# Copyright (c) 2017-2018 Canonical USA Inc. All rights reserved. # # Foundation HyperConverged # series: bionic variables: # https://wiki.ubuntu.com/OpenStack/CloudArