-44f5-9861-406eafd4a23d + fsid: f4d53901-6968-4c18-8002-9d3219e34752 images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQC0ZkxXAAAAABAAZqzyD3A9bxY6Au1p4W+aWQ== + mon_key: AQAqCaNXAAAAABAA19CR5wYIpFwgzIuL2jw8Og== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2879,13 +3040,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQC0ZkxXAAAAABAAO4zK7xt/7DtLGq/oPi5MAQ== + radosgw_key: AQAqCaNXAAAAABAAITslGKFCeJ81bd8WvT9r7g== volumes_block_device: false volumes_ceph: true volumes_lvm: false -storage_network_range: 10.11.3.0/24 +storage_network_range: 192.168.1.0/24 swift: - user_password: ifU7DL7xG7bijqSPIcahMo9c + user_password: Dj6nmr9IcpcGcpZ5hC806i4x syslog: metadata: enabled: false @@ -2907,10 +3068,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '102' +uid: '169' use_cow_images: true use_vcenter: false -user_node_name: node-102 +user_node_name: node-169 vms_conf: [] workloads_collector: create_user: false @@ -2922,6 +3083,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: 6wff0hvHmfNIxjqnNDUUN5c4 + password: GxzJK9EbevYqSsNyKd2SnbQE tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.cblock.murano.sahara.ceil-cinder-block-device.yaml b/hiera/neut_vlan.cblock.murano.sahara.ceil-cinder-block-device.yaml index 7d6382f..c92c9c5 100644 --- a/hiera/neut_vlan.cblock.murano.sahara.ceil-cinder-block-device.yaml +++ b/hiera/neut_vlan.cblock.murano.sahara.ceil-cinder-block-device.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: UbmEKZTB3a2HE1S6xkIWFE64 - user_password: tPCjatrROm5zW0qqyBP5Z6ZJ + db_password: HJeTTcmoGh4WI4wlqlQu6Xz0 + user_password: uhZWPZWkzeofa6OtMPYX3We0 +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: j9yoAgFQqVJ3nPHS3E8oZNKY + db_password: J3JAf8W9JNIZKDVIKd4EVpqM enabled: true - metering_secret: HkQApiWEJWPQ6A52t4a5YCcQ - user_password: kRRTjPlstCxmiJXJe9gTBaW3 + metering_secret: iNGEelI6N2CDYbQs3yXht8EV + user_password: 6hzswiGt3QBjOXeM6Oz2IvNv cgroups: metadata: always_editable: true @@ -30,11 +40,19 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: 8mPSWaFcbxTWjmmZVuu58HIZ - fixed_key: f8f2e1d13d994370047f5fe0ccfb2adbd9bf0da1aaecf38b8893de189787bc44 - user_password: R8GcLYYSzybstefJrSnd4iLE + db_password: qygDERXtrfgT6ogbn9gzNvSZ + fixed_key: c4d8801ec9f3e013197ebffcc496eddc419591585b1f2ad26875f5dca2c8eed6 + user_password: wfgi03YjLhOXzurBF3nfrwvv cluster: changes: + - name: interfaces + node_id: 110 + - name: disks + node_id: 110 + - name: interfaces + node_id: 109 + - name: disks + node_id: 109 - name: attributes node_id: null - name: vmware_attributes @@ -42,36 +60,28 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 710 + node_id: 115 - name: disks - node_id: 710 + node_id: 115 - name: interfaces - node_id: 711 + node_id: 114 - name: disks - node_id: 711 + node_id: 114 - name: interfaces - node_id: 712 + node_id: 113 - name: disks - node_id: 712 + node_id: 113 - name: interfaces - node_id: 713 + node_id: 112 - name: disks - node_id: 713 + node_id: 112 - name: interfaces - node_id: 714 + node_id: 111 - name: disks - node_id: 714 - - name: interfaces - node_id: 715 - - name: disks - node_id: 715 - - name: interfaces - node_id: 716 - - name: disks - node_id: 716 + node_id: 111 components: [] fuel_version: '10.0' - id: 38 + id: 13 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 38 +deployment_id: 13 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: false -fqdn: node-716.domain.tld +fqdn: node-109.test.domain.local fuel_version: '10.0' glance: - db_password: JrziwKrBaOcJtYLH18lzTHvN - image_cache_max_size: '5368709120' - user_password: LDX2dRA0snAthtq1bt4hhwgA + db_password: N5ZwODSM9uzsaKReIgk6CyUq + image_cache_max_size: '0' + user_password: i10d3excOPPDGJuXr3cYWJnk glance_glare: - user_password: LwFwVTtx7TQZilWcdYZ4rMPG + user_password: opwzp1g3vncEcnlcY1kReF54 heat: - auth_encryption_key: 89adc2b80449f19b1bc04621e571af5c - db_password: 7L8DeTK33SIDWG3PYBXl69bc + auth_encryption_key: 013fa22260a6c56c4bf233fa8f62c548 + db_password: E2ciRc0sX1DpEzjdJ1ZaWOlk enabled: true - rabbit_password: t6nLCJEaPiFhBeS7mguHLSe5 - user_password: wibR10fo8oamfqgJ5ylGMkvb + rabbit_password: tuBtD3lTvAI0kxIvtCWDmR6B + user_password: jQwF1acNLgnOLxNKZ5s8ZfdK horizon: - secret_key: 00db7790ecbdbea80f2b25820267977ef700c80da2cdad285ef5f205e7a5ca4f + secret_key: 83aae5d5bb487291cb70c0f23b98850c36fde49fb47edea27358ac8140db529c ironic: - db_password: vNA5pzrjCWCl0FRryR5xS5fN + db_password: PbXDe5oTtXhX35PImGFnMGOl enabled: false - swift_tempurl_key: KXjWzWpOK4N16tCTroxm4UF1 - user_password: wpx9YAhDMawWF8SkQqIJIqUw + swift_tempurl_key: 9UuMwMaaFIEW8nQFpY400yPG + user_password: YE6HrKfrTF5uc0tGBkIuqHef kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: ZfrqRoEZdj9Jpqd8bi6KDohK - db_password: BU35cEJm2n3bmboQT8ihTkvh -last_controller: node-711 + admin_token: UmLdEFjsZGoJGraFVCyKYNWR + db_password: 3Ovn9RvHGbQfcmDhLRESM7Xh +last_controller: node-115 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: GSnvMtnKQ51B9E3iKGNL5rru + db_password: XbE1FAEzWs1BNHKccWpo5O2j enabled: true - rabbit_password: KTf83RLXBK5XDJdPwZQCWnVz - user_password: gQBSnmY7rgZrEZT14OFGeGKF + rabbit_password: TqfkUPgddtZv6BbDaNC3SIvy + user_password: AAiYsFVUcFyowlA5Zw572vzY murano-cfapi: - db_password: H3MyI8EWzGt7WgFxbZZBLHsX + db_password: 0kTJ5gDINJ1TqatGPg3LAvcA enabled: false - rabbit_password: NAv7TFqw3ZJnzOsVFtdpEnjD - user_password: l73HVm4JtStp40evJ6S7jSnJ + rabbit_password: 2vA3nyagq8NcGPkDSaersOJm + user_password: 83MwOhtXIh6MSCqqwFxdGqEg murano_settings: metadata: group: openstack_services @@ -205,15 +212,230 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: aK9nC0A3jeBcqn9FP0I77AKW - wsrep_password: OeYRh6XkB65gah0PuI98jFOR + root_password: tP2Hkj41ujG6FTZnGOu7HVkJ + wsrep_password: WZT3FbjHqi9AxORYPfY6VTR5 network_metadata: nodes: - node-710: - fqdn: node-710.domain.tld - name: node-710 + node-109: + fqdn: node-109.test.domain.local + name: node-109 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: + - cinder-block-device + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '109' + uid: '109' + user_node_name: node-109 + node-110: + fqdn: node-110.test.domain.local + name: node-110 + network_roles: + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - cinder + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '110' + uid: '110' + user_node_name: node-110 + node-111: + fqdn: node-111.test.domain.local + name: node-111 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.7 + ceilometer/api: 192.168.0.7 + ceph/public: 192.168.1.7 + ceph/replication: 192.168.1.7 + cinder/api: 192.168.0.7 + cinder/iscsi: 192.168.1.7 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.7 + glance/glare: 192.168.0.7 + heat/api: 192.168.0.7 + horizon: 192.168.0.7 + ironic/api: 192.168.0.7 + keystone/api: 192.168.0.7 + management: 192.168.0.7 + mgmt/corosync: 192.168.0.7 + mgmt/database: 192.168.0.7 + mgmt/memcache: 192.168.0.7 + mgmt/messaging: 192.168.0.7 + mgmt/vip: 192.168.0.7 + mongo/db: 192.168.0.7 + murano/api: 192.168.0.7 + murano/cfapi: 192.168.0.7 + neutron/api: 192.168.0.7 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.7 + nova/migration: 192.168.0.7 + sahara/api: 192.168.0.7 + storage: 192.168.1.7 + swift/api: 192.168.0.7 + swift/replication: 192.168.1.7 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '111' + uid: '111' + user_node_name: node-111 + node-112: + fqdn: node-112.test.domain.local + name: node-112 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '112' + uid: '112' + user_node_name: node-112 + node-113: + fqdn: node-113.test.domain.local + name: node-113 + network_roles: + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '113' + uid: '113' + user_node_name: node-113 + node-114: + fqdn: node-114.test.domain.local + name: node-114 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 @@ -222,7 +444,7 @@ network_metadata: cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.108 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -252,14 +474,14 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '710' - uid: '710' - user_node_name: node-710 - node-711: - fqdn: node-711.domain.tld - name: node-711 + swift_zone: '114' + uid: '114' + user_node_name: node-114 + node-115: + fqdn: node-115.test.domain.local + name: node-115 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.109 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 @@ -268,7 +490,7 @@ network_metadata: cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.109 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -298,224 +520,9 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '711' - uid: '711' - user_node_name: node-711 - node-712: - fqdn: node-712.domain.tld - name: node-712 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '712' - uid: '712' - user_node_name: node-712 - node-713: - fqdn: node-713.domain.tld - name: node-713 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - primary-mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '713' - uid: '713' - user_node_name: node-713 - node-714: - fqdn: node-714.domain.tld - name: node-714 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '714' - uid: '714' - user_node_name: node-714 - node-715: - fqdn: node-715.domain.tld - name: node-715 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - cinder - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '715' - uid: '715' - user_node_name: node-715 - node-716: - fqdn: node-716.domain.tld - name: node-716 - network_roles: - admin/pxe: 10.145.0.106 - aodh/api: 192.168.0.7 - ceilometer/api: 192.168.0.7 - ceph/public: 192.168.1.7 - ceph/replication: 192.168.1.7 - cinder/api: 192.168.0.7 - cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 - glance/api: 192.168.0.7 - glance/glare: 192.168.0.7 - heat/api: 192.168.0.7 - horizon: 192.168.0.7 - ironic/api: 192.168.0.7 - keystone/api: 192.168.0.7 - management: 192.168.0.7 - mgmt/corosync: 192.168.0.7 - mgmt/database: 192.168.0.7 - mgmt/memcache: 192.168.0.7 - mgmt/messaging: 192.168.0.7 - mgmt/vip: 192.168.0.7 - mongo/db: 192.168.0.7 - murano/api: 192.168.0.7 - murano/cfapi: 192.168.0.7 - neutron/api: 192.168.0.7 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.7 - nova/migration: 192.168.0.7 - sahara/api: 192.168.0.7 - storage: 192.168.1.7 - swift/api: 192.168.0.7 - swift/replication: 192.168.1.7 - node_roles: - - cinder-block-device - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 vips: management: ipaddr: 192.168.0.9 @@ -562,18 +569,18 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.106/24 - gateway: 10.145.0.1 + - 10.109.15.103/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.7/24 + - 192.168.0.1/24 br-prv: IP: none br-storage: IP: - - 192.168.1.7/24 + - 192.168.1.1/24 interfaces: enp0s3: vendor_specific: @@ -841,85 +848,84 @@ node_volumes: type: vg volumes: [] nodes: -- fqdn: node-710.domain.tld +- fqdn: node-109.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-109 + role: cinder-block-device + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '109' + uid: '109' + user_node_name: node-109 +- fqdn: node-110.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-110 + role: cinder + storage_address: 192.168.1.2 + storage_netmask: 255.255.255.0 + swift_zone: '110' + uid: '110' + user_node_name: node-110 +- fqdn: node-111.test.domain.local + internal_address: 192.168.0.7 + internal_netmask: 255.255.255.0 + name: node-111 + role: primary-mongo + storage_address: 192.168.1.7 + storage_netmask: 255.255.255.0 + swift_zone: '111' + uid: '111' + user_node_name: node-111 +- fqdn: node-112.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-112 + role: mongo + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '112' + uid: '112' + user_node_name: node-112 +- fqdn: node-113.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-113 + role: compute + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '113' + uid: '113' + user_node_name: node-113 +- fqdn: node-114.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-710 + name: node-114 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '710' - uid: '710' - user_node_name: node-710 -- fqdn: node-711.domain.tld + swift_zone: '114' + uid: '114' + user_node_name: node-114 +- fqdn: node-115.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-711 + name: node-115 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '711' - uid: '711' - user_node_name: node-711 -- fqdn: node-712.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-712 - role: compute - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '712' - uid: '712' - user_node_name: node-712 -- fqdn: node-713.domain.tld - internal_address: 192.168.0.1 - internal_netmask: 255.255.255.0 - name: node-713 - role: primary-mongo - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '713' - uid: '713' - user_node_name: node-713 -- fqdn: node-714.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-714 - role: mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '714' - uid: '714' - user_node_name: node-714 -- fqdn: node-715.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-715 - role: cinder - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '715' - uid: '715' - user_node_name: node-715 -- fqdn: node-716.domain.tld - internal_address: 192.168.0.7 - internal_netmask: 255.255.255.0 - name: node-716 - role: cinder-block-device - storage_address: 192.168.1.7 - storage_netmask: 255.255.255.0 - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 nova: - db_password: THu8oGjIoXRqnJY12DAMedvs - enable_hugepages: false + db_password: SPvbQFIq7Q1iAtLHwpfzjGWo state_path: /var/lib/nova - user_password: ZWTTX3kWzZSNWVSRs9aNB5oM + user_password: RG7AmGV4ILPVFMrp6zgsqIPV nova_quota: false online: true openstack_version: newton-10.0 @@ -931,7 +937,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: sJ0EosrjP91NMUFEogKkhBmY + password: Zvfz46ns5WoUKuBmaEDRmI8V sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -941,11 +947,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1067,8 +1073,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1085,13 +1091,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: fmeHbOQi0Q5cI7Cv9EOYz2aG + passwd: zDLEige4VejqBsNTy2s27XmK default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: N5r4Ho0MymZlCQeEFUMpkMgE + admin_password: hUKUWmatqgFsy8MDEK5c6E5M metadata: - metadata_proxy_shared_secret: 2rE5aK3EWhJfL9YzoLYqkvbZ + metadata_proxy_shared_secret: kBaCwZrsnVfpN6Q7uR4Ieumu predefined_networks: admin_floating_net: L2: @@ -1125,7 +1131,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: n1T1gagLocy1J0sPTdTATzVc + password: 7tHX1fW8vZnaSMuinajtHtF5 release: attributes_metadata: editable: @@ -1233,6 +1239,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1315,6 +1364,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1735,6 +1796,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1769,8 +1833,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1847,11 +1909,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1904,6 +2025,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2144,6 +2268,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2153,8 +2283,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2181,7 +2319,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2202,7 +2342,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2450,6 +2592,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2479,10 +2622,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2554,6 +2699,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2725,7 +2871,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2749,14 +2895,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - cinder-block-device +run_ping_checker: true sahara: - db_password: KOnGnD4ffht4JTKNnadQzJVt + db_password: iRFruHQcXdKzQX9roKooe3j6 enabled: true - user_password: I0h2uGaBR3ts4NujBxo8Toqi + user_password: dIwoOdfqEXyJ4jZkHVEfqXBY service_user: homedir: /var/lib/fuel metadata: @@ -2767,22 +2914,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 2Zhks66RxoJGBVYjjPCsuW1t + password: cIt7vulm3zZeSiYyYwjlbZV0 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQDmeEhXAAAAABAA89X4kMICOCOUEIEVRH0q5w== - bootstrap_osd_key: AQDmeEhXAAAAABAA3Gy4NiGQKX5/JJpsXNCBFA== + admin_key: AQDWBqNXAAAAABAAT0qwqsMZTndkc8Eir/2Bug== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQDWBqNXAAAAABAAkbTGIMIuAw4DyBkCBfPUrA== ephemeral_ceph: false - fsid: a841a476-236b-434f-8393-274ad608cbd5 + fsid: f01ee54d-25cb-4188-a66f-ec34d8418f3f images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQDmeEhXAAAAABAA7wUts7o9kl9RadsIu5KJhQ== + mon_key: AQDWBqNXAAAAABAAcRFHLwQi5ImsQLb1TamUCg== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2793,13 +2952,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQDmeEhXAAAAABAAphVN6V3fNYICXT+EH48zEg== + radosgw_key: AQDWBqNXAAAAABAAOcrrFlqdDFNS0aJKEEkyDQ== volumes_block_device: true volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: UNUZUKNrbQvMQsitNHMtrWeI + user_password: zuthAwdS1GuQ6ksatG5EZl2R syslog: metadata: enabled: false @@ -2821,11 +2980,11 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '716' +uid: '109' use_cinder: true use_cow_images: true use_vcenter: false -user_node_name: node-716 +user_node_name: node-109 vms_conf: [] workloads_collector: create_user: false @@ -2837,6 +2996,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: tGutWhN3UG9W9OnZISKlR4xB + password: fQ6D8FquZp28kSi8O4dTC8Cg tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.cblock.murano.sahara.ceil-cinder.yaml b/hiera/neut_vlan.cblock.murano.sahara.ceil-cinder.yaml index 40cf1d3..08f9672 100644 --- a/hiera/neut_vlan.cblock.murano.sahara.ceil-cinder.yaml +++ b/hiera/neut_vlan.cblock.murano.sahara.ceil-cinder.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: UbmEKZTB3a2HE1S6xkIWFE64 - user_password: tPCjatrROm5zW0qqyBP5Z6ZJ + db_password: HJeTTcmoGh4WI4wlqlQu6Xz0 + user_password: uhZWPZWkzeofa6OtMPYX3We0 +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: j9yoAgFQqVJ3nPHS3E8oZNKY + db_password: J3JAf8W9JNIZKDVIKd4EVpqM enabled: true - metering_secret: HkQApiWEJWPQ6A52t4a5YCcQ - user_password: kRRTjPlstCxmiJXJe9gTBaW3 + metering_secret: iNGEelI6N2CDYbQs3yXht8EV + user_password: 6hzswiGt3QBjOXeM6Oz2IvNv cgroups: metadata: always_editable: true @@ -30,11 +40,19 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: 8mPSWaFcbxTWjmmZVuu58HIZ - fixed_key: f8f2e1d13d994370047f5fe0ccfb2adbd9bf0da1aaecf38b8893de189787bc44 - user_password: R8GcLYYSzybstefJrSnd4iLE + db_password: qygDERXtrfgT6ogbn9gzNvSZ + fixed_key: c4d8801ec9f3e013197ebffcc496eddc419591585b1f2ad26875f5dca2c8eed6 + user_password: wfgi03YjLhOXzurBF3nfrwvv cluster: changes: + - name: interfaces + node_id: 110 + - name: disks + node_id: 110 + - name: interfaces + node_id: 109 + - name: disks + node_id: 109 - name: attributes node_id: null - name: vmware_attributes @@ -42,36 +60,28 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 710 + node_id: 115 - name: disks - node_id: 710 + node_id: 115 - name: interfaces - node_id: 711 + node_id: 114 - name: disks - node_id: 711 + node_id: 114 - name: interfaces - node_id: 712 + node_id: 113 - name: disks - node_id: 712 + node_id: 113 - name: interfaces - node_id: 713 + node_id: 112 - name: disks - node_id: 713 + node_id: 112 - name: interfaces - node_id: 714 + node_id: 111 - name: disks - node_id: 714 - - name: interfaces - node_id: 715 - - name: disks - node_id: 715 - - name: interfaces - node_id: 716 - - name: disks - node_id: 716 + node_id: 111 components: [] fuel_version: '10.0' - id: 38 + id: 13 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 38 +deployment_id: 13 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: false -fqdn: node-715.domain.tld +fqdn: node-110.test.domain.local fuel_version: '10.0' glance: - db_password: JrziwKrBaOcJtYLH18lzTHvN - image_cache_max_size: '5368709120' - user_password: LDX2dRA0snAthtq1bt4hhwgA + db_password: N5ZwODSM9uzsaKReIgk6CyUq + image_cache_max_size: '0' + user_password: i10d3excOPPDGJuXr3cYWJnk glance_glare: - user_password: LwFwVTtx7TQZilWcdYZ4rMPG + user_password: opwzp1g3vncEcnlcY1kReF54 heat: - auth_encryption_key: 89adc2b80449f19b1bc04621e571af5c - db_password: 7L8DeTK33SIDWG3PYBXl69bc + auth_encryption_key: 013fa22260a6c56c4bf233fa8f62c548 + db_password: E2ciRc0sX1DpEzjdJ1ZaWOlk enabled: true - rabbit_password: t6nLCJEaPiFhBeS7mguHLSe5 - user_password: wibR10fo8oamfqgJ5ylGMkvb + rabbit_password: tuBtD3lTvAI0kxIvtCWDmR6B + user_password: jQwF1acNLgnOLxNKZ5s8ZfdK horizon: - secret_key: 00db7790ecbdbea80f2b25820267977ef700c80da2cdad285ef5f205e7a5ca4f + secret_key: 83aae5d5bb487291cb70c0f23b98850c36fde49fb47edea27358ac8140db529c ironic: - db_password: vNA5pzrjCWCl0FRryR5xS5fN + db_password: PbXDe5oTtXhX35PImGFnMGOl enabled: false - swift_tempurl_key: KXjWzWpOK4N16tCTroxm4UF1 - user_password: wpx9YAhDMawWF8SkQqIJIqUw + swift_tempurl_key: 9UuMwMaaFIEW8nQFpY400yPG + user_password: YE6HrKfrTF5uc0tGBkIuqHef kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: ZfrqRoEZdj9Jpqd8bi6KDohK - db_password: BU35cEJm2n3bmboQT8ihTkvh -last_controller: node-711 + admin_token: UmLdEFjsZGoJGraFVCyKYNWR + db_password: 3Ovn9RvHGbQfcmDhLRESM7Xh +last_controller: node-115 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: GSnvMtnKQ51B9E3iKGNL5rru + db_password: XbE1FAEzWs1BNHKccWpo5O2j enabled: true - rabbit_password: KTf83RLXBK5XDJdPwZQCWnVz - user_password: gQBSnmY7rgZrEZT14OFGeGKF + rabbit_password: TqfkUPgddtZv6BbDaNC3SIvy + user_password: AAiYsFVUcFyowlA5Zw572vzY murano-cfapi: - db_password: H3MyI8EWzGt7WgFxbZZBLHsX + db_password: 0kTJ5gDINJ1TqatGPg3LAvcA enabled: false - rabbit_password: NAv7TFqw3ZJnzOsVFtdpEnjD - user_password: l73HVm4JtStp40evJ6S7jSnJ + rabbit_password: 2vA3nyagq8NcGPkDSaersOJm + user_password: 83MwOhtXIh6MSCqqwFxdGqEg murano_settings: metadata: group: openstack_services @@ -205,15 +212,230 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: aK9nC0A3jeBcqn9FP0I77AKW - wsrep_password: OeYRh6XkB65gah0PuI98jFOR + root_password: tP2Hkj41ujG6FTZnGOu7HVkJ + wsrep_password: WZT3FbjHqi9AxORYPfY6VTR5 network_metadata: nodes: - node-710: - fqdn: node-710.domain.tld - name: node-710 + node-109: + fqdn: node-109.test.domain.local + name: node-109 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: + - cinder-block-device + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '109' + uid: '109' + user_node_name: node-109 + node-110: + fqdn: node-110.test.domain.local + name: node-110 + network_roles: + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - cinder + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '110' + uid: '110' + user_node_name: node-110 + node-111: + fqdn: node-111.test.domain.local + name: node-111 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.7 + ceilometer/api: 192.168.0.7 + ceph/public: 192.168.1.7 + ceph/replication: 192.168.1.7 + cinder/api: 192.168.0.7 + cinder/iscsi: 192.168.1.7 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.7 + glance/glare: 192.168.0.7 + heat/api: 192.168.0.7 + horizon: 192.168.0.7 + ironic/api: 192.168.0.7 + keystone/api: 192.168.0.7 + management: 192.168.0.7 + mgmt/corosync: 192.168.0.7 + mgmt/database: 192.168.0.7 + mgmt/memcache: 192.168.0.7 + mgmt/messaging: 192.168.0.7 + mgmt/vip: 192.168.0.7 + mongo/db: 192.168.0.7 + murano/api: 192.168.0.7 + murano/cfapi: 192.168.0.7 + neutron/api: 192.168.0.7 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.7 + nova/migration: 192.168.0.7 + sahara/api: 192.168.0.7 + storage: 192.168.1.7 + swift/api: 192.168.0.7 + swift/replication: 192.168.1.7 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '111' + uid: '111' + user_node_name: node-111 + node-112: + fqdn: node-112.test.domain.local + name: node-112 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '112' + uid: '112' + user_node_name: node-112 + node-113: + fqdn: node-113.test.domain.local + name: node-113 + network_roles: + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '113' + uid: '113' + user_node_name: node-113 + node-114: + fqdn: node-114.test.domain.local + name: node-114 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 @@ -222,7 +444,7 @@ network_metadata: cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.108 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -252,14 +474,14 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '710' - uid: '710' - user_node_name: node-710 - node-711: - fqdn: node-711.domain.tld - name: node-711 + swift_zone: '114' + uid: '114' + user_node_name: node-114 + node-115: + fqdn: node-115.test.domain.local + name: node-115 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.109 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 @@ -268,7 +490,7 @@ network_metadata: cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.109 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -298,224 +520,9 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '711' - uid: '711' - user_node_name: node-711 - node-712: - fqdn: node-712.domain.tld - name: node-712 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '712' - uid: '712' - user_node_name: node-712 - node-713: - fqdn: node-713.domain.tld - name: node-713 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - primary-mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '713' - uid: '713' - user_node_name: node-713 - node-714: - fqdn: node-714.domain.tld - name: node-714 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '714' - uid: '714' - user_node_name: node-714 - node-715: - fqdn: node-715.domain.tld - name: node-715 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - cinder - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '715' - uid: '715' - user_node_name: node-715 - node-716: - fqdn: node-716.domain.tld - name: node-716 - network_roles: - admin/pxe: 10.145.0.106 - aodh/api: 192.168.0.7 - ceilometer/api: 192.168.0.7 - ceph/public: 192.168.1.7 - ceph/replication: 192.168.1.7 - cinder/api: 192.168.0.7 - cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 - glance/api: 192.168.0.7 - glance/glare: 192.168.0.7 - heat/api: 192.168.0.7 - horizon: 192.168.0.7 - ironic/api: 192.168.0.7 - keystone/api: 192.168.0.7 - management: 192.168.0.7 - mgmt/corosync: 192.168.0.7 - mgmt/database: 192.168.0.7 - mgmt/memcache: 192.168.0.7 - mgmt/messaging: 192.168.0.7 - mgmt/vip: 192.168.0.7 - mongo/db: 192.168.0.7 - murano/api: 192.168.0.7 - murano/cfapi: 192.168.0.7 - neutron/api: 192.168.0.7 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.7 - nova/migration: 192.168.0.7 - sahara/api: 192.168.0.7 - storage: 192.168.1.7 - swift/api: 192.168.0.7 - swift/replication: 192.168.1.7 - node_roles: - - cinder-block-device - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 vips: management: ipaddr: 192.168.0.9 @@ -562,18 +569,18 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.105/24 - gateway: 10.145.0.1 + - 10.109.15.104/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.6/24 + - 192.168.0.2/24 br-prv: IP: none br-storage: IP: - - 192.168.1.6/24 + - 192.168.1.2/24 interfaces: enp0s3: vendor_specific: @@ -840,85 +847,84 @@ node_volumes: type: vg volumes: [] nodes: -- fqdn: node-710.domain.tld +- fqdn: node-109.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-109 + role: cinder-block-device + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '109' + uid: '109' + user_node_name: node-109 +- fqdn: node-110.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-110 + role: cinder + storage_address: 192.168.1.2 + storage_netmask: 255.255.255.0 + swift_zone: '110' + uid: '110' + user_node_name: node-110 +- fqdn: node-111.test.domain.local + internal_address: 192.168.0.7 + internal_netmask: 255.255.255.0 + name: node-111 + role: primary-mongo + storage_address: 192.168.1.7 + storage_netmask: 255.255.255.0 + swift_zone: '111' + uid: '111' + user_node_name: node-111 +- fqdn: node-112.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-112 + role: mongo + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '112' + uid: '112' + user_node_name: node-112 +- fqdn: node-113.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-113 + role: compute + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '113' + uid: '113' + user_node_name: node-113 +- fqdn: node-114.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-710 + name: node-114 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '710' - uid: '710' - user_node_name: node-710 -- fqdn: node-711.domain.tld + swift_zone: '114' + uid: '114' + user_node_name: node-114 +- fqdn: node-115.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-711 + name: node-115 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '711' - uid: '711' - user_node_name: node-711 -- fqdn: node-712.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-712 - role: compute - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '712' - uid: '712' - user_node_name: node-712 -- fqdn: node-713.domain.tld - internal_address: 192.168.0.1 - internal_netmask: 255.255.255.0 - name: node-713 - role: primary-mongo - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '713' - uid: '713' - user_node_name: node-713 -- fqdn: node-714.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-714 - role: mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '714' - uid: '714' - user_node_name: node-714 -- fqdn: node-715.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-715 - role: cinder - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '715' - uid: '715' - user_node_name: node-715 -- fqdn: node-716.domain.tld - internal_address: 192.168.0.7 - internal_netmask: 255.255.255.0 - name: node-716 - role: cinder-block-device - storage_address: 192.168.1.7 - storage_netmask: 255.255.255.0 - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 nova: - db_password: THu8oGjIoXRqnJY12DAMedvs - enable_hugepages: false + db_password: SPvbQFIq7Q1iAtLHwpfzjGWo state_path: /var/lib/nova - user_password: ZWTTX3kWzZSNWVSRs9aNB5oM + user_password: RG7AmGV4ILPVFMrp6zgsqIPV nova_quota: false online: true openstack_version: newton-10.0 @@ -930,7 +936,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: sJ0EosrjP91NMUFEogKkhBmY + password: Zvfz46ns5WoUKuBmaEDRmI8V sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -940,11 +946,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1066,8 +1072,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1084,13 +1090,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: fmeHbOQi0Q5cI7Cv9EOYz2aG + passwd: zDLEige4VejqBsNTy2s27XmK default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: N5r4Ho0MymZlCQeEFUMpkMgE + admin_password: hUKUWmatqgFsy8MDEK5c6E5M metadata: - metadata_proxy_shared_secret: 2rE5aK3EWhJfL9YzoLYqkvbZ + metadata_proxy_shared_secret: kBaCwZrsnVfpN6Q7uR4Ieumu predefined_networks: admin_floating_net: L2: @@ -1124,7 +1130,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: n1T1gagLocy1J0sPTdTATzVc + password: 7tHX1fW8vZnaSMuinajtHtF5 release: attributes_metadata: editable: @@ -1232,6 +1238,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1314,6 +1363,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1734,6 +1795,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1768,8 +1832,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1846,11 +1908,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1903,6 +2024,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2143,6 +2267,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2152,8 +2282,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2180,7 +2318,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2201,7 +2341,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2449,6 +2591,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2478,10 +2621,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2553,6 +2698,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2724,7 +2870,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2748,14 +2894,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - cinder +run_ping_checker: true sahara: - db_password: KOnGnD4ffht4JTKNnadQzJVt + db_password: iRFruHQcXdKzQX9roKooe3j6 enabled: true - user_password: I0h2uGaBR3ts4NujBxo8Toqi + user_password: dIwoOdfqEXyJ4jZkHVEfqXBY service_user: homedir: /var/lib/fuel metadata: @@ -2766,22 +2913,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 2Zhks66RxoJGBVYjjPCsuW1t + password: cIt7vulm3zZeSiYyYwjlbZV0 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQDmeEhXAAAAABAA89X4kMICOCOUEIEVRH0q5w== - bootstrap_osd_key: AQDmeEhXAAAAABAA3Gy4NiGQKX5/JJpsXNCBFA== + admin_key: AQDWBqNXAAAAABAAT0qwqsMZTndkc8Eir/2Bug== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQDWBqNXAAAAABAAkbTGIMIuAw4DyBkCBfPUrA== ephemeral_ceph: false - fsid: a841a476-236b-434f-8393-274ad608cbd5 + fsid: f01ee54d-25cb-4188-a66f-ec34d8418f3f images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQDmeEhXAAAAABAA7wUts7o9kl9RadsIu5KJhQ== + mon_key: AQDWBqNXAAAAABAAcRFHLwQi5ImsQLb1TamUCg== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2792,13 +2951,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQDmeEhXAAAAABAAphVN6V3fNYICXT+EH48zEg== + radosgw_key: AQDWBqNXAAAAABAAOcrrFlqdDFNS0aJKEEkyDQ== volumes_block_device: true volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: UNUZUKNrbQvMQsitNHMtrWeI + user_password: zuthAwdS1GuQ6ksatG5EZl2R syslog: metadata: enabled: false @@ -2820,11 +2979,11 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '715' +uid: '110' use_cinder: true use_cow_images: true use_vcenter: false -user_node_name: node-715 +user_node_name: node-110 vms_conf: [] workloads_collector: create_user: false @@ -2836,6 +2995,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: tGutWhN3UG9W9OnZISKlR4xB + password: fQ6D8FquZp28kSi8O4dTC8Cg tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.cblock.murano.sahara.ceil-compute.yaml b/hiera/neut_vlan.cblock.murano.sahara.ceil-compute.yaml index abe9b37..b726dc6 100644 --- a/hiera/neut_vlan.cblock.murano.sahara.ceil-compute.yaml +++ b/hiera/neut_vlan.cblock.murano.sahara.ceil-compute.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: UbmEKZTB3a2HE1S6xkIWFE64 - user_password: tPCjatrROm5zW0qqyBP5Z6ZJ + db_password: HJeTTcmoGh4WI4wlqlQu6Xz0 + user_password: uhZWPZWkzeofa6OtMPYX3We0 +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: j9yoAgFQqVJ3nPHS3E8oZNKY + db_password: J3JAf8W9JNIZKDVIKd4EVpqM enabled: true - metering_secret: HkQApiWEJWPQ6A52t4a5YCcQ - user_password: kRRTjPlstCxmiJXJe9gTBaW3 + metering_secret: iNGEelI6N2CDYbQs3yXht8EV + user_password: 6hzswiGt3QBjOXeM6Oz2IvNv cgroups: metadata: always_editable: true @@ -30,11 +40,19 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: 8mPSWaFcbxTWjmmZVuu58HIZ - fixed_key: f8f2e1d13d994370047f5fe0ccfb2adbd9bf0da1aaecf38b8893de189787bc44 - user_password: R8GcLYYSzybstefJrSnd4iLE + db_password: qygDERXtrfgT6ogbn9gzNvSZ + fixed_key: c4d8801ec9f3e013197ebffcc496eddc419591585b1f2ad26875f5dca2c8eed6 + user_password: wfgi03YjLhOXzurBF3nfrwvv cluster: changes: + - name: interfaces + node_id: 110 + - name: disks + node_id: 110 + - name: interfaces + node_id: 109 + - name: disks + node_id: 109 - name: attributes node_id: null - name: vmware_attributes @@ -42,36 +60,28 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 710 + node_id: 115 - name: disks - node_id: 710 + node_id: 115 - name: interfaces - node_id: 711 + node_id: 114 - name: disks - node_id: 711 + node_id: 114 - name: interfaces - node_id: 712 + node_id: 113 - name: disks - node_id: 712 + node_id: 113 - name: interfaces - node_id: 713 + node_id: 112 - name: disks - node_id: 713 + node_id: 112 - name: interfaces - node_id: 714 + node_id: 111 - name: disks - node_id: 714 - - name: interfaces - node_id: 715 - - name: disks - node_id: 715 - - name: interfaces - node_id: 716 - - name: disks - node_id: 716 + node_id: 111 components: [] fuel_version: '10.0' - id: 38 + id: 13 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 38 +deployment_id: 13 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: false -fqdn: node-712.domain.tld +fqdn: node-113.test.domain.local fuel_version: '10.0' glance: - db_password: JrziwKrBaOcJtYLH18lzTHvN - image_cache_max_size: '5368709120' - user_password: LDX2dRA0snAthtq1bt4hhwgA + db_password: N5ZwODSM9uzsaKReIgk6CyUq + image_cache_max_size: '0' + user_password: i10d3excOPPDGJuXr3cYWJnk glance_glare: - user_password: LwFwVTtx7TQZilWcdYZ4rMPG + user_password: opwzp1g3vncEcnlcY1kReF54 heat: - auth_encryption_key: 89adc2b80449f19b1bc04621e571af5c - db_password: 7L8DeTK33SIDWG3PYBXl69bc + auth_encryption_key: 013fa22260a6c56c4bf233fa8f62c548 + db_password: E2ciRc0sX1DpEzjdJ1ZaWOlk enabled: true - rabbit_password: t6nLCJEaPiFhBeS7mguHLSe5 - user_password: wibR10fo8oamfqgJ5ylGMkvb + rabbit_password: tuBtD3lTvAI0kxIvtCWDmR6B + user_password: jQwF1acNLgnOLxNKZ5s8ZfdK horizon: - secret_key: 00db7790ecbdbea80f2b25820267977ef700c80da2cdad285ef5f205e7a5ca4f + secret_key: 83aae5d5bb487291cb70c0f23b98850c36fde49fb47edea27358ac8140db529c ironic: - db_password: vNA5pzrjCWCl0FRryR5xS5fN + db_password: PbXDe5oTtXhX35PImGFnMGOl enabled: false - swift_tempurl_key: KXjWzWpOK4N16tCTroxm4UF1 - user_password: wpx9YAhDMawWF8SkQqIJIqUw + swift_tempurl_key: 9UuMwMaaFIEW8nQFpY400yPG + user_password: YE6HrKfrTF5uc0tGBkIuqHef kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: ZfrqRoEZdj9Jpqd8bi6KDohK - db_password: BU35cEJm2n3bmboQT8ihTkvh -last_controller: node-711 + admin_token: UmLdEFjsZGoJGraFVCyKYNWR + db_password: 3Ovn9RvHGbQfcmDhLRESM7Xh +last_controller: node-115 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: GSnvMtnKQ51B9E3iKGNL5rru + db_password: XbE1FAEzWs1BNHKccWpo5O2j enabled: true - rabbit_password: KTf83RLXBK5XDJdPwZQCWnVz - user_password: gQBSnmY7rgZrEZT14OFGeGKF + rabbit_password: TqfkUPgddtZv6BbDaNC3SIvy + user_password: AAiYsFVUcFyowlA5Zw572vzY murano-cfapi: - db_password: H3MyI8EWzGt7WgFxbZZBLHsX + db_password: 0kTJ5gDINJ1TqatGPg3LAvcA enabled: false - rabbit_password: NAv7TFqw3ZJnzOsVFtdpEnjD - user_password: l73HVm4JtStp40evJ6S7jSnJ + rabbit_password: 2vA3nyagq8NcGPkDSaersOJm + user_password: 83MwOhtXIh6MSCqqwFxdGqEg murano_settings: metadata: group: openstack_services @@ -205,15 +212,230 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: aK9nC0A3jeBcqn9FP0I77AKW - wsrep_password: OeYRh6XkB65gah0PuI98jFOR + root_password: tP2Hkj41ujG6FTZnGOu7HVkJ + wsrep_password: WZT3FbjHqi9AxORYPfY6VTR5 network_metadata: nodes: - node-710: - fqdn: node-710.domain.tld - name: node-710 + node-109: + fqdn: node-109.test.domain.local + name: node-109 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: + - cinder-block-device + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '109' + uid: '109' + user_node_name: node-109 + node-110: + fqdn: node-110.test.domain.local + name: node-110 + network_roles: + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - cinder + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '110' + uid: '110' + user_node_name: node-110 + node-111: + fqdn: node-111.test.domain.local + name: node-111 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.7 + ceilometer/api: 192.168.0.7 + ceph/public: 192.168.1.7 + ceph/replication: 192.168.1.7 + cinder/api: 192.168.0.7 + cinder/iscsi: 192.168.1.7 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.7 + glance/glare: 192.168.0.7 + heat/api: 192.168.0.7 + horizon: 192.168.0.7 + ironic/api: 192.168.0.7 + keystone/api: 192.168.0.7 + management: 192.168.0.7 + mgmt/corosync: 192.168.0.7 + mgmt/database: 192.168.0.7 + mgmt/memcache: 192.168.0.7 + mgmt/messaging: 192.168.0.7 + mgmt/vip: 192.168.0.7 + mongo/db: 192.168.0.7 + murano/api: 192.168.0.7 + murano/cfapi: 192.168.0.7 + neutron/api: 192.168.0.7 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.7 + nova/migration: 192.168.0.7 + sahara/api: 192.168.0.7 + storage: 192.168.1.7 + swift/api: 192.168.0.7 + swift/replication: 192.168.1.7 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '111' + uid: '111' + user_node_name: node-111 + node-112: + fqdn: node-112.test.domain.local + name: node-112 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '112' + uid: '112' + user_node_name: node-112 + node-113: + fqdn: node-113.test.domain.local + name: node-113 + network_roles: + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '113' + uid: '113' + user_node_name: node-113 + node-114: + fqdn: node-114.test.domain.local + name: node-114 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 @@ -222,7 +444,7 @@ network_metadata: cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.108 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -252,14 +474,14 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '710' - uid: '710' - user_node_name: node-710 - node-711: - fqdn: node-711.domain.tld - name: node-711 + swift_zone: '114' + uid: '114' + user_node_name: node-114 + node-115: + fqdn: node-115.test.domain.local + name: node-115 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.109 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 @@ -268,7 +490,7 @@ network_metadata: cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.109 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -298,224 +520,9 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '711' - uid: '711' - user_node_name: node-711 - node-712: - fqdn: node-712.domain.tld - name: node-712 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '712' - uid: '712' - user_node_name: node-712 - node-713: - fqdn: node-713.domain.tld - name: node-713 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - primary-mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '713' - uid: '713' - user_node_name: node-713 - node-714: - fqdn: node-714.domain.tld - name: node-714 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '714' - uid: '714' - user_node_name: node-714 - node-715: - fqdn: node-715.domain.tld - name: node-715 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - cinder - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '715' - uid: '715' - user_node_name: node-715 - node-716: - fqdn: node-716.domain.tld - name: node-716 - network_roles: - admin/pxe: 10.145.0.106 - aodh/api: 192.168.0.7 - ceilometer/api: 192.168.0.7 - ceph/public: 192.168.1.7 - ceph/replication: 192.168.1.7 - cinder/api: 192.168.0.7 - cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 - glance/api: 192.168.0.7 - glance/glare: 192.168.0.7 - heat/api: 192.168.0.7 - horizon: 192.168.0.7 - ironic/api: 192.168.0.7 - keystone/api: 192.168.0.7 - management: 192.168.0.7 - mgmt/corosync: 192.168.0.7 - mgmt/database: 192.168.0.7 - mgmt/memcache: 192.168.0.7 - mgmt/messaging: 192.168.0.7 - mgmt/vip: 192.168.0.7 - mongo/db: 192.168.0.7 - murano/api: 192.168.0.7 - murano/cfapi: 192.168.0.7 - neutron/api: 192.168.0.7 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.7 - nova/migration: 192.168.0.7 - sahara/api: 192.168.0.7 - storage: 192.168.1.7 - swift/api: 192.168.0.7 - swift/replication: 192.168.1.7 - node_roles: - - cinder-block-device - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 vips: management: ipaddr: 192.168.0.9 @@ -562,18 +569,18 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.102/24 - gateway: 10.145.0.1 + - 10.109.15.107/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.2/24 + - 192.168.0.5/24 br-prv: IP: none br-storage: IP: - - 192.168.1.2/24 + - 192.168.1.5/24 interfaces: enp0s3: vendor_specific: @@ -845,85 +852,84 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-710.domain.tld +- fqdn: node-109.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-109 + role: cinder-block-device + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '109' + uid: '109' + user_node_name: node-109 +- fqdn: node-110.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-110 + role: cinder + storage_address: 192.168.1.2 + storage_netmask: 255.255.255.0 + swift_zone: '110' + uid: '110' + user_node_name: node-110 +- fqdn: node-111.test.domain.local + internal_address: 192.168.0.7 + internal_netmask: 255.255.255.0 + name: node-111 + role: primary-mongo + storage_address: 192.168.1.7 + storage_netmask: 255.255.255.0 + swift_zone: '111' + uid: '111' + user_node_name: node-111 +- fqdn: node-112.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-112 + role: mongo + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '112' + uid: '112' + user_node_name: node-112 +- fqdn: node-113.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-113 + role: compute + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '113' + uid: '113' + user_node_name: node-113 +- fqdn: node-114.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-710 + name: node-114 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '710' - uid: '710' - user_node_name: node-710 -- fqdn: node-711.domain.tld + swift_zone: '114' + uid: '114' + user_node_name: node-114 +- fqdn: node-115.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-711 + name: node-115 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '711' - uid: '711' - user_node_name: node-711 -- fqdn: node-712.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-712 - role: compute - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '712' - uid: '712' - user_node_name: node-712 -- fqdn: node-713.domain.tld - internal_address: 192.168.0.1 - internal_netmask: 255.255.255.0 - name: node-713 - role: primary-mongo - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '713' - uid: '713' - user_node_name: node-713 -- fqdn: node-714.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-714 - role: mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '714' - uid: '714' - user_node_name: node-714 -- fqdn: node-715.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-715 - role: cinder - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '715' - uid: '715' - user_node_name: node-715 -- fqdn: node-716.domain.tld - internal_address: 192.168.0.7 - internal_netmask: 255.255.255.0 - name: node-716 - role: cinder-block-device - storage_address: 192.168.1.7 - storage_netmask: 255.255.255.0 - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 nova: - db_password: THu8oGjIoXRqnJY12DAMedvs - enable_hugepages: false + db_password: SPvbQFIq7Q1iAtLHwpfzjGWo state_path: /var/lib/nova - user_password: ZWTTX3kWzZSNWVSRs9aNB5oM + user_password: RG7AmGV4ILPVFMrp6zgsqIPV nova_quota: false online: true openstack_version: newton-10.0 @@ -935,7 +941,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: sJ0EosrjP91NMUFEogKkhBmY + password: Zvfz46ns5WoUKuBmaEDRmI8V sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -945,11 +951,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1071,8 +1077,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1089,13 +1095,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: fmeHbOQi0Q5cI7Cv9EOYz2aG + passwd: zDLEige4VejqBsNTy2s27XmK default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: N5r4Ho0MymZlCQeEFUMpkMgE + admin_password: hUKUWmatqgFsy8MDEK5c6E5M metadata: - metadata_proxy_shared_secret: 2rE5aK3EWhJfL9YzoLYqkvbZ + metadata_proxy_shared_secret: kBaCwZrsnVfpN6Q7uR4Ieumu predefined_networks: admin_floating_net: L2: @@ -1129,7 +1135,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: n1T1gagLocy1J0sPTdTATzVc + password: 7tHX1fW8vZnaSMuinajtHtF5 release: attributes_metadata: editable: @@ -1237,6 +1243,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1319,6 +1368,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1739,6 +1800,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1773,8 +1837,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1851,11 +1913,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1908,6 +2029,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2148,6 +2272,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2157,8 +2287,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2185,7 +2323,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2206,7 +2346,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2454,6 +2596,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2483,10 +2626,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2558,6 +2703,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2729,7 +2875,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2753,14 +2899,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - compute +run_ping_checker: true sahara: - db_password: KOnGnD4ffht4JTKNnadQzJVt + db_password: iRFruHQcXdKzQX9roKooe3j6 enabled: true - user_password: I0h2uGaBR3ts4NujBxo8Toqi + user_password: dIwoOdfqEXyJ4jZkHVEfqXBY service_user: homedir: /var/lib/fuel metadata: @@ -2771,22 +2918,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 2Zhks66RxoJGBVYjjPCsuW1t + password: cIt7vulm3zZeSiYyYwjlbZV0 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQDmeEhXAAAAABAA89X4kMICOCOUEIEVRH0q5w== - bootstrap_osd_key: AQDmeEhXAAAAABAA3Gy4NiGQKX5/JJpsXNCBFA== + admin_key: AQDWBqNXAAAAABAAT0qwqsMZTndkc8Eir/2Bug== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQDWBqNXAAAAABAAkbTGIMIuAw4DyBkCBfPUrA== ephemeral_ceph: false - fsid: a841a476-236b-434f-8393-274ad608cbd5 + fsid: f01ee54d-25cb-4188-a66f-ec34d8418f3f images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQDmeEhXAAAAABAA7wUts7o9kl9RadsIu5KJhQ== + mon_key: AQDWBqNXAAAAABAAcRFHLwQi5ImsQLb1TamUCg== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2797,13 +2956,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQDmeEhXAAAAABAAphVN6V3fNYICXT+EH48zEg== + radosgw_key: AQDWBqNXAAAAABAAOcrrFlqdDFNS0aJKEEkyDQ== volumes_block_device: true volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: UNUZUKNrbQvMQsitNHMtrWeI + user_password: zuthAwdS1GuQ6ksatG5EZl2R syslog: metadata: enabled: false @@ -2825,11 +2984,11 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '712' +uid: '113' use_cinder: true use_cow_images: true use_vcenter: false -user_node_name: node-712 +user_node_name: node-113 vms_conf: [] workloads_collector: create_user: false @@ -2841,6 +3000,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: tGutWhN3UG9W9OnZISKlR4xB + password: fQ6D8FquZp28kSi8O4dTC8Cg tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.cblock.murano.sahara.ceil-controller.yaml b/hiera/neut_vlan.cblock.murano.sahara.ceil-controller.yaml index afd0d51..9e61629 100644 --- a/hiera/neut_vlan.cblock.murano.sahara.ceil-controller.yaml +++ b/hiera/neut_vlan.cblock.murano.sahara.ceil-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: UbmEKZTB3a2HE1S6xkIWFE64 - user_password: tPCjatrROm5zW0qqyBP5Z6ZJ + db_password: HJeTTcmoGh4WI4wlqlQu6Xz0 + user_password: uhZWPZWkzeofa6OtMPYX3We0 +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: j9yoAgFQqVJ3nPHS3E8oZNKY + db_password: J3JAf8W9JNIZKDVIKd4EVpqM enabled: true - metering_secret: HkQApiWEJWPQ6A52t4a5YCcQ - user_password: kRRTjPlstCxmiJXJe9gTBaW3 + metering_secret: iNGEelI6N2CDYbQs3yXht8EV + user_password: 6hzswiGt3QBjOXeM6Oz2IvNv cgroups: metadata: always_editable: true @@ -30,11 +40,19 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: 8mPSWaFcbxTWjmmZVuu58HIZ - fixed_key: f8f2e1d13d994370047f5fe0ccfb2adbd9bf0da1aaecf38b8893de189787bc44 - user_password: R8GcLYYSzybstefJrSnd4iLE + db_password: qygDERXtrfgT6ogbn9gzNvSZ + fixed_key: c4d8801ec9f3e013197ebffcc496eddc419591585b1f2ad26875f5dca2c8eed6 + user_password: wfgi03YjLhOXzurBF3nfrwvv cluster: changes: + - name: interfaces + node_id: 110 + - name: disks + node_id: 110 + - name: interfaces + node_id: 109 + - name: disks + node_id: 109 - name: attributes node_id: null - name: vmware_attributes @@ -42,36 +60,28 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 710 + node_id: 115 - name: disks - node_id: 710 + node_id: 115 - name: interfaces - node_id: 711 + node_id: 114 - name: disks - node_id: 711 + node_id: 114 - name: interfaces - node_id: 712 + node_id: 113 - name: disks - node_id: 712 + node_id: 113 - name: interfaces - node_id: 713 + node_id: 112 - name: disks - node_id: 713 + node_id: 112 - name: interfaces - node_id: 714 + node_id: 111 - name: disks - node_id: 714 - - name: interfaces - node_id: 715 - - name: disks - node_id: 715 - - name: interfaces - node_id: 716 - - name: disks - node_id: 716 + node_id: 111 components: [] fuel_version: '10.0' - id: 38 + id: 13 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 38 +deployment_id: 13 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-711.domain.tld +fqdn: node-115.test.domain.local fuel_version: '10.0' glance: - db_password: JrziwKrBaOcJtYLH18lzTHvN + db_password: N5ZwODSM9uzsaKReIgk6CyUq image_cache_max_size: '389537175961' - user_password: LDX2dRA0snAthtq1bt4hhwgA + user_password: i10d3excOPPDGJuXr3cYWJnk glance_glare: - user_password: LwFwVTtx7TQZilWcdYZ4rMPG + user_password: opwzp1g3vncEcnlcY1kReF54 heat: - auth_encryption_key: 89adc2b80449f19b1bc04621e571af5c - db_password: 7L8DeTK33SIDWG3PYBXl69bc + auth_encryption_key: 013fa22260a6c56c4bf233fa8f62c548 + db_password: E2ciRc0sX1DpEzjdJ1ZaWOlk enabled: true - rabbit_password: t6nLCJEaPiFhBeS7mguHLSe5 - user_password: wibR10fo8oamfqgJ5ylGMkvb + rabbit_password: tuBtD3lTvAI0kxIvtCWDmR6B + user_password: jQwF1acNLgnOLxNKZ5s8ZfdK horizon: - secret_key: 00db7790ecbdbea80f2b25820267977ef700c80da2cdad285ef5f205e7a5ca4f + secret_key: 83aae5d5bb487291cb70c0f23b98850c36fde49fb47edea27358ac8140db529c ironic: - db_password: vNA5pzrjCWCl0FRryR5xS5fN + db_password: PbXDe5oTtXhX35PImGFnMGOl enabled: false - swift_tempurl_key: KXjWzWpOK4N16tCTroxm4UF1 - user_password: wpx9YAhDMawWF8SkQqIJIqUw + swift_tempurl_key: 9UuMwMaaFIEW8nQFpY400yPG + user_password: YE6HrKfrTF5uc0tGBkIuqHef kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: ZfrqRoEZdj9Jpqd8bi6KDohK - db_password: BU35cEJm2n3bmboQT8ihTkvh -last_controller: node-711 + admin_token: UmLdEFjsZGoJGraFVCyKYNWR + db_password: 3Ovn9RvHGbQfcmDhLRESM7Xh +last_controller: node-115 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: GSnvMtnKQ51B9E3iKGNL5rru + db_password: XbE1FAEzWs1BNHKccWpo5O2j enabled: true - rabbit_password: KTf83RLXBK5XDJdPwZQCWnVz - user_password: gQBSnmY7rgZrEZT14OFGeGKF + rabbit_password: TqfkUPgddtZv6BbDaNC3SIvy + user_password: AAiYsFVUcFyowlA5Zw572vzY murano-cfapi: - db_password: H3MyI8EWzGt7WgFxbZZBLHsX + db_password: 0kTJ5gDINJ1TqatGPg3LAvcA enabled: false - rabbit_password: NAv7TFqw3ZJnzOsVFtdpEnjD - user_password: l73HVm4JtStp40evJ6S7jSnJ + rabbit_password: 2vA3nyagq8NcGPkDSaersOJm + user_password: 83MwOhtXIh6MSCqqwFxdGqEg murano_settings: metadata: group: openstack_services @@ -205,15 +212,230 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: aK9nC0A3jeBcqn9FP0I77AKW - wsrep_password: OeYRh6XkB65gah0PuI98jFOR + root_password: tP2Hkj41ujG6FTZnGOu7HVkJ + wsrep_password: WZT3FbjHqi9AxORYPfY6VTR5 network_metadata: nodes: - node-710: - fqdn: node-710.domain.tld - name: node-710 + node-109: + fqdn: node-109.test.domain.local + name: node-109 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: + - cinder-block-device + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '109' + uid: '109' + user_node_name: node-109 + node-110: + fqdn: node-110.test.domain.local + name: node-110 + network_roles: + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - cinder + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '110' + uid: '110' + user_node_name: node-110 + node-111: + fqdn: node-111.test.domain.local + name: node-111 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.7 + ceilometer/api: 192.168.0.7 + ceph/public: 192.168.1.7 + ceph/replication: 192.168.1.7 + cinder/api: 192.168.0.7 + cinder/iscsi: 192.168.1.7 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.7 + glance/glare: 192.168.0.7 + heat/api: 192.168.0.7 + horizon: 192.168.0.7 + ironic/api: 192.168.0.7 + keystone/api: 192.168.0.7 + management: 192.168.0.7 + mgmt/corosync: 192.168.0.7 + mgmt/database: 192.168.0.7 + mgmt/memcache: 192.168.0.7 + mgmt/messaging: 192.168.0.7 + mgmt/vip: 192.168.0.7 + mongo/db: 192.168.0.7 + murano/api: 192.168.0.7 + murano/cfapi: 192.168.0.7 + neutron/api: 192.168.0.7 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.7 + nova/migration: 192.168.0.7 + sahara/api: 192.168.0.7 + storage: 192.168.1.7 + swift/api: 192.168.0.7 + swift/replication: 192.168.1.7 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '111' + uid: '111' + user_node_name: node-111 + node-112: + fqdn: node-112.test.domain.local + name: node-112 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '112' + uid: '112' + user_node_name: node-112 + node-113: + fqdn: node-113.test.domain.local + name: node-113 + network_roles: + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '113' + uid: '113' + user_node_name: node-113 + node-114: + fqdn: node-114.test.domain.local + name: node-114 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 @@ -222,7 +444,7 @@ network_metadata: cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.108 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -252,14 +474,14 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '710' - uid: '710' - user_node_name: node-710 - node-711: - fqdn: node-711.domain.tld - name: node-711 + swift_zone: '114' + uid: '114' + user_node_name: node-114 + node-115: + fqdn: node-115.test.domain.local + name: node-115 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.109 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 @@ -268,7 +490,7 @@ network_metadata: cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.109 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -298,224 +520,9 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '711' - uid: '711' - user_node_name: node-711 - node-712: - fqdn: node-712.domain.tld - name: node-712 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '712' - uid: '712' - user_node_name: node-712 - node-713: - fqdn: node-713.domain.tld - name: node-713 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - primary-mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '713' - uid: '713' - user_node_name: node-713 - node-714: - fqdn: node-714.domain.tld - name: node-714 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '714' - uid: '714' - user_node_name: node-714 - node-715: - fqdn: node-715.domain.tld - name: node-715 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - cinder - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '715' - uid: '715' - user_node_name: node-715 - node-716: - fqdn: node-716.domain.tld - name: node-716 - network_roles: - admin/pxe: 10.145.0.106 - aodh/api: 192.168.0.7 - ceilometer/api: 192.168.0.7 - ceph/public: 192.168.1.7 - ceph/replication: 192.168.1.7 - cinder/api: 192.168.0.7 - cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 - glance/api: 192.168.0.7 - glance/glare: 192.168.0.7 - heat/api: 192.168.0.7 - horizon: 192.168.0.7 - ironic/api: 192.168.0.7 - keystone/api: 192.168.0.7 - management: 192.168.0.7 - mgmt/corosync: 192.168.0.7 - mgmt/database: 192.168.0.7 - mgmt/memcache: 192.168.0.7 - mgmt/messaging: 192.168.0.7 - mgmt/vip: 192.168.0.7 - mongo/db: 192.168.0.7 - murano/api: 192.168.0.7 - murano/cfapi: 192.168.0.7 - neutron/api: 192.168.0.7 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.7 - nova/migration: 192.168.0.7 - sahara/api: 192.168.0.7 - storage: 192.168.1.7 - swift/api: 192.168.0.7 - swift/replication: 192.168.1.7 - node_roles: - - cinder-block-device - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 vips: management: ipaddr: 192.168.0.9 @@ -570,9 +577,9 @@ network_scheme: IP: none br-fw-admin: IP: - - 10.145.0.101/24 + - 10.109.15.109/24 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - 192.168.0.4/24 @@ -975,85 +982,84 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-710.domain.tld +- fqdn: node-109.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-109 + role: cinder-block-device + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '109' + uid: '109' + user_node_name: node-109 +- fqdn: node-110.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-110 + role: cinder + storage_address: 192.168.1.2 + storage_netmask: 255.255.255.0 + swift_zone: '110' + uid: '110' + user_node_name: node-110 +- fqdn: node-111.test.domain.local + internal_address: 192.168.0.7 + internal_netmask: 255.255.255.0 + name: node-111 + role: primary-mongo + storage_address: 192.168.1.7 + storage_netmask: 255.255.255.0 + swift_zone: '111' + uid: '111' + user_node_name: node-111 +- fqdn: node-112.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-112 + role: mongo + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '112' + uid: '112' + user_node_name: node-112 +- fqdn: node-113.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-113 + role: compute + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '113' + uid: '113' + user_node_name: node-113 +- fqdn: node-114.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-710 + name: node-114 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '710' - uid: '710' - user_node_name: node-710 -- fqdn: node-711.domain.tld + swift_zone: '114' + uid: '114' + user_node_name: node-114 +- fqdn: node-115.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-711 + name: node-115 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '711' - uid: '711' - user_node_name: node-711 -- fqdn: node-712.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-712 - role: compute - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '712' - uid: '712' - user_node_name: node-712 -- fqdn: node-713.domain.tld - internal_address: 192.168.0.1 - internal_netmask: 255.255.255.0 - name: node-713 - role: primary-mongo - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '713' - uid: '713' - user_node_name: node-713 -- fqdn: node-714.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-714 - role: mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '714' - uid: '714' - user_node_name: node-714 -- fqdn: node-715.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-715 - role: cinder - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '715' - uid: '715' - user_node_name: node-715 -- fqdn: node-716.domain.tld - internal_address: 192.168.0.7 - internal_netmask: 255.255.255.0 - name: node-716 - role: cinder-block-device - storage_address: 192.168.1.7 - storage_netmask: 255.255.255.0 - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 nova: - db_password: THu8oGjIoXRqnJY12DAMedvs - enable_hugepages: false + db_password: SPvbQFIq7Q1iAtLHwpfzjGWo state_path: /var/lib/nova - user_password: ZWTTX3kWzZSNWVSRs9aNB5oM + user_password: RG7AmGV4ILPVFMrp6zgsqIPV nova_quota: false online: true openstack_version: newton-10.0 @@ -1065,7 +1071,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: sJ0EosrjP91NMUFEogKkhBmY + password: Zvfz46ns5WoUKuBmaEDRmI8V sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -1075,11 +1081,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1201,8 +1207,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1219,13 +1225,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: fmeHbOQi0Q5cI7Cv9EOYz2aG + passwd: zDLEige4VejqBsNTy2s27XmK default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: N5r4Ho0MymZlCQeEFUMpkMgE + admin_password: hUKUWmatqgFsy8MDEK5c6E5M metadata: - metadata_proxy_shared_secret: 2rE5aK3EWhJfL9YzoLYqkvbZ + metadata_proxy_shared_secret: kBaCwZrsnVfpN6Q7uR4Ieumu predefined_networks: admin_floating_net: L2: @@ -1259,7 +1265,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: n1T1gagLocy1J0sPTdTATzVc + password: 7tHX1fW8vZnaSMuinajtHtF5 release: attributes_metadata: editable: @@ -1367,6 +1373,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1449,6 +1498,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1869,6 +1930,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1903,8 +1967,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1981,11 +2043,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -2038,6 +2159,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2278,6 +2402,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2287,8 +2417,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2315,7 +2453,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2336,7 +2476,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2584,6 +2726,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2613,10 +2756,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2688,6 +2833,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2859,7 +3005,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2883,14 +3029,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - controller +run_ping_checker: true sahara: - db_password: KOnGnD4ffht4JTKNnadQzJVt + db_password: iRFruHQcXdKzQX9roKooe3j6 enabled: true - user_password: I0h2uGaBR3ts4NujBxo8Toqi + user_password: dIwoOdfqEXyJ4jZkHVEfqXBY service_user: homedir: /var/lib/fuel metadata: @@ -2901,22 +3048,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 2Zhks66RxoJGBVYjjPCsuW1t + password: cIt7vulm3zZeSiYyYwjlbZV0 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQDmeEhXAAAAABAA89X4kMICOCOUEIEVRH0q5w== - bootstrap_osd_key: AQDmeEhXAAAAABAA3Gy4NiGQKX5/JJpsXNCBFA== + admin_key: AQDWBqNXAAAAABAAT0qwqsMZTndkc8Eir/2Bug== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQDWBqNXAAAAABAAkbTGIMIuAw4DyBkCBfPUrA== ephemeral_ceph: false - fsid: a841a476-236b-434f-8393-274ad608cbd5 + fsid: f01ee54d-25cb-4188-a66f-ec34d8418f3f images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQDmeEhXAAAAABAA7wUts7o9kl9RadsIu5KJhQ== + mon_key: AQDWBqNXAAAAABAAcRFHLwQi5ImsQLb1TamUCg== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2927,13 +3086,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQDmeEhXAAAAABAAphVN6V3fNYICXT+EH48zEg== + radosgw_key: AQDWBqNXAAAAABAAOcrrFlqdDFNS0aJKEEkyDQ== volumes_block_device: true volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: UNUZUKNrbQvMQsitNHMtrWeI + user_password: zuthAwdS1GuQ6ksatG5EZl2R syslog: metadata: enabled: false @@ -2955,11 +3114,11 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '711' +uid: '115' use_cinder: true use_cow_images: true use_vcenter: false -user_node_name: node-711 +user_node_name: node-115 vms_conf: [] workloads_collector: create_user: false @@ -2971,6 +3130,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: tGutWhN3UG9W9OnZISKlR4xB + password: fQ6D8FquZp28kSi8O4dTC8Cg tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.cblock.murano.sahara.ceil-mongo.yaml b/hiera/neut_vlan.cblock.murano.sahara.ceil-mongo.yaml index e20f160..86a675a 100644 --- a/hiera/neut_vlan.cblock.murano.sahara.ceil-mongo.yaml +++ b/hiera/neut_vlan.cblock.murano.sahara.ceil-mongo.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: UbmEKZTB3a2HE1S6xkIWFE64 - user_password: tPCjatrROm5zW0qqyBP5Z6ZJ + db_password: HJeTTcmoGh4WI4wlqlQu6Xz0 + user_password: uhZWPZWkzeofa6OtMPYX3We0 +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: j9yoAgFQqVJ3nPHS3E8oZNKY + db_password: J3JAf8W9JNIZKDVIKd4EVpqM enabled: true - metering_secret: HkQApiWEJWPQ6A52t4a5YCcQ - user_password: kRRTjPlstCxmiJXJe9gTBaW3 + metering_secret: iNGEelI6N2CDYbQs3yXht8EV + user_password: 6hzswiGt3QBjOXeM6Oz2IvNv cgroups: metadata: always_editable: true @@ -30,11 +40,19 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: 8mPSWaFcbxTWjmmZVuu58HIZ - fixed_key: f8f2e1d13d994370047f5fe0ccfb2adbd9bf0da1aaecf38b8893de189787bc44 - user_password: R8GcLYYSzybstefJrSnd4iLE + db_password: qygDERXtrfgT6ogbn9gzNvSZ + fixed_key: c4d8801ec9f3e013197ebffcc496eddc419591585b1f2ad26875f5dca2c8eed6 + user_password: wfgi03YjLhOXzurBF3nfrwvv cluster: changes: + - name: interfaces + node_id: 110 + - name: disks + node_id: 110 + - name: interfaces + node_id: 109 + - name: disks + node_id: 109 - name: attributes node_id: null - name: vmware_attributes @@ -42,36 +60,28 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 710 + node_id: 115 - name: disks - node_id: 710 + node_id: 115 - name: interfaces - node_id: 711 + node_id: 114 - name: disks - node_id: 711 + node_id: 114 - name: interfaces - node_id: 712 + node_id: 113 - name: disks - node_id: 712 + node_id: 113 - name: interfaces - node_id: 713 + node_id: 112 - name: disks - node_id: 713 + node_id: 112 - name: interfaces - node_id: 714 + node_id: 111 - name: disks - node_id: 714 - - name: interfaces - node_id: 715 - - name: disks - node_id: 715 - - name: interfaces - node_id: 716 - - name: disks - node_id: 716 + node_id: 111 components: [] fuel_version: '10.0' - id: 38 + id: 13 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 38 +deployment_id: 13 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: false -fqdn: node-714.domain.tld +fqdn: node-112.test.domain.local fuel_version: '10.0' glance: - db_password: JrziwKrBaOcJtYLH18lzTHvN - image_cache_max_size: '5368709120' - user_password: LDX2dRA0snAthtq1bt4hhwgA + db_password: N5ZwODSM9uzsaKReIgk6CyUq + image_cache_max_size: '0' + user_password: i10d3excOPPDGJuXr3cYWJnk glance_glare: - user_password: LwFwVTtx7TQZilWcdYZ4rMPG + user_password: opwzp1g3vncEcnlcY1kReF54 heat: - auth_encryption_key: 89adc2b80449f19b1bc04621e571af5c - db_password: 7L8DeTK33SIDWG3PYBXl69bc + auth_encryption_key: 013fa22260a6c56c4bf233fa8f62c548 + db_password: E2ciRc0sX1DpEzjdJ1ZaWOlk enabled: true - rabbit_password: t6nLCJEaPiFhBeS7mguHLSe5 - user_password: wibR10fo8oamfqgJ5ylGMkvb + rabbit_password: tuBtD3lTvAI0kxIvtCWDmR6B + user_password: jQwF1acNLgnOLxNKZ5s8ZfdK horizon: - secret_key: 00db7790ecbdbea80f2b25820267977ef700c80da2cdad285ef5f205e7a5ca4f + secret_key: 83aae5d5bb487291cb70c0f23b98850c36fde49fb47edea27358ac8140db529c ironic: - db_password: vNA5pzrjCWCl0FRryR5xS5fN + db_password: PbXDe5oTtXhX35PImGFnMGOl enabled: false - swift_tempurl_key: KXjWzWpOK4N16tCTroxm4UF1 - user_password: wpx9YAhDMawWF8SkQqIJIqUw + swift_tempurl_key: 9UuMwMaaFIEW8nQFpY400yPG + user_password: YE6HrKfrTF5uc0tGBkIuqHef kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: ZfrqRoEZdj9Jpqd8bi6KDohK - db_password: BU35cEJm2n3bmboQT8ihTkvh -last_controller: node-711 + admin_token: UmLdEFjsZGoJGraFVCyKYNWR + db_password: 3Ovn9RvHGbQfcmDhLRESM7Xh +last_controller: node-115 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: GSnvMtnKQ51B9E3iKGNL5rru + db_password: XbE1FAEzWs1BNHKccWpo5O2j enabled: true - rabbit_password: KTf83RLXBK5XDJdPwZQCWnVz - user_password: gQBSnmY7rgZrEZT14OFGeGKF + rabbit_password: TqfkUPgddtZv6BbDaNC3SIvy + user_password: AAiYsFVUcFyowlA5Zw572vzY murano-cfapi: - db_password: H3MyI8EWzGt7WgFxbZZBLHsX + db_password: 0kTJ5gDINJ1TqatGPg3LAvcA enabled: false - rabbit_password: NAv7TFqw3ZJnzOsVFtdpEnjD - user_password: l73HVm4JtStp40evJ6S7jSnJ + rabbit_password: 2vA3nyagq8NcGPkDSaersOJm + user_password: 83MwOhtXIh6MSCqqwFxdGqEg murano_settings: metadata: group: openstack_services @@ -205,15 +212,230 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: aK9nC0A3jeBcqn9FP0I77AKW - wsrep_password: OeYRh6XkB65gah0PuI98jFOR + root_password: tP2Hkj41ujG6FTZnGOu7HVkJ + wsrep_password: WZT3FbjHqi9AxORYPfY6VTR5 network_metadata: nodes: - node-710: - fqdn: node-710.domain.tld - name: node-710 + node-109: + fqdn: node-109.test.domain.local + name: node-109 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: + - cinder-block-device + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '109' + uid: '109' + user_node_name: node-109 + node-110: + fqdn: node-110.test.domain.local + name: node-110 + network_roles: + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - cinder + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '110' + uid: '110' + user_node_name: node-110 + node-111: + fqdn: node-111.test.domain.local + name: node-111 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.7 + ceilometer/api: 192.168.0.7 + ceph/public: 192.168.1.7 + ceph/replication: 192.168.1.7 + cinder/api: 192.168.0.7 + cinder/iscsi: 192.168.1.7 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.7 + glance/glare: 192.168.0.7 + heat/api: 192.168.0.7 + horizon: 192.168.0.7 + ironic/api: 192.168.0.7 + keystone/api: 192.168.0.7 + management: 192.168.0.7 + mgmt/corosync: 192.168.0.7 + mgmt/database: 192.168.0.7 + mgmt/memcache: 192.168.0.7 + mgmt/messaging: 192.168.0.7 + mgmt/vip: 192.168.0.7 + mongo/db: 192.168.0.7 + murano/api: 192.168.0.7 + murano/cfapi: 192.168.0.7 + neutron/api: 192.168.0.7 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.7 + nova/migration: 192.168.0.7 + sahara/api: 192.168.0.7 + storage: 192.168.1.7 + swift/api: 192.168.0.7 + swift/replication: 192.168.1.7 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '111' + uid: '111' + user_node_name: node-111 + node-112: + fqdn: node-112.test.domain.local + name: node-112 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '112' + uid: '112' + user_node_name: node-112 + node-113: + fqdn: node-113.test.domain.local + name: node-113 + network_roles: + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '113' + uid: '113' + user_node_name: node-113 + node-114: + fqdn: node-114.test.domain.local + name: node-114 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 @@ -222,7 +444,7 @@ network_metadata: cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.108 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -252,14 +474,14 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '710' - uid: '710' - user_node_name: node-710 - node-711: - fqdn: node-711.domain.tld - name: node-711 + swift_zone: '114' + uid: '114' + user_node_name: node-114 + node-115: + fqdn: node-115.test.domain.local + name: node-115 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.109 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 @@ -268,7 +490,7 @@ network_metadata: cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.109 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -298,224 +520,9 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '711' - uid: '711' - user_node_name: node-711 - node-712: - fqdn: node-712.domain.tld - name: node-712 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '712' - uid: '712' - user_node_name: node-712 - node-713: - fqdn: node-713.domain.tld - name: node-713 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - primary-mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '713' - uid: '713' - user_node_name: node-713 - node-714: - fqdn: node-714.domain.tld - name: node-714 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '714' - uid: '714' - user_node_name: node-714 - node-715: - fqdn: node-715.domain.tld - name: node-715 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - cinder - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '715' - uid: '715' - user_node_name: node-715 - node-716: - fqdn: node-716.domain.tld - name: node-716 - network_roles: - admin/pxe: 10.145.0.106 - aodh/api: 192.168.0.7 - ceilometer/api: 192.168.0.7 - ceph/public: 192.168.1.7 - ceph/replication: 192.168.1.7 - cinder/api: 192.168.0.7 - cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 - glance/api: 192.168.0.7 - glance/glare: 192.168.0.7 - heat/api: 192.168.0.7 - horizon: 192.168.0.7 - ironic/api: 192.168.0.7 - keystone/api: 192.168.0.7 - management: 192.168.0.7 - mgmt/corosync: 192.168.0.7 - mgmt/database: 192.168.0.7 - mgmt/memcache: 192.168.0.7 - mgmt/messaging: 192.168.0.7 - mgmt/vip: 192.168.0.7 - mongo/db: 192.168.0.7 - murano/api: 192.168.0.7 - murano/cfapi: 192.168.0.7 - neutron/api: 192.168.0.7 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.7 - nova/migration: 192.168.0.7 - sahara/api: 192.168.0.7 - storage: 192.168.1.7 - swift/api: 192.168.0.7 - swift/replication: 192.168.1.7 - node_roles: - - cinder-block-device - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 vips: management: ipaddr: 192.168.0.9 @@ -562,18 +569,18 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.104/24 - gateway: 10.145.0.1 + - 10.109.15.106/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.5/24 + - 192.168.0.6/24 br-prv: IP: none br-storage: IP: - - 192.168.1.5/24 + - 192.168.1.6/24 interfaces: enp0s3: vendor_specific: @@ -845,85 +852,84 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-710.domain.tld +- fqdn: node-109.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-109 + role: cinder-block-device + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '109' + uid: '109' + user_node_name: node-109 +- fqdn: node-110.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-110 + role: cinder + storage_address: 192.168.1.2 + storage_netmask: 255.255.255.0 + swift_zone: '110' + uid: '110' + user_node_name: node-110 +- fqdn: node-111.test.domain.local + internal_address: 192.168.0.7 + internal_netmask: 255.255.255.0 + name: node-111 + role: primary-mongo + storage_address: 192.168.1.7 + storage_netmask: 255.255.255.0 + swift_zone: '111' + uid: '111' + user_node_name: node-111 +- fqdn: node-112.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-112 + role: mongo + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '112' + uid: '112' + user_node_name: node-112 +- fqdn: node-113.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-113 + role: compute + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '113' + uid: '113' + user_node_name: node-113 +- fqdn: node-114.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-710 + name: node-114 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '710' - uid: '710' - user_node_name: node-710 -- fqdn: node-711.domain.tld + swift_zone: '114' + uid: '114' + user_node_name: node-114 +- fqdn: node-115.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-711 + name: node-115 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '711' - uid: '711' - user_node_name: node-711 -- fqdn: node-712.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-712 - role: compute - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '712' - uid: '712' - user_node_name: node-712 -- fqdn: node-713.domain.tld - internal_address: 192.168.0.1 - internal_netmask: 255.255.255.0 - name: node-713 - role: primary-mongo - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '713' - uid: '713' - user_node_name: node-713 -- fqdn: node-714.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-714 - role: mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '714' - uid: '714' - user_node_name: node-714 -- fqdn: node-715.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-715 - role: cinder - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '715' - uid: '715' - user_node_name: node-715 -- fqdn: node-716.domain.tld - internal_address: 192.168.0.7 - internal_netmask: 255.255.255.0 - name: node-716 - role: cinder-block-device - storage_address: 192.168.1.7 - storage_netmask: 255.255.255.0 - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 nova: - db_password: THu8oGjIoXRqnJY12DAMedvs - enable_hugepages: false + db_password: SPvbQFIq7Q1iAtLHwpfzjGWo state_path: /var/lib/nova - user_password: ZWTTX3kWzZSNWVSRs9aNB5oM + user_password: RG7AmGV4ILPVFMrp6zgsqIPV nova_quota: false online: true openstack_version: newton-10.0 @@ -935,7 +941,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: sJ0EosrjP91NMUFEogKkhBmY + password: Zvfz46ns5WoUKuBmaEDRmI8V sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -945,11 +951,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1071,8 +1077,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1089,13 +1095,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: fmeHbOQi0Q5cI7Cv9EOYz2aG + passwd: zDLEige4VejqBsNTy2s27XmK default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: N5r4Ho0MymZlCQeEFUMpkMgE + admin_password: hUKUWmatqgFsy8MDEK5c6E5M metadata: - metadata_proxy_shared_secret: 2rE5aK3EWhJfL9YzoLYqkvbZ + metadata_proxy_shared_secret: kBaCwZrsnVfpN6Q7uR4Ieumu predefined_networks: admin_floating_net: L2: @@ -1129,7 +1135,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: n1T1gagLocy1J0sPTdTATzVc + password: 7tHX1fW8vZnaSMuinajtHtF5 release: attributes_metadata: editable: @@ -1237,6 +1243,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1319,6 +1368,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1739,6 +1800,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1773,8 +1837,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1851,11 +1913,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1908,6 +2029,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2148,6 +2272,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2157,8 +2287,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2185,7 +2323,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2206,7 +2346,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2454,6 +2596,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2483,10 +2626,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2558,6 +2703,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2729,7 +2875,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2753,14 +2899,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - mongo +run_ping_checker: true sahara: - db_password: KOnGnD4ffht4JTKNnadQzJVt + db_password: iRFruHQcXdKzQX9roKooe3j6 enabled: true - user_password: I0h2uGaBR3ts4NujBxo8Toqi + user_password: dIwoOdfqEXyJ4jZkHVEfqXBY service_user: homedir: /var/lib/fuel metadata: @@ -2771,22 +2918,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 2Zhks66RxoJGBVYjjPCsuW1t + password: cIt7vulm3zZeSiYyYwjlbZV0 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQDmeEhXAAAAABAA89X4kMICOCOUEIEVRH0q5w== - bootstrap_osd_key: AQDmeEhXAAAAABAA3Gy4NiGQKX5/JJpsXNCBFA== + admin_key: AQDWBqNXAAAAABAAT0qwqsMZTndkc8Eir/2Bug== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQDWBqNXAAAAABAAkbTGIMIuAw4DyBkCBfPUrA== ephemeral_ceph: false - fsid: a841a476-236b-434f-8393-274ad608cbd5 + fsid: f01ee54d-25cb-4188-a66f-ec34d8418f3f images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQDmeEhXAAAAABAA7wUts7o9kl9RadsIu5KJhQ== + mon_key: AQDWBqNXAAAAABAAcRFHLwQi5ImsQLb1TamUCg== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2797,13 +2956,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQDmeEhXAAAAABAAphVN6V3fNYICXT+EH48zEg== + radosgw_key: AQDWBqNXAAAAABAAOcrrFlqdDFNS0aJKEEkyDQ== volumes_block_device: true volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: UNUZUKNrbQvMQsitNHMtrWeI + user_password: zuthAwdS1GuQ6ksatG5EZl2R syslog: metadata: enabled: false @@ -2825,11 +2984,11 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '714' +uid: '112' use_cinder: true use_cow_images: true use_vcenter: false -user_node_name: node-714 +user_node_name: node-112 vms_conf: [] workloads_collector: create_user: false @@ -2841,6 +3000,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: tGutWhN3UG9W9OnZISKlR4xB + password: fQ6D8FquZp28kSi8O4dTC8Cg tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.cblock.murano.sahara.ceil-primary-controller.yaml b/hiera/neut_vlan.cblock.murano.sahara.ceil-primary-controller.yaml index caf7138..10b889c 100644 --- a/hiera/neut_vlan.cblock.murano.sahara.ceil-primary-controller.yaml +++ b/hiera/neut_vlan.cblock.murano.sahara.ceil-primary-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: UbmEKZTB3a2HE1S6xkIWFE64 - user_password: tPCjatrROm5zW0qqyBP5Z6ZJ + db_password: HJeTTcmoGh4WI4wlqlQu6Xz0 + user_password: uhZWPZWkzeofa6OtMPYX3We0 +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: j9yoAgFQqVJ3nPHS3E8oZNKY + db_password: J3JAf8W9JNIZKDVIKd4EVpqM enabled: true - metering_secret: HkQApiWEJWPQ6A52t4a5YCcQ - user_password: kRRTjPlstCxmiJXJe9gTBaW3 + metering_secret: iNGEelI6N2CDYbQs3yXht8EV + user_password: 6hzswiGt3QBjOXeM6Oz2IvNv cgroups: metadata: always_editable: true @@ -30,11 +40,19 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: 8mPSWaFcbxTWjmmZVuu58HIZ - fixed_key: f8f2e1d13d994370047f5fe0ccfb2adbd9bf0da1aaecf38b8893de189787bc44 - user_password: R8GcLYYSzybstefJrSnd4iLE + db_password: qygDERXtrfgT6ogbn9gzNvSZ + fixed_key: c4d8801ec9f3e013197ebffcc496eddc419591585b1f2ad26875f5dca2c8eed6 + user_password: wfgi03YjLhOXzurBF3nfrwvv cluster: changes: + - name: interfaces + node_id: 110 + - name: disks + node_id: 110 + - name: interfaces + node_id: 109 + - name: disks + node_id: 109 - name: attributes node_id: null - name: vmware_attributes @@ -42,36 +60,28 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 710 + node_id: 115 - name: disks - node_id: 710 + node_id: 115 - name: interfaces - node_id: 711 + node_id: 114 - name: disks - node_id: 711 + node_id: 114 - name: interfaces - node_id: 712 + node_id: 113 - name: disks - node_id: 712 + node_id: 113 - name: interfaces - node_id: 713 + node_id: 112 - name: disks - node_id: 713 + node_id: 112 - name: interfaces - node_id: 714 + node_id: 111 - name: disks - node_id: 714 - - name: interfaces - node_id: 715 - - name: disks - node_id: 715 - - name: interfaces - node_id: 716 - - name: disks - node_id: 716 + node_id: 111 components: [] fuel_version: '10.0' - id: 38 + id: 13 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 38 +deployment_id: 13 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-710.domain.tld +fqdn: node-114.test.domain.local fuel_version: '10.0' glance: - db_password: JrziwKrBaOcJtYLH18lzTHvN + db_password: N5ZwODSM9uzsaKReIgk6CyUq image_cache_max_size: '389537175961' - user_password: LDX2dRA0snAthtq1bt4hhwgA + user_password: i10d3excOPPDGJuXr3cYWJnk glance_glare: - user_password: LwFwVTtx7TQZilWcdYZ4rMPG + user_password: opwzp1g3vncEcnlcY1kReF54 heat: - auth_encryption_key: 89adc2b80449f19b1bc04621e571af5c - db_password: 7L8DeTK33SIDWG3PYBXl69bc + auth_encryption_key: 013fa22260a6c56c4bf233fa8f62c548 + db_password: E2ciRc0sX1DpEzjdJ1ZaWOlk enabled: true - rabbit_password: t6nLCJEaPiFhBeS7mguHLSe5 - user_password: wibR10fo8oamfqgJ5ylGMkvb + rabbit_password: tuBtD3lTvAI0kxIvtCWDmR6B + user_password: jQwF1acNLgnOLxNKZ5s8ZfdK horizon: - secret_key: 00db7790ecbdbea80f2b25820267977ef700c80da2cdad285ef5f205e7a5ca4f + secret_key: 83aae5d5bb487291cb70c0f23b98850c36fde49fb47edea27358ac8140db529c ironic: - db_password: vNA5pzrjCWCl0FRryR5xS5fN + db_password: PbXDe5oTtXhX35PImGFnMGOl enabled: false - swift_tempurl_key: KXjWzWpOK4N16tCTroxm4UF1 - user_password: wpx9YAhDMawWF8SkQqIJIqUw + swift_tempurl_key: 9UuMwMaaFIEW8nQFpY400yPG + user_password: YE6HrKfrTF5uc0tGBkIuqHef kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: ZfrqRoEZdj9Jpqd8bi6KDohK - db_password: BU35cEJm2n3bmboQT8ihTkvh -last_controller: node-711 + admin_token: UmLdEFjsZGoJGraFVCyKYNWR + db_password: 3Ovn9RvHGbQfcmDhLRESM7Xh +last_controller: node-115 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: GSnvMtnKQ51B9E3iKGNL5rru + db_password: XbE1FAEzWs1BNHKccWpo5O2j enabled: true - rabbit_password: KTf83RLXBK5XDJdPwZQCWnVz - user_password: gQBSnmY7rgZrEZT14OFGeGKF + rabbit_password: TqfkUPgddtZv6BbDaNC3SIvy + user_password: AAiYsFVUcFyowlA5Zw572vzY murano-cfapi: - db_password: H3MyI8EWzGt7WgFxbZZBLHsX + db_password: 0kTJ5gDINJ1TqatGPg3LAvcA enabled: false - rabbit_password: NAv7TFqw3ZJnzOsVFtdpEnjD - user_password: l73HVm4JtStp40evJ6S7jSnJ + rabbit_password: 2vA3nyagq8NcGPkDSaersOJm + user_password: 83MwOhtXIh6MSCqqwFxdGqEg murano_settings: metadata: group: openstack_services @@ -205,15 +212,230 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: aK9nC0A3jeBcqn9FP0I77AKW - wsrep_password: OeYRh6XkB65gah0PuI98jFOR + root_password: tP2Hkj41ujG6FTZnGOu7HVkJ + wsrep_password: WZT3FbjHqi9AxORYPfY6VTR5 network_metadata: nodes: - node-710: - fqdn: node-710.domain.tld - name: node-710 + node-109: + fqdn: node-109.test.domain.local + name: node-109 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: + - cinder-block-device + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '109' + uid: '109' + user_node_name: node-109 + node-110: + fqdn: node-110.test.domain.local + name: node-110 + network_roles: + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - cinder + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '110' + uid: '110' + user_node_name: node-110 + node-111: + fqdn: node-111.test.domain.local + name: node-111 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.7 + ceilometer/api: 192.168.0.7 + ceph/public: 192.168.1.7 + ceph/replication: 192.168.1.7 + cinder/api: 192.168.0.7 + cinder/iscsi: 192.168.1.7 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.7 + glance/glare: 192.168.0.7 + heat/api: 192.168.0.7 + horizon: 192.168.0.7 + ironic/api: 192.168.0.7 + keystone/api: 192.168.0.7 + management: 192.168.0.7 + mgmt/corosync: 192.168.0.7 + mgmt/database: 192.168.0.7 + mgmt/memcache: 192.168.0.7 + mgmt/messaging: 192.168.0.7 + mgmt/vip: 192.168.0.7 + mongo/db: 192.168.0.7 + murano/api: 192.168.0.7 + murano/cfapi: 192.168.0.7 + neutron/api: 192.168.0.7 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.7 + nova/migration: 192.168.0.7 + sahara/api: 192.168.0.7 + storage: 192.168.1.7 + swift/api: 192.168.0.7 + swift/replication: 192.168.1.7 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '111' + uid: '111' + user_node_name: node-111 + node-112: + fqdn: node-112.test.domain.local + name: node-112 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '112' + uid: '112' + user_node_name: node-112 + node-113: + fqdn: node-113.test.domain.local + name: node-113 + network_roles: + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '113' + uid: '113' + user_node_name: node-113 + node-114: + fqdn: node-114.test.domain.local + name: node-114 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 @@ -222,7 +444,7 @@ network_metadata: cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.108 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -252,14 +474,14 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '710' - uid: '710' - user_node_name: node-710 - node-711: - fqdn: node-711.domain.tld - name: node-711 + swift_zone: '114' + uid: '114' + user_node_name: node-114 + node-115: + fqdn: node-115.test.domain.local + name: node-115 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.109 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 @@ -268,7 +490,7 @@ network_metadata: cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.109 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -298,224 +520,9 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '711' - uid: '711' - user_node_name: node-711 - node-712: - fqdn: node-712.domain.tld - name: node-712 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '712' - uid: '712' - user_node_name: node-712 - node-713: - fqdn: node-713.domain.tld - name: node-713 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - primary-mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '713' - uid: '713' - user_node_name: node-713 - node-714: - fqdn: node-714.domain.tld - name: node-714 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '714' - uid: '714' - user_node_name: node-714 - node-715: - fqdn: node-715.domain.tld - name: node-715 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - cinder - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '715' - uid: '715' - user_node_name: node-715 - node-716: - fqdn: node-716.domain.tld - name: node-716 - network_roles: - admin/pxe: 10.145.0.106 - aodh/api: 192.168.0.7 - ceilometer/api: 192.168.0.7 - ceph/public: 192.168.1.7 - ceph/replication: 192.168.1.7 - cinder/api: 192.168.0.7 - cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 - glance/api: 192.168.0.7 - glance/glare: 192.168.0.7 - heat/api: 192.168.0.7 - horizon: 192.168.0.7 - ironic/api: 192.168.0.7 - keystone/api: 192.168.0.7 - management: 192.168.0.7 - mgmt/corosync: 192.168.0.7 - mgmt/database: 192.168.0.7 - mgmt/memcache: 192.168.0.7 - mgmt/messaging: 192.168.0.7 - mgmt/vip: 192.168.0.7 - mongo/db: 192.168.0.7 - murano/api: 192.168.0.7 - murano/cfapi: 192.168.0.7 - neutron/api: 192.168.0.7 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.7 - nova/migration: 192.168.0.7 - sahara/api: 192.168.0.7 - storage: 192.168.1.7 - swift/api: 192.168.0.7 - swift/replication: 192.168.1.7 - node_roles: - - cinder-block-device - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 vips: management: ipaddr: 192.168.0.9 @@ -570,9 +577,9 @@ network_scheme: IP: none br-fw-admin: IP: - - 10.145.0.100/24 + - 10.109.15.108/24 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - 192.168.0.3/24 @@ -975,85 +982,84 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-710.domain.tld +- fqdn: node-109.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-109 + role: cinder-block-device + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '109' + uid: '109' + user_node_name: node-109 +- fqdn: node-110.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-110 + role: cinder + storage_address: 192.168.1.2 + storage_netmask: 255.255.255.0 + swift_zone: '110' + uid: '110' + user_node_name: node-110 +- fqdn: node-111.test.domain.local + internal_address: 192.168.0.7 + internal_netmask: 255.255.255.0 + name: node-111 + role: primary-mongo + storage_address: 192.168.1.7 + storage_netmask: 255.255.255.0 + swift_zone: '111' + uid: '111' + user_node_name: node-111 +- fqdn: node-112.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-112 + role: mongo + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '112' + uid: '112' + user_node_name: node-112 +- fqdn: node-113.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-113 + role: compute + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '113' + uid: '113' + user_node_name: node-113 +- fqdn: node-114.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-710 + name: node-114 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '710' - uid: '710' - user_node_name: node-710 -- fqdn: node-711.domain.tld + swift_zone: '114' + uid: '114' + user_node_name: node-114 +- fqdn: node-115.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-711 + name: node-115 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '711' - uid: '711' - user_node_name: node-711 -- fqdn: node-712.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-712 - role: compute - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '712' - uid: '712' - user_node_name: node-712 -- fqdn: node-713.domain.tld - internal_address: 192.168.0.1 - internal_netmask: 255.255.255.0 - name: node-713 - role: primary-mongo - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '713' - uid: '713' - user_node_name: node-713 -- fqdn: node-714.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-714 - role: mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '714' - uid: '714' - user_node_name: node-714 -- fqdn: node-715.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-715 - role: cinder - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '715' - uid: '715' - user_node_name: node-715 -- fqdn: node-716.domain.tld - internal_address: 192.168.0.7 - internal_netmask: 255.255.255.0 - name: node-716 - role: cinder-block-device - storage_address: 192.168.1.7 - storage_netmask: 255.255.255.0 - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 nova: - db_password: THu8oGjIoXRqnJY12DAMedvs - enable_hugepages: false + db_password: SPvbQFIq7Q1iAtLHwpfzjGWo state_path: /var/lib/nova - user_password: ZWTTX3kWzZSNWVSRs9aNB5oM + user_password: RG7AmGV4ILPVFMrp6zgsqIPV nova_quota: false online: true openstack_version: newton-10.0 @@ -1065,7 +1071,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: sJ0EosrjP91NMUFEogKkhBmY + password: Zvfz46ns5WoUKuBmaEDRmI8V sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -1075,11 +1081,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1201,8 +1207,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1219,13 +1225,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: fmeHbOQi0Q5cI7Cv9EOYz2aG + passwd: zDLEige4VejqBsNTy2s27XmK default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: N5r4Ho0MymZlCQeEFUMpkMgE + admin_password: hUKUWmatqgFsy8MDEK5c6E5M metadata: - metadata_proxy_shared_secret: 2rE5aK3EWhJfL9YzoLYqkvbZ + metadata_proxy_shared_secret: kBaCwZrsnVfpN6Q7uR4Ieumu predefined_networks: admin_floating_net: L2: @@ -1259,7 +1265,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: n1T1gagLocy1J0sPTdTATzVc + password: 7tHX1fW8vZnaSMuinajtHtF5 release: attributes_metadata: editable: @@ -1367,6 +1373,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1449,6 +1498,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1869,6 +1930,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1903,8 +1967,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1981,11 +2043,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -2038,6 +2159,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2278,6 +2402,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2287,8 +2417,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2315,7 +2453,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2336,7 +2476,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2584,6 +2726,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2613,10 +2756,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2688,6 +2833,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2859,7 +3005,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2883,14 +3029,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-controller +run_ping_checker: true sahara: - db_password: KOnGnD4ffht4JTKNnadQzJVt + db_password: iRFruHQcXdKzQX9roKooe3j6 enabled: true - user_password: I0h2uGaBR3ts4NujBxo8Toqi + user_password: dIwoOdfqEXyJ4jZkHVEfqXBY service_user: homedir: /var/lib/fuel metadata: @@ -2901,22 +3048,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 2Zhks66RxoJGBVYjjPCsuW1t + password: cIt7vulm3zZeSiYyYwjlbZV0 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQDmeEhXAAAAABAA89X4kMICOCOUEIEVRH0q5w== - bootstrap_osd_key: AQDmeEhXAAAAABAA3Gy4NiGQKX5/JJpsXNCBFA== + admin_key: AQDWBqNXAAAAABAAT0qwqsMZTndkc8Eir/2Bug== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQDWBqNXAAAAABAAkbTGIMIuAw4DyBkCBfPUrA== ephemeral_ceph: false - fsid: a841a476-236b-434f-8393-274ad608cbd5 + fsid: f01ee54d-25cb-4188-a66f-ec34d8418f3f images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQDmeEhXAAAAABAA7wUts7o9kl9RadsIu5KJhQ== + mon_key: AQDWBqNXAAAAABAAcRFHLwQi5ImsQLb1TamUCg== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2927,13 +3086,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQDmeEhXAAAAABAAphVN6V3fNYICXT+EH48zEg== + radosgw_key: AQDWBqNXAAAAABAAOcrrFlqdDFNS0aJKEEkyDQ== volumes_block_device: true volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: UNUZUKNrbQvMQsitNHMtrWeI + user_password: zuthAwdS1GuQ6ksatG5EZl2R syslog: metadata: enabled: false @@ -2955,11 +3114,11 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '710' +uid: '114' use_cinder: true use_cow_images: true use_vcenter: false -user_node_name: node-710 +user_node_name: node-114 vms_conf: [] workloads_collector: create_user: false @@ -2971,6 +3130,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: tGutWhN3UG9W9OnZISKlR4xB + password: fQ6D8FquZp28kSi8O4dTC8Cg tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.cblock.murano.sahara.ceil-primary-mongo.yaml b/hiera/neut_vlan.cblock.murano.sahara.ceil-primary-mongo.yaml index 7f67e2f..6ce2153 100644 --- a/hiera/neut_vlan.cblock.murano.sahara.ceil-primary-mongo.yaml +++ b/hiera/neut_vlan.cblock.murano.sahara.ceil-primary-mongo.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: UbmEKZTB3a2HE1S6xkIWFE64 - user_password: tPCjatrROm5zW0qqyBP5Z6ZJ + db_password: HJeTTcmoGh4WI4wlqlQu6Xz0 + user_password: uhZWPZWkzeofa6OtMPYX3We0 +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: j9yoAgFQqVJ3nPHS3E8oZNKY + db_password: J3JAf8W9JNIZKDVIKd4EVpqM enabled: true - metering_secret: HkQApiWEJWPQ6A52t4a5YCcQ - user_password: kRRTjPlstCxmiJXJe9gTBaW3 + metering_secret: iNGEelI6N2CDYbQs3yXht8EV + user_password: 6hzswiGt3QBjOXeM6Oz2IvNv cgroups: metadata: always_editable: true @@ -30,11 +40,19 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: 8mPSWaFcbxTWjmmZVuu58HIZ - fixed_key: f8f2e1d13d994370047f5fe0ccfb2adbd9bf0da1aaecf38b8893de189787bc44 - user_password: R8GcLYYSzybstefJrSnd4iLE + db_password: qygDERXtrfgT6ogbn9gzNvSZ + fixed_key: c4d8801ec9f3e013197ebffcc496eddc419591585b1f2ad26875f5dca2c8eed6 + user_password: wfgi03YjLhOXzurBF3nfrwvv cluster: changes: + - name: interfaces + node_id: 110 + - name: disks + node_id: 110 + - name: interfaces + node_id: 109 + - name: disks + node_id: 109 - name: attributes node_id: null - name: vmware_attributes @@ -42,36 +60,28 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 710 + node_id: 115 - name: disks - node_id: 710 + node_id: 115 - name: interfaces - node_id: 711 + node_id: 114 - name: disks - node_id: 711 + node_id: 114 - name: interfaces - node_id: 712 + node_id: 113 - name: disks - node_id: 712 + node_id: 113 - name: interfaces - node_id: 713 + node_id: 112 - name: disks - node_id: 713 + node_id: 112 - name: interfaces - node_id: 714 + node_id: 111 - name: disks - node_id: 714 - - name: interfaces - node_id: 715 - - name: disks - node_id: 715 - - name: interfaces - node_id: 716 - - name: disks - node_id: 716 + node_id: 111 components: [] fuel_version: '10.0' - id: 38 + id: 13 is_customized: false is_locked: false mode: ha_compact @@ -104,12 +114,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 38 +deployment_id: 13 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -135,31 +144,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-713.domain.tld +fqdn: node-111.test.domain.local fuel_version: '10.0' glance: - db_password: JrziwKrBaOcJtYLH18lzTHvN - image_cache_max_size: '5368709120' - user_password: LDX2dRA0snAthtq1bt4hhwgA + db_password: N5ZwODSM9uzsaKReIgk6CyUq + image_cache_max_size: '0' + user_password: i10d3excOPPDGJuXr3cYWJnk glance_glare: - user_password: LwFwVTtx7TQZilWcdYZ4rMPG + user_password: opwzp1g3vncEcnlcY1kReF54 heat: - auth_encryption_key: 89adc2b80449f19b1bc04621e571af5c - db_password: 7L8DeTK33SIDWG3PYBXl69bc + auth_encryption_key: 013fa22260a6c56c4bf233fa8f62c548 + db_password: E2ciRc0sX1DpEzjdJ1ZaWOlk enabled: true - rabbit_password: t6nLCJEaPiFhBeS7mguHLSe5 - user_password: wibR10fo8oamfqgJ5ylGMkvb + rabbit_password: tuBtD3lTvAI0kxIvtCWDmR6B + user_password: jQwF1acNLgnOLxNKZ5s8ZfdK horizon: - secret_key: 00db7790ecbdbea80f2b25820267977ef700c80da2cdad285ef5f205e7a5ca4f + secret_key: 83aae5d5bb487291cb70c0f23b98850c36fde49fb47edea27358ac8140db529c ironic: - db_password: vNA5pzrjCWCl0FRryR5xS5fN + db_password: PbXDe5oTtXhX35PImGFnMGOl enabled: false - swift_tempurl_key: KXjWzWpOK4N16tCTroxm4UF1 - user_password: wpx9YAhDMawWF8SkQqIJIqUw + swift_tempurl_key: 9UuMwMaaFIEW8nQFpY400yPG + user_password: YE6HrKfrTF5uc0tGBkIuqHef kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -167,12 +174,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: ZfrqRoEZdj9Jpqd8bi6KDohK - db_password: BU35cEJm2n3bmboQT8ihTkvh -last_controller: node-711 + admin_token: UmLdEFjsZGoJGraFVCyKYNWR + db_password: 3Ovn9RvHGbQfcmDhLRESM7Xh +last_controller: node-115 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -184,15 +191,15 @@ mp: - point: '2' weight: '2' murano: - db_password: GSnvMtnKQ51B9E3iKGNL5rru + db_password: XbE1FAEzWs1BNHKccWpo5O2j enabled: true - rabbit_password: KTf83RLXBK5XDJdPwZQCWnVz - user_password: gQBSnmY7rgZrEZT14OFGeGKF + rabbit_password: TqfkUPgddtZv6BbDaNC3SIvy + user_password: AAiYsFVUcFyowlA5Zw572vzY murano-cfapi: - db_password: H3MyI8EWzGt7WgFxbZZBLHsX + db_password: 0kTJ5gDINJ1TqatGPg3LAvcA enabled: false - rabbit_password: NAv7TFqw3ZJnzOsVFtdpEnjD - user_password: l73HVm4JtStp40evJ6S7jSnJ + rabbit_password: 2vA3nyagq8NcGPkDSaersOJm + user_password: 83MwOhtXIh6MSCqqwFxdGqEg murano_settings: metadata: group: openstack_services @@ -205,15 +212,230 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: aK9nC0A3jeBcqn9FP0I77AKW - wsrep_password: OeYRh6XkB65gah0PuI98jFOR + root_password: tP2Hkj41ujG6FTZnGOu7HVkJ + wsrep_password: WZT3FbjHqi9AxORYPfY6VTR5 network_metadata: nodes: - node-710: - fqdn: node-710.domain.tld - name: node-710 + node-109: + fqdn: node-109.test.domain.local + name: node-109 network_roles: - admin/pxe: 10.145.0.100 + admin/pxe: 10.109.15.103 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.103 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: + - cinder-block-device + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '109' + uid: '109' + user_node_name: node-109 + node-110: + fqdn: node-110.test.domain.local + name: node-110 + network_roles: + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.2 + ceilometer/api: 192.168.0.2 + ceph/public: 192.168.1.2 + ceph/replication: 192.168.1.2 + cinder/api: 192.168.0.2 + cinder/iscsi: 192.168.1.2 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.2 + glance/glare: 192.168.0.2 + heat/api: 192.168.0.2 + horizon: 192.168.0.2 + ironic/api: 192.168.0.2 + keystone/api: 192.168.0.2 + management: 192.168.0.2 + mgmt/corosync: 192.168.0.2 + mgmt/database: 192.168.0.2 + mgmt/memcache: 192.168.0.2 + mgmt/messaging: 192.168.0.2 + mgmt/vip: 192.168.0.2 + mongo/db: 192.168.0.2 + murano/api: 192.168.0.2 + murano/cfapi: 192.168.0.2 + neutron/api: 192.168.0.2 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.2 + nova/migration: 192.168.0.2 + sahara/api: 192.168.0.2 + storage: 192.168.1.2 + swift/api: 192.168.0.2 + swift/replication: 192.168.1.2 + node_roles: + - cinder + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '110' + uid: '110' + user_node_name: node-110 + node-111: + fqdn: node-111.test.domain.local + name: node-111 + network_roles: + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.7 + ceilometer/api: 192.168.0.7 + ceph/public: 192.168.1.7 + ceph/replication: 192.168.1.7 + cinder/api: 192.168.0.7 + cinder/iscsi: 192.168.1.7 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.7 + glance/glare: 192.168.0.7 + heat/api: 192.168.0.7 + horizon: 192.168.0.7 + ironic/api: 192.168.0.7 + keystone/api: 192.168.0.7 + management: 192.168.0.7 + mgmt/corosync: 192.168.0.7 + mgmt/database: 192.168.0.7 + mgmt/memcache: 192.168.0.7 + mgmt/messaging: 192.168.0.7 + mgmt/vip: 192.168.0.7 + mongo/db: 192.168.0.7 + murano/api: 192.168.0.7 + murano/cfapi: 192.168.0.7 + neutron/api: 192.168.0.7 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.7 + nova/migration: 192.168.0.7 + sahara/api: 192.168.0.7 + storage: 192.168.1.7 + swift/api: 192.168.0.7 + swift/replication: 192.168.1.7 + node_roles: + - primary-mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '111' + uid: '111' + user_node_name: node-111 + node-112: + fqdn: node-112.test.domain.local + name: node-112 + network_roles: + admin/pxe: 10.109.15.106 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.106 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - mongo + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '112' + uid: '112' + user_node_name: node-112 + node-113: + fqdn: node-113.test.domain.local + name: node-113 + network_roles: + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - compute + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '113' + uid: '113' + user_node_name: node-113 + node-114: + fqdn: node-114.test.domain.local + name: node-114 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 @@ -222,7 +444,7 @@ network_metadata: cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 ex: 172.16.0.2 - fw-admin: 10.145.0.100 + fw-admin: 10.109.15.108 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -252,14 +474,14 @@ network_metadata: - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '710' - uid: '710' - user_node_name: node-710 - node-711: - fqdn: node-711.domain.tld - name: node-711 + swift_zone: '114' + uid: '114' + user_node_name: node-114 + node-115: + fqdn: node-115.test.domain.local + name: node-115 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.109 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 @@ -268,7 +490,7 @@ network_metadata: cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.109 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -298,224 +520,9 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '711' - uid: '711' - user_node_name: node-711 - node-712: - fqdn: node-712.domain.tld - name: node-712 - network_roles: - admin/pxe: 10.145.0.102 - aodh/api: 192.168.0.2 - ceilometer/api: 192.168.0.2 - ceph/public: 192.168.1.2 - ceph/replication: 192.168.1.2 - cinder/api: 192.168.0.2 - cinder/iscsi: 192.168.1.2 - fw-admin: 10.145.0.102 - glance/api: 192.168.0.2 - glance/glare: 192.168.0.2 - heat/api: 192.168.0.2 - horizon: 192.168.0.2 - ironic/api: 192.168.0.2 - keystone/api: 192.168.0.2 - management: 192.168.0.2 - mgmt/corosync: 192.168.0.2 - mgmt/database: 192.168.0.2 - mgmt/memcache: 192.168.0.2 - mgmt/messaging: 192.168.0.2 - mgmt/vip: 192.168.0.2 - mongo/db: 192.168.0.2 - murano/api: 192.168.0.2 - murano/cfapi: 192.168.0.2 - neutron/api: 192.168.0.2 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.2 - nova/migration: 192.168.0.2 - sahara/api: 192.168.0.2 - storage: 192.168.1.2 - swift/api: 192.168.0.2 - swift/replication: 192.168.1.2 - node_roles: - - compute - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '712' - uid: '712' - user_node_name: node-712 - node-713: - fqdn: node-713.domain.tld - name: node-713 - network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - primary-mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '713' - uid: '713' - user_node_name: node-713 - node-714: - fqdn: node-714.domain.tld - name: node-714 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - mongo - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '714' - uid: '714' - user_node_name: node-714 - node-715: - fqdn: node-715.domain.tld - name: node-715 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - cinder - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '715' - uid: '715' - user_node_name: node-715 - node-716: - fqdn: node-716.domain.tld - name: node-716 - network_roles: - admin/pxe: 10.145.0.106 - aodh/api: 192.168.0.7 - ceilometer/api: 192.168.0.7 - ceph/public: 192.168.1.7 - ceph/replication: 192.168.1.7 - cinder/api: 192.168.0.7 - cinder/iscsi: 192.168.1.7 - fw-admin: 10.145.0.106 - glance/api: 192.168.0.7 - glance/glare: 192.168.0.7 - heat/api: 192.168.0.7 - horizon: 192.168.0.7 - ironic/api: 192.168.0.7 - keystone/api: 192.168.0.7 - management: 192.168.0.7 - mgmt/corosync: 192.168.0.7 - mgmt/database: 192.168.0.7 - mgmt/memcache: 192.168.0.7 - mgmt/messaging: 192.168.0.7 - mgmt/vip: 192.168.0.7 - mongo/db: 192.168.0.7 - murano/api: 192.168.0.7 - murano/cfapi: 192.168.0.7 - neutron/api: 192.168.0.7 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.7 - nova/migration: 192.168.0.7 - sahara/api: 192.168.0.7 - storage: 192.168.1.7 - swift/api: 192.168.0.7 - swift/replication: 192.168.1.7 - node_roles: - - cinder-block-device - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 vips: management: ipaddr: 192.168.0.9 @@ -562,18 +569,18 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.103/24 - gateway: 10.145.0.1 + - 10.109.15.105/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.1/24 + - 192.168.0.7/24 br-prv: IP: none br-storage: IP: - - 192.168.1.1/24 + - 192.168.1.7/24 interfaces: enp0s3: vendor_specific: @@ -845,85 +852,84 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-710.domain.tld +- fqdn: node-109.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-109 + role: cinder-block-device + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '109' + uid: '109' + user_node_name: node-109 +- fqdn: node-110.test.domain.local + internal_address: 192.168.0.2 + internal_netmask: 255.255.255.0 + name: node-110 + role: cinder + storage_address: 192.168.1.2 + storage_netmask: 255.255.255.0 + swift_zone: '110' + uid: '110' + user_node_name: node-110 +- fqdn: node-111.test.domain.local + internal_address: 192.168.0.7 + internal_netmask: 255.255.255.0 + name: node-111 + role: primary-mongo + storage_address: 192.168.1.7 + storage_netmask: 255.255.255.0 + swift_zone: '111' + uid: '111' + user_node_name: node-111 +- fqdn: node-112.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-112 + role: mongo + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '112' + uid: '112' + user_node_name: node-112 +- fqdn: node-113.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-113 + role: compute + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '113' + uid: '113' + user_node_name: node-113 +- fqdn: node-114.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-710 + name: node-114 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: primary-controller storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '710' - uid: '710' - user_node_name: node-710 -- fqdn: node-711.domain.tld + swift_zone: '114' + uid: '114' + user_node_name: node-114 +- fqdn: node-115.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-711 + name: node-115 public_address: 172.16.0.3 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '711' - uid: '711' - user_node_name: node-711 -- fqdn: node-712.domain.tld - internal_address: 192.168.0.2 - internal_netmask: 255.255.255.0 - name: node-712 - role: compute - storage_address: 192.168.1.2 - storage_netmask: 255.255.255.0 - swift_zone: '712' - uid: '712' - user_node_name: node-712 -- fqdn: node-713.domain.tld - internal_address: 192.168.0.1 - internal_netmask: 255.255.255.0 - name: node-713 - role: primary-mongo - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '713' - uid: '713' - user_node_name: node-713 -- fqdn: node-714.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-714 - role: mongo - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '714' - uid: '714' - user_node_name: node-714 -- fqdn: node-715.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-715 - role: cinder - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '715' - uid: '715' - user_node_name: node-715 -- fqdn: node-716.domain.tld - internal_address: 192.168.0.7 - internal_netmask: 255.255.255.0 - name: node-716 - role: cinder-block-device - storage_address: 192.168.1.7 - storage_netmask: 255.255.255.0 - swift_zone: '716' - uid: '716' - user_node_name: node-716 + swift_zone: '115' + uid: '115' + user_node_name: node-115 nova: - db_password: THu8oGjIoXRqnJY12DAMedvs - enable_hugepages: false + db_password: SPvbQFIq7Q1iAtLHwpfzjGWo state_path: /var/lib/nova - user_password: ZWTTX3kWzZSNWVSRs9aNB5oM + user_password: RG7AmGV4ILPVFMrp6zgsqIPV nova_quota: false online: true openstack_version: newton-10.0 @@ -935,7 +941,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: sJ0EosrjP91NMUFEogKkhBmY + password: Zvfz46ns5WoUKuBmaEDRmI8V sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -945,11 +951,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_38_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_13_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1071,8 +1077,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1089,13 +1095,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: fmeHbOQi0Q5cI7Cv9EOYz2aG + passwd: zDLEige4VejqBsNTy2s27XmK default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: N5r4Ho0MymZlCQeEFUMpkMgE + admin_password: hUKUWmatqgFsy8MDEK5c6E5M metadata: - metadata_proxy_shared_secret: 2rE5aK3EWhJfL9YzoLYqkvbZ + metadata_proxy_shared_secret: kBaCwZrsnVfpN6Q7uR4Ieumu predefined_networks: admin_floating_net: L2: @@ -1129,7 +1135,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: n1T1gagLocy1J0sPTdTATzVc + password: 7tHX1fW8vZnaSMuinajtHtF5 release: attributes_metadata: editable: @@ -1237,6 +1243,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1319,6 +1368,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1739,6 +1800,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1773,8 +1837,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1851,11 +1913,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1908,6 +2029,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2148,6 +2272,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2157,8 +2287,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2185,7 +2323,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2206,7 +2346,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2454,6 +2596,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2483,10 +2626,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2558,6 +2703,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2729,7 +2875,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2753,14 +2899,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-mongo +run_ping_checker: true sahara: - db_password: KOnGnD4ffht4JTKNnadQzJVt + db_password: iRFruHQcXdKzQX9roKooe3j6 enabled: true - user_password: I0h2uGaBR3ts4NujBxo8Toqi + user_password: dIwoOdfqEXyJ4jZkHVEfqXBY service_user: homedir: /var/lib/fuel metadata: @@ -2771,22 +2918,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 2Zhks66RxoJGBVYjjPCsuW1t + password: cIt7vulm3zZeSiYyYwjlbZV0 root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQDmeEhXAAAAABAA89X4kMICOCOUEIEVRH0q5w== - bootstrap_osd_key: AQDmeEhXAAAAABAA3Gy4NiGQKX5/JJpsXNCBFA== + admin_key: AQDWBqNXAAAAABAAT0qwqsMZTndkc8Eir/2Bug== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQDWBqNXAAAAABAAkbTGIMIuAw4DyBkCBfPUrA== ephemeral_ceph: false - fsid: a841a476-236b-434f-8393-274ad608cbd5 + fsid: f01ee54d-25cb-4188-a66f-ec34d8418f3f images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQDmeEhXAAAAABAA7wUts7o9kl9RadsIu5KJhQ== + mon_key: AQDWBqNXAAAAABAAcRFHLwQi5ImsQLb1TamUCg== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2797,13 +2956,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQDmeEhXAAAAABAAphVN6V3fNYICXT+EH48zEg== + radosgw_key: AQDWBqNXAAAAABAAOcrrFlqdDFNS0aJKEEkyDQ== volumes_block_device: true volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: UNUZUKNrbQvMQsitNHMtrWeI + user_password: zuthAwdS1GuQ6ksatG5EZl2R syslog: metadata: enabled: false @@ -2825,11 +2984,11 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '713' +uid: '111' use_cinder: true use_cow_images: true use_vcenter: false -user_node_name: node-713 +user_node_name: node-111 vms_conf: [] workloads_collector: create_user: false @@ -2841,6 +3000,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: tGutWhN3UG9W9OnZISKlR4xB + password: fQ6D8FquZp28kSi8O4dTC8Cg tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.ceph-ceph-osd.yaml b/hiera/neut_vlan.ceph-ceph-osd.yaml index a5c3a58..e768e35 100644 --- a/hiera/neut_vlan.ceph-ceph-osd.yaml +++ b/hiera/neut_vlan.ceph-ceph-osd.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: AW8dw4i3EYhDpfCL1gr6A026 - user_password: yGZR6oF3FI4bPvgABtiW1M57 + db_password: 5YW6xouOm8oQYTXIJFJeQgar + user_password: TpFAjZLepn3jBLQyC2rAGtYM +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: l7VwgkMW5A50P7Y4fcqeCFgd + db_password: gPotIQohORuEDhTaaEGISE2u enabled: false - metering_secret: dtataFWXa9eBycreGXpyAXJB - user_password: 4GJRg04qDMNuIRExboNk79Ws + metering_secret: VurpECz4MYTjbH41NJN3LaTB + user_password: yWFCJXOX2WNvIV2QuaiJgsU7 cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: UoRRKsx48Jxeagaz29wuBip0 - fixed_key: 50a3d842e0dc928ea2433ba737267991ecc04607ff99c88e3b922dc70506723f - user_password: Fjz4p3qdjqgkPcoqfPK1dGKv + db_password: ucTnkYLBV07tTuC4Kps0VVfu + fixed_key: 8e943df3b8ee0da574ca42a09a8ee03ed9066ea80c1327c88c9a51c75a36372c + user_password: UuiV9c0sKDS7oy7d2Q1Rfdax cluster: changes: - name: attributes @@ -42,32 +52,32 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 700 + node_id: 105 - name: disks - node_id: 700 + node_id: 105 - name: interfaces - node_id: 701 + node_id: 104 - name: disks - node_id: 701 + node_id: 104 - name: interfaces - node_id: 702 + node_id: 103 - name: disks - node_id: 702 + node_id: 103 - name: interfaces - node_id: 703 + node_id: 102 - name: disks - node_id: 703 + node_id: 102 - name: interfaces - node_id: 704 + node_id: 101 - name: disks - node_id: 704 + node_id: 101 - name: interfaces - node_id: 705 + node_id: 100 - name: disks - node_id: 705 + node_id: 100 components: [] fuel_version: '10.0' - id: 37 + id: 12 is_customized: false is_locked: false mode: ha_compact @@ -100,12 +110,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 37 +deployment_id: 12 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -131,31 +140,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-704.domain.tld +fqdn: node-100.test.domain.local fuel_version: '10.0' glance: - db_password: EA5yPM6tita8p1H58zcITweh + db_password: kDizvSrtJ64DqeyVglM4CWEq image_cache_max_size: '0' - user_password: vPxpZb5oAyPTCqCqkEHDrJA7 + user_password: fxsoHhHPJS0cqIQfVKFy4cjX glance_glare: - user_password: O744jIquKK0lVuzdC0n8422Y + user_password: ZUwql6Ri0ZtywNTVacyQMHUH heat: - auth_encryption_key: d7d1f8b2110e95e23aac3984f22cbcd5 - db_password: ubZCOGDRhJNSzIx6luAoGFFx + auth_encryption_key: 4b4bb9eaa9945a7cca4dcfa95ad6df02 + db_password: SLrw3HuUjrVdHirirpdmAlH5 enabled: true - rabbit_password: Zf0bB3g4VI8VJntMCPVgQ7fe - user_password: Mb6ydxA0g0H0QMcDozOBYbmh + rabbit_password: OrmZMmGNSswLpZvR7s9UxpMb + user_password: L5gdS875NS1MqIHqIAHwlOoD horizon: - secret_key: 7c75abc7dec5b01e8f80464a2bd292d571a6af92f0c02016b882accb4c3e464b + secret_key: fd6e12c49a88204b4c244a1bf52b5748f2afe74d8aa9f6b80c803b0242da659e ironic: - db_password: bGzvvwOVkHojpTv83ce3yePg + db_password: JSTHBmzRb2QLCTFMpmtuyAVQ enabled: false - swift_tempurl_key: qGrgHs364QqFmgzgPewd1FPS - user_password: TEtOk242yA2FC9UMHWfiVPbO + swift_tempurl_key: 5PeMBTPAHNeSvYWUmZU45JoV + user_password: hABKlej7JA5b6hWI9hSU7ZDH kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -163,12 +170,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: uIvnGB3F5vfYO7LkNj6qLaFv - db_password: pUm8Bf9t27Dad3p6tlN0Nnk9 -last_controller: node-702 + admin_token: wIqeDKJWiYBqGqn1p5RueIWP + db_password: 655WceVQjagDNXVPALn58eFz +last_controller: node-105 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -180,15 +187,15 @@ mp: - point: '2' weight: '2' murano: - db_password: CyhbxzrDXtmfxCZHzB6P0hMm + db_password: esimzvnlxLsE3WwqHbxe4Xr2 enabled: false - rabbit_password: eeikX3j0ewEkAmAZGnFPiVyJ - user_password: XffgacyIxkvDrA5Xe7BiMU1f + rabbit_password: r6t88HXe4VeePQ9DQnQJMVtq + user_password: yUb1PejvhvSA2FuUP21YuVpb murano-cfapi: - db_password: OXB5RTVCtFNNzdRXkhoNdmbG + db_password: PE3kVEzUZ4skA8QCO6jzOdVT enabled: false - rabbit_password: kBX4ihcvRIgzg4JGONny3U0H - user_password: dupt4NCDCJjjYRO414g2pQMx + rabbit_password: t6bZGgUBUJl8eGItnivyJXpj + user_password: q7fO3Q5wr0Ar0FpkZUiPSn2j murano_settings: metadata: group: openstack_services @@ -201,70 +208,108 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: uwbEA8K23E43JOEk6H65sKXC - wsrep_password: uJ4fNIiTj8gP10IxFDuOqsKX + root_password: wNnJIy0Io7GsgYrCD1uL00wa + wsrep_password: XkorAsgLuotMQfCJxr86HFoE network_metadata: nodes: - node-700: - fqdn: node-700.domain.tld - name: node-700 + node-100: + fqdn: node-100.test.domain.local + name: node-100 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 neutron/floating: null neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 node_roles: - - primary-controller + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '700' - uid: '700' - user_node_name: node-700 - node-701: - fqdn: node-701.domain.tld - name: node-701 + swift_zone: '100' + uid: '100' + user_node_name: node-100 + node-101: + fqdn: node-101.test.domain.local + name: node-101 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '101' + uid: '101' + user_node_name: node-101 + node-102: + fqdn: node-102.test.domain.local + name: node-102 + network_roles: + admin/pxe: 10.109.15.106 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 - ceph/radosgw: 172.16.0.4 ceph/replication: 192.168.1.4 cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 - ex: 172.16.0.4 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.106 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -285,23 +330,68 @@ network_metadata: neutron/private: null nova/api: 192.168.0.4 nova/migration: 192.168.0.4 - public/vip: 172.16.0.4 sahara/api: 192.168.0.4 storage: 192.168.1.4 swift/api: 192.168.0.4 swift/replication: 192.168.1.4 node_roles: - - controller + - compute nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '701' - uid: '701' - user_node_name: node-701 - node-702: - fqdn: node-702.domain.tld - name: node-702 + swift_zone: '102' + uid: '102' + user_node_name: node-102 + node-103: + fqdn: node-103.test.domain.local + name: node-103 network_roles: - admin/pxe: 10.145.0.102 + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/radosgw: 172.16.0.4 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + ex: 172.16.0.4 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + public/vip: 172.16.0.4 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - primary-controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '103' + uid: '103' + user_node_name: node-103 + node-104: + fqdn: node-104.test.domain.local + name: node-104 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 @@ -310,7 +400,7 @@ network_metadata: cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 ex: 172.16.0.2 - fw-admin: 10.145.0.102 + fw-admin: 10.109.15.108 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -340,138 +430,55 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '702' - uid: '702' - user_node_name: node-702 - node-703: - fqdn: node-703.domain.tld - name: node-703 + swift_zone: '104' + uid: '104' + user_node_name: node-104 + node-105: + fqdn: node-105.test.domain.local + name: node-105 network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 + admin/pxe: 10.109.15.109 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/radosgw: 172.16.0.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + ex: 172.16.0.3 + fw-admin: 10.109.15.109 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 neutron/floating: null neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + public/vip: 172.16.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 node_roles: - - compute + - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '703' - uid: '703' - user_node_name: node-703 - node-704: - fqdn: node-704.domain.tld - name: node-704 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '704' - uid: '704' - user_node_name: node-704 - node-705: - fqdn: node-705.domain.tld - name: node-705 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '705' - uid: '705' - user_node_name: node-705 + swift_zone: '105' + uid: '105' + user_node_name: node-105 vips: management: ipaddr: 192.168.0.8 @@ -518,18 +525,18 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.104/24 - gateway: 10.145.0.1 + - 10.109.15.104/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.6/24 + - 192.168.0.1/24 br-prv: IP: none br-storage: IP: - - 192.168.1.6/24 + - 192.168.1.1/24 interfaces: enp0s3: vendor_specific: @@ -850,77 +857,76 @@ node_volumes: size: 4096 type: lv nodes: -- fqdn: node-700.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-100.test.domain.local + internal_address: 192.168.0.1 internal_netmask: 255.255.255.0 - name: node-700 - public_address: 172.16.0.3 - public_netmask: 255.255.255.0 - role: primary-controller - storage_address: 192.168.1.3 + name: node-100 + role: ceph-osd + storage_address: 192.168.1.1 storage_netmask: 255.255.255.0 - swift_zone: '700' - uid: '700' - user_node_name: node-700 -- fqdn: node-701.domain.tld + swift_zone: '100' + uid: '100' + user_node_name: node-100 +- fqdn: node-101.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-101 + role: ceph-osd + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '101' + uid: '101' + user_node_name: node-101 +- fqdn: node-102.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-701 - public_address: 172.16.0.4 - public_netmask: 255.255.255.0 - role: controller + name: node-102 + role: compute storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '701' - uid: '701' - user_node_name: node-701 -- fqdn: node-702.domain.tld + swift_zone: '102' + uid: '102' + user_node_name: node-102 +- fqdn: node-103.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-103 + public_address: 172.16.0.4 + public_netmask: 255.255.255.0 + role: primary-controller + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '103' + uid: '103' + user_node_name: node-103 +- fqdn: node-104.test.domain.local internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-702 + name: node-104 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '702' - uid: '702' - user_node_name: node-702 -- fqdn: node-703.domain.tld - internal_address: 192.168.0.1 + swift_zone: '104' + uid: '104' + user_node_name: node-104 +- fqdn: node-105.test.domain.local + internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-703 - role: compute - storage_address: 192.168.1.1 + name: node-105 + public_address: 172.16.0.3 + public_netmask: 255.255.255.0 + role: controller + storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '703' - uid: '703' - user_node_name: node-703 -- fqdn: node-704.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-704 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '704' - uid: '704' - user_node_name: node-704 -- fqdn: node-705.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-705 - role: ceph-osd - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '705' - uid: '705' - user_node_name: node-705 + swift_zone: '105' + uid: '105' + user_node_name: node-105 nova: - db_password: Elf4zqhjxUXGEaEmHAcrRNCt - enable_hugepages: false + db_password: IaryZ6tTSjUFRLc4FEJDOf5S state_path: /var/lib/nova - user_password: kxi3DKIMW6zRK4c7zFgFss40 + user_password: fk1uuMo9YQPmvEdi4CvdCCAA nova_quota: false online: true openstack_version: newton-10.0 @@ -932,7 +938,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: NhuzeKF2U748Lj3Ip3PB6B7a + password: 0pVtfLh7Wt7gmQFHzJ1F3RX5 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -942,11 +948,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_37_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_12_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_37_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_12_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1068,8 +1074,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1086,13 +1092,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: wQeXgRgiGtG2MqI7MhcqXyWF + passwd: 00ycpbCpeDdKAHBkvJ7Yen0R default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: 4qLjjNmkZ5A9Af92E0cWYW1X + admin_password: 6mEo1eJkTQ05hYtQDUsy0kJF metadata: - metadata_proxy_shared_secret: DGjT5tZFPM1HSVHazhoB3772 + metadata_proxy_shared_secret: kaotl20IGQFereShZ1pSuCV2 predefined_networks: admin_floating_net: L2: @@ -1126,7 +1132,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: yHQgB6QqKSJPAuOwxLnKYCmu + password: YuFZC6VjrgT5O3x8uiWmASAK release: attributes_metadata: editable: @@ -1234,6 +1240,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1316,6 +1365,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1736,6 +1797,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1770,8 +1834,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1848,11 +1910,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1905,6 +2026,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2145,6 +2269,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2154,8 +2284,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2182,7 +2320,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2203,7 +2343,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2451,6 +2593,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2480,10 +2623,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2555,6 +2700,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2726,7 +2872,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2750,14 +2896,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - ceph-osd +run_ping_checker: true sahara: - db_password: qnV0sBuaBWkQw6wlGkBvkmDp + db_password: HzivhqvZu4FIqVXAZowE0Btx enabled: false - user_password: Gi7BiTsI3mZqA2f8s0rSaZl5 + user_password: 2BrIrMpKoXuUfOMdQ895oitr service_user: homedir: /var/lib/fuel metadata: @@ -2768,22 +2915,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: SeaVEJ8Di6cBV1sBiuIGwq7F + password: 1lr19oTCcsb5DviSCyFEY2NT root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQCAeEhXAAAAABAAUyZIfDyV73bcuhUgp/hUSg== - bootstrap_osd_key: AQCAeEhXAAAAABAAhFBDiEZbn2pr9iD8yEG2hQ== + admin_key: AQBvBqNXAAAAABAAywbeD//pOlvccDzQvWd+Kg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQBvBqNXAAAAABAATFfnpjeojMaHAnlT3IYi6w== ephemeral_ceph: true - fsid: 32e06672-5f77-4d01-a9ab-21656d4398ca + fsid: 7fec12c1-a334-488f-9b25-9dd68feff61f images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQCAeEhXAAAAABAAwwdwDuGUXdIc1g2H69e14w== + mon_key: AQBvBqNXAAAAABAA4VcZMB2HkGc4zItr4fsClg== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2794,13 +2953,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQCAeEhXAAAAABAAHc+Rfui5XbwVwv4b9As2dQ== + radosgw_key: AQBvBqNXAAAAABAACaCR3CAwIElYEJ7lNfRJJg== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: wy9f6ALPLPLP3EviZzeja1FO + user_password: XMOMm8aUVEhegPjWozpuCiz0 syslog: metadata: enabled: false @@ -2822,10 +2981,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '704' +uid: '100' use_cow_images: true use_vcenter: false -user_node_name: node-704 +user_node_name: node-100 vms_conf: [] workloads_collector: create_user: false @@ -2837,6 +2996,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: ZHisdR52Bxdp2Xkxdc44zlOs + password: zY6P0H6scLMMOGZo6zJK9g31 tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.ceph-compute.yaml b/hiera/neut_vlan.ceph-compute.yaml index 66a5536..41c3b0d 100644 --- a/hiera/neut_vlan.ceph-compute.yaml +++ b/hiera/neut_vlan.ceph-compute.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: AW8dw4i3EYhDpfCL1gr6A026 - user_password: yGZR6oF3FI4bPvgABtiW1M57 + db_password: 5YW6xouOm8oQYTXIJFJeQgar + user_password: TpFAjZLepn3jBLQyC2rAGtYM +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: l7VwgkMW5A50P7Y4fcqeCFgd + db_password: gPotIQohORuEDhTaaEGISE2u enabled: false - metering_secret: dtataFWXa9eBycreGXpyAXJB - user_password: 4GJRg04qDMNuIRExboNk79Ws + metering_secret: VurpECz4MYTjbH41NJN3LaTB + user_password: yWFCJXOX2WNvIV2QuaiJgsU7 cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: UoRRKsx48Jxeagaz29wuBip0 - fixed_key: 50a3d842e0dc928ea2433ba737267991ecc04607ff99c88e3b922dc70506723f - user_password: Fjz4p3qdjqgkPcoqfPK1dGKv + db_password: ucTnkYLBV07tTuC4Kps0VVfu + fixed_key: 8e943df3b8ee0da574ca42a09a8ee03ed9066ea80c1327c88c9a51c75a36372c + user_password: UuiV9c0sKDS7oy7d2Q1Rfdax cluster: changes: - name: attributes @@ -42,32 +52,32 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 700 + node_id: 105 - name: disks - node_id: 700 + node_id: 105 - name: interfaces - node_id: 701 + node_id: 104 - name: disks - node_id: 701 + node_id: 104 - name: interfaces - node_id: 702 + node_id: 103 - name: disks - node_id: 702 + node_id: 103 - name: interfaces - node_id: 703 + node_id: 102 - name: disks - node_id: 703 + node_id: 102 - name: interfaces - node_id: 704 + node_id: 101 - name: disks - node_id: 704 + node_id: 101 - name: interfaces - node_id: 705 + node_id: 100 - name: disks - node_id: 705 + node_id: 100 components: [] fuel_version: '10.0' - id: 37 + id: 12 is_customized: false is_locked: false mode: ha_compact @@ -100,12 +110,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 37 +deployment_id: 12 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -131,31 +140,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: false -fqdn: node-703.domain.tld +fqdn: node-102.test.domain.local fuel_version: '10.0' glance: - db_password: EA5yPM6tita8p1H58zcITweh + db_password: kDizvSrtJ64DqeyVglM4CWEq image_cache_max_size: '0' - user_password: vPxpZb5oAyPTCqCqkEHDrJA7 + user_password: fxsoHhHPJS0cqIQfVKFy4cjX glance_glare: - user_password: O744jIquKK0lVuzdC0n8422Y + user_password: ZUwql6Ri0ZtywNTVacyQMHUH heat: - auth_encryption_key: d7d1f8b2110e95e23aac3984f22cbcd5 - db_password: ubZCOGDRhJNSzIx6luAoGFFx + auth_encryption_key: 4b4bb9eaa9945a7cca4dcfa95ad6df02 + db_password: SLrw3HuUjrVdHirirpdmAlH5 enabled: true - rabbit_password: Zf0bB3g4VI8VJntMCPVgQ7fe - user_password: Mb6ydxA0g0H0QMcDozOBYbmh + rabbit_password: OrmZMmGNSswLpZvR7s9UxpMb + user_password: L5gdS875NS1MqIHqIAHwlOoD horizon: - secret_key: 7c75abc7dec5b01e8f80464a2bd292d571a6af92f0c02016b882accb4c3e464b + secret_key: fd6e12c49a88204b4c244a1bf52b5748f2afe74d8aa9f6b80c803b0242da659e ironic: - db_password: bGzvvwOVkHojpTv83ce3yePg + db_password: JSTHBmzRb2QLCTFMpmtuyAVQ enabled: false - swift_tempurl_key: qGrgHs364QqFmgzgPewd1FPS - user_password: TEtOk242yA2FC9UMHWfiVPbO + swift_tempurl_key: 5PeMBTPAHNeSvYWUmZU45JoV + user_password: hABKlej7JA5b6hWI9hSU7ZDH kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -163,12 +170,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: uIvnGB3F5vfYO7LkNj6qLaFv - db_password: pUm8Bf9t27Dad3p6tlN0Nnk9 -last_controller: node-702 + admin_token: wIqeDKJWiYBqGqn1p5RueIWP + db_password: 655WceVQjagDNXVPALn58eFz +last_controller: node-105 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -180,15 +187,15 @@ mp: - point: '2' weight: '2' murano: - db_password: CyhbxzrDXtmfxCZHzB6P0hMm + db_password: esimzvnlxLsE3WwqHbxe4Xr2 enabled: false - rabbit_password: eeikX3j0ewEkAmAZGnFPiVyJ - user_password: XffgacyIxkvDrA5Xe7BiMU1f + rabbit_password: r6t88HXe4VeePQ9DQnQJMVtq + user_password: yUb1PejvhvSA2FuUP21YuVpb murano-cfapi: - db_password: OXB5RTVCtFNNzdRXkhoNdmbG + db_password: PE3kVEzUZ4skA8QCO6jzOdVT enabled: false - rabbit_password: kBX4ihcvRIgzg4JGONny3U0H - user_password: dupt4NCDCJjjYRO414g2pQMx + rabbit_password: t6bZGgUBUJl8eGItnivyJXpj + user_password: q7fO3Q5wr0Ar0FpkZUiPSn2j murano_settings: metadata: group: openstack_services @@ -201,70 +208,108 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: uwbEA8K23E43JOEk6H65sKXC - wsrep_password: uJ4fNIiTj8gP10IxFDuOqsKX + root_password: wNnJIy0Io7GsgYrCD1uL00wa + wsrep_password: XkorAsgLuotMQfCJxr86HFoE network_metadata: nodes: - node-700: - fqdn: node-700.domain.tld - name: node-700 + node-100: + fqdn: node-100.test.domain.local + name: node-100 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 neutron/floating: null neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 node_roles: - - primary-controller + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '700' - uid: '700' - user_node_name: node-700 - node-701: - fqdn: node-701.domain.tld - name: node-701 + swift_zone: '100' + uid: '100' + user_node_name: node-100 + node-101: + fqdn: node-101.test.domain.local + name: node-101 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '101' + uid: '101' + user_node_name: node-101 + node-102: + fqdn: node-102.test.domain.local + name: node-102 + network_roles: + admin/pxe: 10.109.15.106 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 - ceph/radosgw: 172.16.0.4 ceph/replication: 192.168.1.4 cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 - ex: 172.16.0.4 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.106 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -285,23 +330,68 @@ network_metadata: neutron/private: null nova/api: 192.168.0.4 nova/migration: 192.168.0.4 - public/vip: 172.16.0.4 sahara/api: 192.168.0.4 storage: 192.168.1.4 swift/api: 192.168.0.4 swift/replication: 192.168.1.4 node_roles: - - controller + - compute nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '701' - uid: '701' - user_node_name: node-701 - node-702: - fqdn: node-702.domain.tld - name: node-702 + swift_zone: '102' + uid: '102' + user_node_name: node-102 + node-103: + fqdn: node-103.test.domain.local + name: node-103 network_roles: - admin/pxe: 10.145.0.102 + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/radosgw: 172.16.0.4 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + ex: 172.16.0.4 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + public/vip: 172.16.0.4 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - primary-controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '103' + uid: '103' + user_node_name: node-103 + node-104: + fqdn: node-104.test.domain.local + name: node-104 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 @@ -310,7 +400,7 @@ network_metadata: cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 ex: 172.16.0.2 - fw-admin: 10.145.0.102 + fw-admin: 10.109.15.108 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -340,138 +430,55 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '702' - uid: '702' - user_node_name: node-702 - node-703: - fqdn: node-703.domain.tld - name: node-703 + swift_zone: '104' + uid: '104' + user_node_name: node-104 + node-105: + fqdn: node-105.test.domain.local + name: node-105 network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 + admin/pxe: 10.109.15.109 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/radosgw: 172.16.0.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + ex: 172.16.0.3 + fw-admin: 10.109.15.109 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 neutron/floating: null neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + public/vip: 172.16.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 node_roles: - - compute + - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '703' - uid: '703' - user_node_name: node-703 - node-704: - fqdn: node-704.domain.tld - name: node-704 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '704' - uid: '704' - user_node_name: node-704 - node-705: - fqdn: node-705.domain.tld - name: node-705 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '705' - uid: '705' - user_node_name: node-705 + swift_zone: '105' + uid: '105' + user_node_name: node-105 vips: management: ipaddr: 192.168.0.8 @@ -518,18 +525,18 @@ network_scheme: endpoints: br-fw-admin: IP: - - 10.145.0.103/24 - gateway: 10.145.0.1 + - 10.109.15.106/24 + gateway: 10.109.15.1 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.1/24 + - 192.168.0.4/24 br-prv: IP: none br-storage: IP: - - 192.168.1.1/24 + - 192.168.1.4/24 interfaces: enp0s3: vendor_specific: @@ -801,77 +808,76 @@ node_volumes: size: 3757668 type: lv nodes: -- fqdn: node-700.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-100.test.domain.local + internal_address: 192.168.0.1 internal_netmask: 255.255.255.0 - name: node-700 - public_address: 172.16.0.3 - public_netmask: 255.255.255.0 - role: primary-controller - storage_address: 192.168.1.3 + name: node-100 + role: ceph-osd + storage_address: 192.168.1.1 storage_netmask: 255.255.255.0 - swift_zone: '700' - uid: '700' - user_node_name: node-700 -- fqdn: node-701.domain.tld + swift_zone: '100' + uid: '100' + user_node_name: node-100 +- fqdn: node-101.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-101 + role: ceph-osd + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '101' + uid: '101' + user_node_name: node-101 +- fqdn: node-102.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-701 - public_address: 172.16.0.4 - public_netmask: 255.255.255.0 - role: controller + name: node-102 + role: compute storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '701' - uid: '701' - user_node_name: node-701 -- fqdn: node-702.domain.tld + swift_zone: '102' + uid: '102' + user_node_name: node-102 +- fqdn: node-103.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-103 + public_address: 172.16.0.4 + public_netmask: 255.255.255.0 + role: primary-controller + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '103' + uid: '103' + user_node_name: node-103 +- fqdn: node-104.test.domain.local internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-702 + name: node-104 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '702' - uid: '702' - user_node_name: node-702 -- fqdn: node-703.domain.tld - internal_address: 192.168.0.1 + swift_zone: '104' + uid: '104' + user_node_name: node-104 +- fqdn: node-105.test.domain.local + internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-703 - role: compute - storage_address: 192.168.1.1 + name: node-105 + public_address: 172.16.0.3 + public_netmask: 255.255.255.0 + role: controller + storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '703' - uid: '703' - user_node_name: node-703 -- fqdn: node-704.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-704 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '704' - uid: '704' - user_node_name: node-704 -- fqdn: node-705.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-705 - role: ceph-osd - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '705' - uid: '705' - user_node_name: node-705 + swift_zone: '105' + uid: '105' + user_node_name: node-105 nova: - db_password: Elf4zqhjxUXGEaEmHAcrRNCt - enable_hugepages: false + db_password: IaryZ6tTSjUFRLc4FEJDOf5S state_path: /var/lib/nova - user_password: kxi3DKIMW6zRK4c7zFgFss40 + user_password: fk1uuMo9YQPmvEdi4CvdCCAA nova_quota: false online: true openstack_version: newton-10.0 @@ -883,7 +889,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: NhuzeKF2U748Lj3Ip3PB6B7a + password: 0pVtfLh7Wt7gmQFHzJ1F3RX5 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -893,11 +899,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_37_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_12_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_37_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_12_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1019,8 +1025,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1037,13 +1043,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: wQeXgRgiGtG2MqI7MhcqXyWF + passwd: 00ycpbCpeDdKAHBkvJ7Yen0R default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: 4qLjjNmkZ5A9Af92E0cWYW1X + admin_password: 6mEo1eJkTQ05hYtQDUsy0kJF metadata: - metadata_proxy_shared_secret: DGjT5tZFPM1HSVHazhoB3772 + metadata_proxy_shared_secret: kaotl20IGQFereShZ1pSuCV2 predefined_networks: admin_floating_net: L2: @@ -1077,7 +1083,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: yHQgB6QqKSJPAuOwxLnKYCmu + password: YuFZC6VjrgT5O3x8uiWmASAK release: attributes_metadata: editable: @@ -1185,6 +1191,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1267,6 +1316,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1687,6 +1748,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1721,8 +1785,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1799,11 +1861,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1856,6 +1977,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2096,6 +2220,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2105,8 +2235,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2133,7 +2271,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2154,7 +2294,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2402,6 +2544,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2431,10 +2574,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2506,6 +2651,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2677,7 +2823,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2701,14 +2847,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - compute +run_ping_checker: true sahara: - db_password: qnV0sBuaBWkQw6wlGkBvkmDp + db_password: HzivhqvZu4FIqVXAZowE0Btx enabled: false - user_password: Gi7BiTsI3mZqA2f8s0rSaZl5 + user_password: 2BrIrMpKoXuUfOMdQ895oitr service_user: homedir: /var/lib/fuel metadata: @@ -2719,22 +2866,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: SeaVEJ8Di6cBV1sBiuIGwq7F + password: 1lr19oTCcsb5DviSCyFEY2NT root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQCAeEhXAAAAABAAUyZIfDyV73bcuhUgp/hUSg== - bootstrap_osd_key: AQCAeEhXAAAAABAAhFBDiEZbn2pr9iD8yEG2hQ== + admin_key: AQBvBqNXAAAAABAAywbeD//pOlvccDzQvWd+Kg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQBvBqNXAAAAABAATFfnpjeojMaHAnlT3IYi6w== ephemeral_ceph: true - fsid: 32e06672-5f77-4d01-a9ab-21656d4398ca + fsid: 7fec12c1-a334-488f-9b25-9dd68feff61f images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQCAeEhXAAAAABAAwwdwDuGUXdIc1g2H69e14w== + mon_key: AQBvBqNXAAAAABAA4VcZMB2HkGc4zItr4fsClg== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2745,13 +2904,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQCAeEhXAAAAABAAHc+Rfui5XbwVwv4b9As2dQ== + radosgw_key: AQBvBqNXAAAAABAACaCR3CAwIElYEJ7lNfRJJg== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: wy9f6ALPLPLP3EviZzeja1FO + user_password: XMOMm8aUVEhegPjWozpuCiz0 syslog: metadata: enabled: false @@ -2773,10 +2932,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '703' +uid: '102' use_cow_images: true use_vcenter: false -user_node_name: node-703 +user_node_name: node-102 vms_conf: [] workloads_collector: create_user: false @@ -2788,6 +2947,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: ZHisdR52Bxdp2Xkxdc44zlOs + password: zY6P0H6scLMMOGZo6zJK9g31 tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.ceph-primary-controller.yaml b/hiera/neut_vlan.ceph-primary-controller.yaml index 16defb5..5e7c83f 100644 --- a/hiera/neut_vlan.ceph-primary-controller.yaml +++ b/hiera/neut_vlan.ceph-primary-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: AW8dw4i3EYhDpfCL1gr6A026 - user_password: yGZR6oF3FI4bPvgABtiW1M57 + db_password: 5YW6xouOm8oQYTXIJFJeQgar + user_password: TpFAjZLepn3jBLQyC2rAGtYM +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: l7VwgkMW5A50P7Y4fcqeCFgd + db_password: gPotIQohORuEDhTaaEGISE2u enabled: false - metering_secret: dtataFWXa9eBycreGXpyAXJB - user_password: 4GJRg04qDMNuIRExboNk79Ws + metering_secret: VurpECz4MYTjbH41NJN3LaTB + user_password: yWFCJXOX2WNvIV2QuaiJgsU7 cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: UoRRKsx48Jxeagaz29wuBip0 - fixed_key: 50a3d842e0dc928ea2433ba737267991ecc04607ff99c88e3b922dc70506723f - user_password: Fjz4p3qdjqgkPcoqfPK1dGKv + db_password: ucTnkYLBV07tTuC4Kps0VVfu + fixed_key: 8e943df3b8ee0da574ca42a09a8ee03ed9066ea80c1327c88c9a51c75a36372c + user_password: UuiV9c0sKDS7oy7d2Q1Rfdax cluster: changes: - name: attributes @@ -42,32 +52,32 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 700 + node_id: 105 - name: disks - node_id: 700 + node_id: 105 - name: interfaces - node_id: 701 + node_id: 104 - name: disks - node_id: 701 + node_id: 104 - name: interfaces - node_id: 702 + node_id: 103 - name: disks - node_id: 702 + node_id: 103 - name: interfaces - node_id: 703 + node_id: 102 - name: disks - node_id: 703 + node_id: 102 - name: interfaces - node_id: 704 + node_id: 101 - name: disks - node_id: 704 + node_id: 101 - name: interfaces - node_id: 705 + node_id: 100 - name: disks - node_id: 705 + node_id: 100 components: [] fuel_version: '10.0' - id: 37 + id: 12 is_customized: false is_locked: false mode: ha_compact @@ -100,12 +110,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 37 +deployment_id: 12 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -131,31 +140,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-700.domain.tld +fqdn: node-103.test.domain.local fuel_version: '10.0' glance: - db_password: EA5yPM6tita8p1H58zcITweh + db_password: kDizvSrtJ64DqeyVglM4CWEq image_cache_max_size: '0' - user_password: vPxpZb5oAyPTCqCqkEHDrJA7 + user_password: fxsoHhHPJS0cqIQfVKFy4cjX glance_glare: - user_password: O744jIquKK0lVuzdC0n8422Y + user_password: ZUwql6Ri0ZtywNTVacyQMHUH heat: - auth_encryption_key: d7d1f8b2110e95e23aac3984f22cbcd5 - db_password: ubZCOGDRhJNSzIx6luAoGFFx + auth_encryption_key: 4b4bb9eaa9945a7cca4dcfa95ad6df02 + db_password: SLrw3HuUjrVdHirirpdmAlH5 enabled: true - rabbit_password: Zf0bB3g4VI8VJntMCPVgQ7fe - user_password: Mb6ydxA0g0H0QMcDozOBYbmh + rabbit_password: OrmZMmGNSswLpZvR7s9UxpMb + user_password: L5gdS875NS1MqIHqIAHwlOoD horizon: - secret_key: 7c75abc7dec5b01e8f80464a2bd292d571a6af92f0c02016b882accb4c3e464b + secret_key: fd6e12c49a88204b4c244a1bf52b5748f2afe74d8aa9f6b80c803b0242da659e ironic: - db_password: bGzvvwOVkHojpTv83ce3yePg + db_password: JSTHBmzRb2QLCTFMpmtuyAVQ enabled: false - swift_tempurl_key: qGrgHs364QqFmgzgPewd1FPS - user_password: TEtOk242yA2FC9UMHWfiVPbO + swift_tempurl_key: 5PeMBTPAHNeSvYWUmZU45JoV + user_password: hABKlej7JA5b6hWI9hSU7ZDH kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -163,12 +170,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: uIvnGB3F5vfYO7LkNj6qLaFv - db_password: pUm8Bf9t27Dad3p6tlN0Nnk9 -last_controller: node-702 + admin_token: wIqeDKJWiYBqGqn1p5RueIWP + db_password: 655WceVQjagDNXVPALn58eFz +last_controller: node-105 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -180,15 +187,15 @@ mp: - point: '2' weight: '2' murano: - db_password: CyhbxzrDXtmfxCZHzB6P0hMm + db_password: esimzvnlxLsE3WwqHbxe4Xr2 enabled: false - rabbit_password: eeikX3j0ewEkAmAZGnFPiVyJ - user_password: XffgacyIxkvDrA5Xe7BiMU1f + rabbit_password: r6t88HXe4VeePQ9DQnQJMVtq + user_password: yUb1PejvhvSA2FuUP21YuVpb murano-cfapi: - db_password: OXB5RTVCtFNNzdRXkhoNdmbG + db_password: PE3kVEzUZ4skA8QCO6jzOdVT enabled: false - rabbit_password: kBX4ihcvRIgzg4JGONny3U0H - user_password: dupt4NCDCJjjYRO414g2pQMx + rabbit_password: t6bZGgUBUJl8eGItnivyJXpj + user_password: q7fO3Q5wr0Ar0FpkZUiPSn2j murano_settings: metadata: group: openstack_services @@ -201,70 +208,108 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: uwbEA8K23E43JOEk6H65sKXC - wsrep_password: uJ4fNIiTj8gP10IxFDuOqsKX + root_password: wNnJIy0Io7GsgYrCD1uL00wa + wsrep_password: XkorAsgLuotMQfCJxr86HFoE network_metadata: nodes: - node-700: - fqdn: node-700.domain.tld - name: node-700 + node-100: + fqdn: node-100.test.domain.local + name: node-100 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.3 - ceilometer/api: 192.168.0.3 - ceph/public: 192.168.1.3 - ceph/radosgw: 172.16.0.3 - ceph/replication: 192.168.1.3 - cinder/api: 192.168.0.3 - cinder/iscsi: 192.168.1.3 - ex: 172.16.0.3 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.3 - glance/glare: 192.168.0.3 - heat/api: 192.168.0.3 - horizon: 192.168.0.3 - ironic/api: 192.168.0.3 - keystone/api: 192.168.0.3 - management: 192.168.0.3 - mgmt/corosync: 192.168.0.3 - mgmt/database: 192.168.0.3 - mgmt/memcache: 192.168.0.3 - mgmt/messaging: 192.168.0.3 - mgmt/vip: 192.168.0.3 - mongo/db: 192.168.0.3 - murano/api: 192.168.0.3 - murano/cfapi: 192.168.0.3 - neutron/api: 192.168.0.3 + admin/pxe: 10.109.15.104 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + fw-admin: 10.109.15.104 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 neutron/floating: null neutron/private: null - nova/api: 192.168.0.3 - nova/migration: 192.168.0.3 - public/vip: 172.16.0.3 - sahara/api: 192.168.0.3 - storage: 192.168.1.3 - swift/api: 192.168.0.3 - swift/replication: 192.168.1.3 + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 node_roles: - - primary-controller + - ceph-osd nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '700' - uid: '700' - user_node_name: node-700 - node-701: - fqdn: node-701.domain.tld - name: node-701 + swift_zone: '100' + uid: '100' + user_node_name: node-100 + node-101: + fqdn: node-101.test.domain.local + name: node-101 network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.105 + aodh/api: 192.168.0.6 + ceilometer/api: 192.168.0.6 + ceph/public: 192.168.1.6 + ceph/replication: 192.168.1.6 + cinder/api: 192.168.0.6 + cinder/iscsi: 192.168.1.6 + fw-admin: 10.109.15.105 + glance/api: 192.168.0.6 + glance/glare: 192.168.0.6 + heat/api: 192.168.0.6 + horizon: 192.168.0.6 + ironic/api: 192.168.0.6 + keystone/api: 192.168.0.6 + management: 192.168.0.6 + mgmt/corosync: 192.168.0.6 + mgmt/database: 192.168.0.6 + mgmt/memcache: 192.168.0.6 + mgmt/messaging: 192.168.0.6 + mgmt/vip: 192.168.0.6 + mongo/db: 192.168.0.6 + murano/api: 192.168.0.6 + murano/cfapi: 192.168.0.6 + neutron/api: 192.168.0.6 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.6 + nova/migration: 192.168.0.6 + sahara/api: 192.168.0.6 + storage: 192.168.1.6 + swift/api: 192.168.0.6 + swift/replication: 192.168.1.6 + node_roles: + - ceph-osd + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '101' + uid: '101' + user_node_name: node-101 + node-102: + fqdn: node-102.test.domain.local + name: node-102 + network_roles: + admin/pxe: 10.109.15.106 aodh/api: 192.168.0.4 ceilometer/api: 192.168.0.4 ceph/public: 192.168.1.4 - ceph/radosgw: 172.16.0.4 ceph/replication: 192.168.1.4 cinder/api: 192.168.0.4 cinder/iscsi: 192.168.1.4 - ex: 172.16.0.4 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.106 glance/api: 192.168.0.4 glance/glare: 192.168.0.4 heat/api: 192.168.0.4 @@ -285,23 +330,68 @@ network_metadata: neutron/private: null nova/api: 192.168.0.4 nova/migration: 192.168.0.4 - public/vip: 172.16.0.4 sahara/api: 192.168.0.4 storage: 192.168.1.4 swift/api: 192.168.0.4 swift/replication: 192.168.1.4 node_roles: - - controller + - compute nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '701' - uid: '701' - user_node_name: node-701 - node-702: - fqdn: node-702.domain.tld - name: node-702 + swift_zone: '102' + uid: '102' + user_node_name: node-102 + node-103: + fqdn: node-103.test.domain.local + name: node-103 network_roles: - admin/pxe: 10.145.0.102 + admin/pxe: 10.109.15.107 + aodh/api: 192.168.0.5 + ceilometer/api: 192.168.0.5 + ceph/public: 192.168.1.5 + ceph/radosgw: 172.16.0.4 + ceph/replication: 192.168.1.5 + cinder/api: 192.168.0.5 + cinder/iscsi: 192.168.1.5 + ex: 172.16.0.4 + fw-admin: 10.109.15.107 + glance/api: 192.168.0.5 + glance/glare: 192.168.0.5 + heat/api: 192.168.0.5 + horizon: 192.168.0.5 + ironic/api: 192.168.0.5 + keystone/api: 192.168.0.5 + management: 192.168.0.5 + mgmt/corosync: 192.168.0.5 + mgmt/database: 192.168.0.5 + mgmt/memcache: 192.168.0.5 + mgmt/messaging: 192.168.0.5 + mgmt/vip: 192.168.0.5 + mongo/db: 192.168.0.5 + murano/api: 192.168.0.5 + murano/cfapi: 192.168.0.5 + neutron/api: 192.168.0.5 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.5 + nova/migration: 192.168.0.5 + public/vip: 172.16.0.4 + sahara/api: 192.168.0.5 + storage: 192.168.1.5 + swift/api: 192.168.0.5 + swift/replication: 192.168.1.5 + node_roles: + - primary-controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '103' + uid: '103' + user_node_name: node-103 + node-104: + fqdn: node-104.test.domain.local + name: node-104 + network_roles: + admin/pxe: 10.109.15.108 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 @@ -310,7 +400,7 @@ network_metadata: cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 ex: 172.16.0.2 - fw-admin: 10.145.0.102 + fw-admin: 10.109.15.108 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -340,138 +430,55 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '702' - uid: '702' - user_node_name: node-702 - node-703: - fqdn: node-703.domain.tld - name: node-703 + swift_zone: '104' + uid: '104' + user_node_name: node-104 + node-105: + fqdn: node-105.test.domain.local + name: node-105 network_roles: - admin/pxe: 10.145.0.103 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - fw-admin: 10.145.0.103 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 + admin/pxe: 10.109.15.109 + aodh/api: 192.168.0.3 + ceilometer/api: 192.168.0.3 + ceph/public: 192.168.1.3 + ceph/radosgw: 172.16.0.3 + ceph/replication: 192.168.1.3 + cinder/api: 192.168.0.3 + cinder/iscsi: 192.168.1.3 + ex: 172.16.0.3 + fw-admin: 10.109.15.109 + glance/api: 192.168.0.3 + glance/glare: 192.168.0.3 + heat/api: 192.168.0.3 + horizon: 192.168.0.3 + ironic/api: 192.168.0.3 + keystone/api: 192.168.0.3 + management: 192.168.0.3 + mgmt/corosync: 192.168.0.3 + mgmt/database: 192.168.0.3 + mgmt/memcache: 192.168.0.3 + mgmt/messaging: 192.168.0.3 + mgmt/vip: 192.168.0.3 + mongo/db: 192.168.0.3 + murano/api: 192.168.0.3 + murano/cfapi: 192.168.0.3 + neutron/api: 192.168.0.3 neutron/floating: null neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 + nova/api: 192.168.0.3 + nova/migration: 192.168.0.3 + public/vip: 172.16.0.3 + sahara/api: 192.168.0.3 + storage: 192.168.1.3 + swift/api: 192.168.0.3 + swift/replication: 192.168.1.3 node_roles: - - compute + - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '703' - uid: '703' - user_node_name: node-703 - node-704: - fqdn: node-704.domain.tld - name: node-704 - network_roles: - admin/pxe: 10.145.0.104 - aodh/api: 192.168.0.6 - ceilometer/api: 192.168.0.6 - ceph/public: 192.168.1.6 - ceph/replication: 192.168.1.6 - cinder/api: 192.168.0.6 - cinder/iscsi: 192.168.1.6 - fw-admin: 10.145.0.104 - glance/api: 192.168.0.6 - glance/glare: 192.168.0.6 - heat/api: 192.168.0.6 - horizon: 192.168.0.6 - ironic/api: 192.168.0.6 - keystone/api: 192.168.0.6 - management: 192.168.0.6 - mgmt/corosync: 192.168.0.6 - mgmt/database: 192.168.0.6 - mgmt/memcache: 192.168.0.6 - mgmt/messaging: 192.168.0.6 - mgmt/vip: 192.168.0.6 - mongo/db: 192.168.0.6 - murano/api: 192.168.0.6 - murano/cfapi: 192.168.0.6 - neutron/api: 192.168.0.6 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.6 - nova/migration: 192.168.0.6 - sahara/api: 192.168.0.6 - storage: 192.168.1.6 - swift/api: 192.168.0.6 - swift/replication: 192.168.1.6 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '704' - uid: '704' - user_node_name: node-704 - node-705: - fqdn: node-705.domain.tld - name: node-705 - network_roles: - admin/pxe: 10.145.0.105 - aodh/api: 192.168.0.5 - ceilometer/api: 192.168.0.5 - ceph/public: 192.168.1.5 - ceph/replication: 192.168.1.5 - cinder/api: 192.168.0.5 - cinder/iscsi: 192.168.1.5 - fw-admin: 10.145.0.105 - glance/api: 192.168.0.5 - glance/glare: 192.168.0.5 - heat/api: 192.168.0.5 - horizon: 192.168.0.5 - ironic/api: 192.168.0.5 - keystone/api: 192.168.0.5 - management: 192.168.0.5 - mgmt/corosync: 192.168.0.5 - mgmt/database: 192.168.0.5 - mgmt/memcache: 192.168.0.5 - mgmt/messaging: 192.168.0.5 - mgmt/vip: 192.168.0.5 - mongo/db: 192.168.0.5 - murano/api: 192.168.0.5 - murano/cfapi: 192.168.0.5 - neutron/api: 192.168.0.5 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.5 - nova/migration: 192.168.0.5 - sahara/api: 192.168.0.5 - storage: 192.168.1.5 - swift/api: 192.168.0.5 - swift/replication: 192.168.1.5 - node_roles: - - ceph-osd - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '705' - uid: '705' - user_node_name: node-705 + swift_zone: '105' + uid: '105' + user_node_name: node-105 vips: management: ipaddr: 192.168.0.8 @@ -518,7 +525,7 @@ network_scheme: endpoints: br-ex: IP: - - 172.16.0.3/24 + - 172.16.0.4/24 gateway: 172.16.0.1 vendor_specific: provider_gateway: 172.16.0.1 @@ -526,17 +533,17 @@ network_scheme: IP: none br-fw-admin: IP: - - 10.145.0.100/24 + - 10.109.15.107/24 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.3/24 + - 192.168.0.5/24 br-prv: IP: none br-storage: IP: - - 192.168.1.3/24 + - 192.168.1.5/24 interfaces: enp0s3: vendor_specific: @@ -896,77 +903,76 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-700.domain.tld - internal_address: 192.168.0.3 +- fqdn: node-100.test.domain.local + internal_address: 192.168.0.1 internal_netmask: 255.255.255.0 - name: node-700 - public_address: 172.16.0.3 - public_netmask: 255.255.255.0 - role: primary-controller - storage_address: 192.168.1.3 + name: node-100 + role: ceph-osd + storage_address: 192.168.1.1 storage_netmask: 255.255.255.0 - swift_zone: '700' - uid: '700' - user_node_name: node-700 -- fqdn: node-701.domain.tld + swift_zone: '100' + uid: '100' + user_node_name: node-100 +- fqdn: node-101.test.domain.local + internal_address: 192.168.0.6 + internal_netmask: 255.255.255.0 + name: node-101 + role: ceph-osd + storage_address: 192.168.1.6 + storage_netmask: 255.255.255.0 + swift_zone: '101' + uid: '101' + user_node_name: node-101 +- fqdn: node-102.test.domain.local internal_address: 192.168.0.4 internal_netmask: 255.255.255.0 - name: node-701 - public_address: 172.16.0.4 - public_netmask: 255.255.255.0 - role: controller + name: node-102 + role: compute storage_address: 192.168.1.4 storage_netmask: 255.255.255.0 - swift_zone: '701' - uid: '701' - user_node_name: node-701 -- fqdn: node-702.domain.tld + swift_zone: '102' + uid: '102' + user_node_name: node-102 +- fqdn: node-103.test.domain.local + internal_address: 192.168.0.5 + internal_netmask: 255.255.255.0 + name: node-103 + public_address: 172.16.0.4 + public_netmask: 255.255.255.0 + role: primary-controller + storage_address: 192.168.1.5 + storage_netmask: 255.255.255.0 + swift_zone: '103' + uid: '103' + user_node_name: node-103 +- fqdn: node-104.test.domain.local internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-702 + name: node-104 public_address: 172.16.0.2 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '702' - uid: '702' - user_node_name: node-702 -- fqdn: node-703.domain.tld - internal_address: 192.168.0.1 + swift_zone: '104' + uid: '104' + user_node_name: node-104 +- fqdn: node-105.test.domain.local + internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-703 - role: compute - storage_address: 192.168.1.1 + name: node-105 + public_address: 172.16.0.3 + public_netmask: 255.255.255.0 + role: controller + storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '703' - uid: '703' - user_node_name: node-703 -- fqdn: node-704.domain.tld - internal_address: 192.168.0.6 - internal_netmask: 255.255.255.0 - name: node-704 - role: ceph-osd - storage_address: 192.168.1.6 - storage_netmask: 255.255.255.0 - swift_zone: '704' - uid: '704' - user_node_name: node-704 -- fqdn: node-705.domain.tld - internal_address: 192.168.0.5 - internal_netmask: 255.255.255.0 - name: node-705 - role: ceph-osd - storage_address: 192.168.1.5 - storage_netmask: 255.255.255.0 - swift_zone: '705' - uid: '705' - user_node_name: node-705 + swift_zone: '105' + uid: '105' + user_node_name: node-105 nova: - db_password: Elf4zqhjxUXGEaEmHAcrRNCt - enable_hugepages: false + db_password: IaryZ6tTSjUFRLc4FEJDOf5S state_path: /var/lib/nova - user_password: kxi3DKIMW6zRK4c7zFgFss40 + user_password: fk1uuMo9YQPmvEdi4CvdCCAA nova_quota: false online: true openstack_version: newton-10.0 @@ -978,7 +984,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: NhuzeKF2U748Lj3Ip3PB6B7a + password: 0pVtfLh7Wt7gmQFHzJ1F3RX5 sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -988,11 +994,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_37_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_12_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_37_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_12_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -1114,8 +1120,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -1132,13 +1138,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: wQeXgRgiGtG2MqI7MhcqXyWF + passwd: 00ycpbCpeDdKAHBkvJ7Yen0R default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: 4qLjjNmkZ5A9Af92E0cWYW1X + admin_password: 6mEo1eJkTQ05hYtQDUsy0kJF metadata: - metadata_proxy_shared_secret: DGjT5tZFPM1HSVHazhoB3772 + metadata_proxy_shared_secret: kaotl20IGQFereShZ1pSuCV2 predefined_networks: admin_floating_net: L2: @@ -1172,7 +1178,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: yHQgB6QqKSJPAuOwxLnKYCmu + password: YuFZC6VjrgT5O3x8uiWmASAK release: attributes_metadata: editable: @@ -1280,6 +1286,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1362,6 +1411,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1782,6 +1843,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1816,8 +1880,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1894,11 +1956,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1951,6 +2072,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2191,6 +2315,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2200,8 +2330,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2228,7 +2366,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2249,7 +2389,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2497,6 +2639,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2526,10 +2669,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2601,6 +2746,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2772,7 +2918,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2796,14 +2942,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-controller +run_ping_checker: true sahara: - db_password: qnV0sBuaBWkQw6wlGkBvkmDp + db_password: HzivhqvZu4FIqVXAZowE0Btx enabled: false - user_password: Gi7BiTsI3mZqA2f8s0rSaZl5 + user_password: 2BrIrMpKoXuUfOMdQ895oitr service_user: homedir: /var/lib/fuel metadata: @@ -2814,22 +2961,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: SeaVEJ8Di6cBV1sBiuIGwq7F + password: 1lr19oTCcsb5DviSCyFEY2NT root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQCAeEhXAAAAABAAUyZIfDyV73bcuhUgp/hUSg== - bootstrap_osd_key: AQCAeEhXAAAAABAAhFBDiEZbn2pr9iD8yEG2hQ== + admin_key: AQBvBqNXAAAAABAAywbeD//pOlvccDzQvWd+Kg== + auth_s3_keystone_ceph: true + bootstrap_osd_key: AQBvBqNXAAAAABAATFfnpjeojMaHAnlT3IYi6w== ephemeral_ceph: true - fsid: 32e06672-5f77-4d01-a9ab-21656d4398ca + fsid: 7fec12c1-a334-488f-9b25-9dd68feff61f images_ceph: true images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQCAeEhXAAAAABAAwwdwDuGUXdIc1g2H69e14w== + mon_key: AQBvBqNXAAAAABAA4VcZMB2HkGc4zItr4fsClg== objects_ceph: true osd_pool_size: '2' per_pool_pg_nums: @@ -2840,13 +2999,13 @@ storage: images: 64 volumes: 256 pg_num: 64 - radosgw_key: AQCAeEhXAAAAABAAHc+Rfui5XbwVwv4b9As2dQ== + radosgw_key: AQBvBqNXAAAAABAACaCR3CAwIElYEJ7lNfRJJg== volumes_block_device: false volumes_ceph: true volumes_lvm: false storage_network_range: 192.168.1.0/24 swift: - user_password: wy9f6ALPLPLP3EviZzeja1FO + user_password: XMOMm8aUVEhegPjWozpuCiz0 syslog: metadata: enabled: false @@ -2868,10 +3027,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '700' +uid: '103' use_cow_images: true use_vcenter: false -user_node_name: node-700 +user_node_name: node-103 vms_conf: [] workloads_collector: create_user: false @@ -2883,6 +3042,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: ZHisdR52Bxdp2Xkxdc44zlOs + password: zY6P0H6scLMMOGZo6zJK9g31 tenant: services username: fuel_stats_user diff --git a/hiera/neut_vlan.dvr-primary-controller.yaml b/hiera/neut_vlan.dvr-primary-controller.yaml index 345be3c..d59e453 100644 --- a/hiera/neut_vlan.dvr-primary-controller.yaml +++ b/hiera/neut_vlan.dvr-primary-controller.yaml @@ -8,18 +8,28 @@ access: tenant: admin user: admin aodh: - db_password: i8KOFfbOEwBzXI6GQKkGlEcH - user_password: i1l0ol7WwO2JTb2LMjMAVtIM + db_password: FXF6Px9J9eA6NFaZoy1OfMNH + user_password: teULXJxSJ7HOnsYEmktUP5LV +atop: + interval: '20' + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: '7' + service_enabled: true auth_key: '' auto_assign_floating_ip: false base_syslog: syslog_port: '514' - syslog_server: 10.145.0.2 + syslog_server: 10.109.15.2 ceilometer: - db_password: r70muo2HLVFyQ6VYJOTblv3A + db_password: 8WWBNbrGL4quFkRcKpjCgIgl enabled: false - metering_secret: JOuVQwYcAnAyxnGkZuyCxRtH - user_password: aQroaCXsreFXRlnP4IcSvwZ5 + metering_secret: zW6KoXO6xoe7nibuYTh7SKYF + user_password: mj1qfoUtoLZP3THUbqWkgcn2 cgroups: metadata: always_editable: true @@ -30,9 +40,9 @@ cgroups: condition: 'true' weight: 90 cinder: - db_password: GfKpNGnHhEGepnxOM7I5IHfe - fixed_key: b6555e7c5ec29b1bc08094dd9dcedbb052aea7f70c3d20d3c724832591af5ebb - user_password: 8OLYhpda5VxuUpn0DBz797Js + db_password: SlTeEYsWFbqTIteuKoz8ZF40 + fixed_key: a2de45f866f9ab1432678e310cf8e4c9ab7ad811593a4a86768209fad8dc42f6 + user_password: QmQnxm11f7CStHAOjJTzrBox cluster: changes: - name: attributes @@ -42,20 +52,20 @@ cluster: - name: networks node_id: null - name: interfaces - node_id: 720 + node_id: 116 - name: disks - node_id: 720 + node_id: 116 - name: interfaces - node_id: 721 + node_id: 117 - name: disks - node_id: 721 + node_id: 117 - name: interfaces - node_id: 722 + node_id: 118 - name: disks - node_id: 722 + node_id: 118 components: [] fuel_version: '10.0' - id: 39 + id: 14 is_customized: false is_locked: false mode: ha_compact @@ -88,12 +98,11 @@ corosync: debug: false deployed_before: value: false -deployment_id: 39 +deployment_id: 14 deployment_mode: ha_compact -dpdk: {} external_dns: dns_list: - - 10.145.0.1 + - 10.109.15.1 metadata: group: network label: Host OS DNS Servers @@ -119,31 +128,29 @@ external_ntp: label: Host OS NTP Servers weight: 40 ntp_list: - - 0.fuel.pool.ntp.org - - 1.fuel.pool.ntp.org - - 2.fuel.pool.ntp.org + - 10.109.15.1 fail_if_error: true -fqdn: node-720.domain.tld +fqdn: node-116.test.domain.local fuel_version: '10.0' glance: - db_password: fPVxzLxPrH19DaBgMmcLtxxq + db_password: KCIY8EZAbaBGE9D4Z62hJtGM image_cache_max_size: '389537175961' - user_password: j2ux1QIgyEinlfmvAmFKK7ZB + user_password: gEbPfO9oqNxp6uIsousVFWMV glance_glare: - user_password: X8CS1VLqnYtDUMO3zceNQg7G + user_password: diVFcH2camn0M7C7u6UV0lDI heat: - auth_encryption_key: 98eabc811a5062b3d018223b08c26493 - db_password: AOOxiQgvtvIyjzMSEFlYaiJs + auth_encryption_key: de170dc87ffd7e206de8ed5dec842e76 + db_password: KiteErkstb3c66Xs9xWyW7E7 enabled: true - rabbit_password: afrRPPktAkvheP9GaLDMEtMF - user_password: CenZr0lu5477YK3iVq7ixSrn + rabbit_password: TCIyD8yoUYnp5UGDdLM3ev4W + user_password: tVKD5WGB5otsF681ibxXU9ic horizon: - secret_key: 5099a3afbcb11b3faf7a5dcca255f8588e7954c67885e9403ead78325baf56c6 + secret_key: 1d0083299fe63b6bd13729c5df51e4da467cda0b2bbb90faa28662c2dc2381e0 ironic: - db_password: mJx63Q1vXa7cuwWvqlkir2c2 + db_password: 30lSPp17PSJyYh8ILaoanQYl enabled: false - swift_tempurl_key: ExTEWIrB5XYszJVTP3KJJbN8 - user_password: SUuSZ6htg4Y54pA1Yq1QzmDB + swift_tempurl_key: b51bqh0v3Qz8qxMijOpIqPFs + user_password: CwMIaqH1BiqtPAh8lRXlf4gp kernel_params: kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset metadata: @@ -151,12 +158,12 @@ kernel_params: label: Kernel parameters weight: 60 keystone: - admin_token: 0tBtnk0hfhaHxeJgrqNICQLf - db_password: KI0iD9iIevQzaviDyqyAkpO1 -last_controller: node-722 + admin_token: ITnlVam8zsbN9fiDIsqG0Ryi + db_password: 7jzNnjVRaNqtE8kccp674LAU +last_controller: node-118 libvirt_type: qemu management_network_range: 192.168.0.0/24 -master_ip: 10.145.0.2 +master_ip: 10.109.15.2 metadata: label: Common weight: 10 @@ -168,15 +175,15 @@ mp: - point: '2' weight: '2' murano: - db_password: uEVoHfM8UIKuZ7rOetIs1Vvd + db_password: Uepk72CFQa4kxFRXEVh9Awc1 enabled: false - rabbit_password: 6JQ6YAzOIlEo7DwoOFgwY9Xc - user_password: 9otEJIj1zFxJiIkZs6LSgQGy + rabbit_password: 94n4ycFtXUZXdG5aWdLYPdul + user_password: SCrct72Vtz7GbnCJHAhgPcKO murano-cfapi: - db_password: yZwOObXqNU8CHODDnAgU5yNn + db_password: S5bx5GBGoU6bL85NYNkCjaOO enabled: false - rabbit_password: RLTvJtpCLsyVjMYnVgBYdfeb - user_password: ax24ovcrh55oogFNnR7HeXSS + rabbit_password: wk40D9sBH8efPSPNBVX5fu5g + user_password: HqLATA4Ear1ReLuGtLZ4ZlCv murano_settings: metadata: group: openstack_services @@ -189,61 +196,15 @@ murano_settings: murano_glance_artifacts_plugin: true murano_repo_url: http://storage.apps.openstack.org/ mysql: - root_password: P8X87fBVQ57yEFSOQs6F6GXW - wsrep_password: o8y08DxiG3iD3HbcA0PIaZzs + root_password: i8l0eneBEHwo0rJnFh4GXWaW + wsrep_password: z6GfzHQo6lHxnXqEUrKJZOHX network_metadata: nodes: - node-720: - fqdn: node-720.domain.tld - name: node-720 + node-116: + fqdn: node-116.test.domain.local + name: node-116 network_roles: - admin/pxe: 10.145.0.100 - aodh/api: 192.168.0.1 - ceilometer/api: 192.168.0.1 - ceph/public: 192.168.1.1 - ceph/radosgw: 172.16.0.2 - ceph/replication: 192.168.1.1 - cinder/api: 192.168.0.1 - cinder/iscsi: 192.168.1.1 - ex: 172.16.0.2 - fw-admin: 10.145.0.100 - glance/api: 192.168.0.1 - glance/glare: 192.168.0.1 - heat/api: 192.168.0.1 - horizon: 192.168.0.1 - ironic/api: 192.168.0.1 - keystone/api: 192.168.0.1 - management: 192.168.0.1 - mgmt/corosync: 192.168.0.1 - mgmt/database: 192.168.0.1 - mgmt/memcache: 192.168.0.1 - mgmt/messaging: 192.168.0.1 - mgmt/vip: 192.168.0.1 - mongo/db: 192.168.0.1 - murano/api: 192.168.0.1 - murano/cfapi: 192.168.0.1 - neutron/api: 192.168.0.1 - neutron/floating: null - neutron/private: null - nova/api: 192.168.0.1 - nova/migration: 192.168.0.1 - public/vip: 172.16.0.2 - sahara/api: 192.168.0.1 - storage: 192.168.1.1 - swift/api: 192.168.0.1 - swift/replication: 192.168.1.1 - node_roles: - - primary-controller - nova_cpu_pinning_enabled: false - nova_hugepages_enabled: false - swift_zone: '720' - uid: '720' - user_node_name: node-720 - node-721: - fqdn: node-721.domain.tld - name: node-721 - network_roles: - admin/pxe: 10.145.0.101 + admin/pxe: 10.109.15.100 aodh/api: 192.168.0.2 ceilometer/api: 192.168.0.2 ceph/public: 192.168.1.2 @@ -252,7 +213,7 @@ network_metadata: cinder/api: 192.168.0.2 cinder/iscsi: 192.168.1.2 ex: 172.16.0.3 - fw-admin: 10.145.0.101 + fw-admin: 10.109.15.100 glance/api: 192.168.0.2 glance/glare: 192.168.0.2 heat/api: 192.168.0.2 @@ -279,17 +240,17 @@ network_metadata: swift/api: 192.168.0.2 swift/replication: 192.168.1.2 node_roles: - - controller + - primary-controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '721' - uid: '721' - user_node_name: node-721 - node-722: - fqdn: node-722.domain.tld - name: node-722 + swift_zone: '116' + uid: '116' + user_node_name: node-116 + node-117: + fqdn: node-117.test.domain.local + name: node-117 network_roles: - admin/pxe: 10.145.0.102 + admin/pxe: 10.109.15.101 aodh/api: 192.168.0.3 ceilometer/api: 192.168.0.3 ceph/public: 192.168.1.3 @@ -298,7 +259,7 @@ network_metadata: cinder/api: 192.168.0.3 cinder/iscsi: 192.168.1.3 ex: 172.16.0.4 - fw-admin: 10.145.0.102 + fw-admin: 10.109.15.101 glance/api: 192.168.0.3 glance/glare: 192.168.0.3 heat/api: 192.168.0.3 @@ -328,9 +289,55 @@ network_metadata: - controller nova_cpu_pinning_enabled: false nova_hugepages_enabled: false - swift_zone: '722' - uid: '722' - user_node_name: node-722 + swift_zone: '117' + uid: '117' + user_node_name: node-117 + node-118: + fqdn: node-118.test.domain.local + name: node-118 + network_roles: + admin/pxe: 10.109.15.102 + aodh/api: 192.168.0.1 + ceilometer/api: 192.168.0.1 + ceph/public: 192.168.1.1 + ceph/radosgw: 172.16.0.2 + ceph/replication: 192.168.1.1 + cinder/api: 192.168.0.1 + cinder/iscsi: 192.168.1.1 + ex: 172.16.0.2 + fw-admin: 10.109.15.102 + glance/api: 192.168.0.1 + glance/glare: 192.168.0.1 + heat/api: 192.168.0.1 + horizon: 192.168.0.1 + ironic/api: 192.168.0.1 + keystone/api: 192.168.0.1 + management: 192.168.0.1 + mgmt/corosync: 192.168.0.1 + mgmt/database: 192.168.0.1 + mgmt/memcache: 192.168.0.1 + mgmt/messaging: 192.168.0.1 + mgmt/vip: 192.168.0.1 + mongo/db: 192.168.0.1 + murano/api: 192.168.0.1 + murano/cfapi: 192.168.0.1 + neutron/api: 192.168.0.1 + neutron/floating: null + neutron/private: null + nova/api: 192.168.0.1 + nova/migration: 192.168.0.1 + public/vip: 172.16.0.2 + sahara/api: 192.168.0.1 + storage: 192.168.1.1 + swift/api: 192.168.0.1 + swift/replication: 192.168.1.1 + node_roles: + - controller + nova_cpu_pinning_enabled: false + nova_hugepages_enabled: false + swift_zone: '118' + uid: '118' + user_node_name: node-118 vips: management: ipaddr: 192.168.0.5 @@ -377,7 +384,7 @@ network_scheme: endpoints: br-ex: IP: - - 172.16.0.2/24 + - 172.16.0.3/24 gateway: 172.16.0.1 vendor_specific: provider_gateway: 172.16.0.1 @@ -385,17 +392,17 @@ network_scheme: IP: none br-fw-admin: IP: - - 10.145.0.100/24 + - 10.109.15.100/24 vendor_specific: - provider_gateway: 10.145.0.1 + provider_gateway: 10.109.15.1 br-mgmt: IP: - - 192.168.0.1/24 + - 192.168.0.2/24 br-prv: IP: none br-storage: IP: - - 192.168.1.1/24 + - 192.168.1.2/24 interfaces: enp0s3: vendor_specific: @@ -790,47 +797,46 @@ node_volumes: size: 11264 type: lv nodes: -- fqdn: node-720.domain.tld - internal_address: 192.168.0.1 - internal_netmask: 255.255.255.0 - name: node-720 - public_address: 172.16.0.2 - public_netmask: 255.255.255.0 - role: primary-controller - storage_address: 192.168.1.1 - storage_netmask: 255.255.255.0 - swift_zone: '720' - uid: '720' - user_node_name: node-720 -- fqdn: node-721.domain.tld +- fqdn: node-116.test.domain.local internal_address: 192.168.0.2 internal_netmask: 255.255.255.0 - name: node-721 + name: node-116 public_address: 172.16.0.3 public_netmask: 255.255.255.0 - role: controller + role: primary-controller storage_address: 192.168.1.2 storage_netmask: 255.255.255.0 - swift_zone: '721' - uid: '721' - user_node_name: node-721 -- fqdn: node-722.domain.tld + swift_zone: '116' + uid: '116' + user_node_name: node-116 +- fqdn: node-117.test.domain.local internal_address: 192.168.0.3 internal_netmask: 255.255.255.0 - name: node-722 + name: node-117 public_address: 172.16.0.4 public_netmask: 255.255.255.0 role: controller storage_address: 192.168.1.3 storage_netmask: 255.255.255.0 - swift_zone: '722' - uid: '722' - user_node_name: node-722 + swift_zone: '117' + uid: '117' + user_node_name: node-117 +- fqdn: node-118.test.domain.local + internal_address: 192.168.0.1 + internal_netmask: 255.255.255.0 + name: node-118 + public_address: 172.16.0.2 + public_netmask: 255.255.255.0 + role: controller + storage_address: 192.168.1.1 + storage_netmask: 255.255.255.0 + swift_zone: '118' + uid: '118' + user_node_name: node-118 nova: - db_password: TE3XBlad3tJiLwSHWZK29Src - enable_hugepages: false + db_password: tauY2OasaI1u0MePS4qXtECo state_path: /var/lib/nova - user_password: z496UA0CzhBxDqweygotaDu9 + user_password: R3BDhK39fuKBm8qZUZqqoQTi nova_quota: false online: true openstack_version: newton-10.0 @@ -842,7 +848,7 @@ operator_user: label: Operating System Access weight: 15 name: fueladmin - password: WkdrN072t7xBq5RaJEnnybq7 + password: IhHphZ1fZeWbiZZnF0p6lpDD sudo: 'ALL=(ALL) NOPASSWD: ALL' plugins: [] propagate_task_deploy: false @@ -852,11 +858,11 @@ provision: /: container: gzip format: ext4 - uri: http://10.145.0.2:8080/targetimages/env_39_ubuntu_1404_amd64.img.gz + uri: http://10.109.15.2:8080/targetimages/env_14_ubuntu_1404_amd64.img.gz /boot: container: gzip format: ext2 - uri: http://10.145.0.2:8080/targetimages/env_39_ubuntu_1404_amd64-boot.img.gz + uri: http://10.109.15.2:8080/targetimages/env_14_ubuntu_1404_amd64-boot.img.gz metadata: group: general label: Provision @@ -978,8 +984,8 @@ public_ssl: weight: 110 services: false puppet: - manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/ - modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/ + manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/ + modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/ puppet_debug: true quantum: true quantum_settings: @@ -996,13 +1002,13 @@ quantum_settings: L3: use_namespaces: true database: - passwd: l1wSKmAcxMB2RATKNk4pMkrC + passwd: uX5iDoFH8iV6GEDAqr9akRy9 default_floating_net: admin_floating_net default_private_net: admin_internal_net keystone: - admin_password: L5KaR9Zlnsu7CKuVSxmbu7kt + admin_password: MGu7lBUyLwqDqXfFmvYvDI9g metadata: - metadata_proxy_shared_secret: AamyHJAbr6rEeCwt4pVJDH3B + metadata_proxy_shared_secret: LJuUHa20bFn05CMBM9qfmuIh predefined_networks: admin_floating_net: L2: @@ -1036,7 +1042,7 @@ quantum_settings: shared: false tenant: admin rabbit: - password: lscsRAvNz0ctZwvT2xuDnNB2 + password: OE2WXJcBoKufhNapKQ2Qa2Rd release: attributes_metadata: editable: @@ -1144,6 +1150,49 @@ release: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a + gigabyte in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -1226,6 +1275,18 @@ release: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account + as part of the cluster health. If the cluster will not have internet + access, you will need to make sure to provide proper offline mirrors for + the deployment to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: true + weight: 50 task_deploy: type: hidden value: true @@ -1646,6 +1707,9 @@ release: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -1680,8 +1744,6 @@ release: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -1758,11 +1820,70 @@ release: sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - '{settings.MASTER_IP}' + weight: 20 storage: admin_key: type: hidden value: generator: cephx_key + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please + consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating + the risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden value: @@ -1815,6 +1936,9 @@ release: and Swift API Interfaces. If enabled, this option will prevent Swift from installing. label: Ceph RadosGW for objects (Swift API) + restrictions: + - settings:storage.images_ceph.value == false: Ceph RBD for Images should + be selected. type: checkbox value: false weight: 80 @@ -2055,6 +2179,12 @@ release: description: dialog.create_cluster_wizard.compute.qemu_description label: dialog.create_cluster_wizard.compute.qemu name: hypervisor:qemu + requires: + - one_of: + items: + - network:neutron:ml2:vlan + - network:neutron:ml2:tun + message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend weight: 5 - bind: - settings:common.use_vcenter.value @@ -2064,8 +2194,16 @@ release: label: dialog.create_cluster_wizard.compute.vcenter name: hypervisor:vmware requires: - - message: dialog.create_cluster_wizard.compute.vcenter_warning - name: hypervisor:qemu + - one_of: + items: + - hypervisor:qemu + message: dialog.create_cluster_wizard.compute.vcenter_warning + - one_of: + items: + - network:neutron:ml2:dvs + - network:neutron:ml2:nsx + message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend + message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins weight: 15 - compatible: - name: hypervisor:* @@ -2092,7 +2230,9 @@ release: label: common.network.neutron_vlan name: network:neutron:ml2:vlan requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 5 - bind: - - cluster:net_provider @@ -2113,7 +2253,9 @@ release: label: common.network.neutron_tun name: network:neutron:ml2:tun requires: - - name: network:neutron:core:ml2 + - one_of: + items: + - network:neutron:core:ml2 weight: 10 - bind: - settings:storage.volumes_lvm.value @@ -2361,6 +2503,7 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 40 compute: description: A Compute node creates, manages, and terminates virtual machine @@ -2390,10 +2533,12 @@ release: restrictions: - action: hide condition: settings:common.use_vcenter.value == false + message: VMware vCenter not enabled for cluster weight: 90 controller: conflicts: - compute + - ceph-osd description: The Controller initiates orchestration activities and provides an external API. Other components like Glance (image storage), Keystone (identity management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed @@ -2465,6 +2610,7 @@ release: restrictions: - action: hide condition: not ('advanced' in version:feature_groups) + message: Advanced feature should be enabled in feature groups weight: 80 state: available version: newton-10.0 @@ -2636,7 +2782,7 @@ repo_setup: section: main restricted suite: mos10.0 type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64 + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted @@ -2660,14 +2806,15 @@ repo_setup: section: main restricted suite: auxiliary type: deb - uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary + uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary resume_guests_state_on_host_boot: true roles: - primary-controller +run_ping_checker: true sahara: - db_password: p2MdEtao9p1VNhmSw9JBx7jt + db_password: UF4ZV4PTbonSWqt7680pZ0rL enabled: false - user_password: yoMnSIl4c7Hoh5wKaU3VnJ6e + user_password: 2LoKysurI447q2vGNsXfzSPE service_user: homedir: /var/lib/fuel metadata: @@ -2678,22 +2825,34 @@ service_user: condition: 'true' weight: 10 name: fuel - password: 5dn5GAQqwOJjgvdLnB5mNuwJ + password: OEUDOaOpAQMyUBCsfhBQTA7f root_password: r00tme sudo: 'ALL=(ALL) NOPASSWD: ALL' +ssh: + brute_force_protection: false + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: false + security_networks: + - 10.109.15.2 status: discover storage: - admin_key: AQBTeUhXAAAAABAAdwwOwBYXZat8EUoTv+TNzQ== - bootstrap_osd_key: AQBTeUhXAAAAABAAZkv8WHWP0hSli2zP+A+yKw== + admin_key: AQBBB6NXAAAAABAA6In/2HbEevOwWwgfsS6dMg== + auth_s3_keystone_ceph: false + bootstrap_osd_key: AQBBB6NXAAAAABAAOAFmN02NZAnFPM0KKSyB2Q== ephemeral_ceph: false - fsid: 99086d2b-16fa-4e30-b218-0478a6f4ca2f + fsid: a64309fb-4fec-4d94-a0c0-01da60c8763f images_ceph: false images_vcenter: false metadata: group: storage label: Storage Backends weight: 60 - mon_key: AQBTeUhXAAAAABAAscRrAAtn0TMlZA6+mBsW5g== + mon_key: AQBBB6NXAAAAABAAVkaMThSuTJpEvr4NQQhz5w== objects_ceph: false osd_pool_size: '3' per_pool_pg_nums: @@ -2704,13 +2863,13 @@ storage: images: 128 volumes: 128 pg_num: 128 - radosgw_key: AQBTeUhXAAAAABAAKA62hWh72YcjIdy0TSSAhw== + radosgw_key: AQBBB6NXAAAAABAACyHSjzgMrrG6dpiJoheqXQ== volumes_block_device: false volumes_ceph: false volumes_lvm: true storage_network_range: 192.168.1.0/24 swift: - user_password: oVBtyqIw3KXicx1jCNdhByCS + user_password: oZteugntx6IdeP40a6VOdzO0 syslog: metadata: enabled: false @@ -2732,10 +2891,10 @@ test_vm_image: os_name: cirros properties: {} public: 'true' -uid: '720' +uid: '116' use_cow_images: true use_vcenter: false -user_node_name: node-720 +user_node_name: node-116 vms_conf: [] workloads_collector: create_user: false @@ -2747,6 +2906,6 @@ workloads_collector: - action: hide condition: 'true' weight: 10 - password: ISAUvQnpDAngw8QfiEr3lQ2i + password: 6jrQREZVjMWvFcEdhmk0evka tenant: services username: fuel_stats_user diff --git a/utils/generate_yamls.sh b/utils/generate_yamls.sh index 1ff4622..ce17e67 100755 --- a/utils/generate_yamls.sh +++ b/utils/generate_yamls.sh @@ -51,6 +51,7 @@ function enable_ceph { attr["editable"]["storage"]["ephemeral_ceph"]["value"] = true attr["editable"]["storage"]["volumes_lvm"]["value"] = false attr["editable"]["storage"]["osd_pool_size"]["value"] = "2" + attr["editable"]["storage"]["auth_s3_keystone_ceph"]["value"] = true File.open(ARGV[0], "w").write(attr.to_yaml)' "cluster_$1/attributes.yaml" fuel env --attributes --env $1 --upload rm -rf "cluster_$1"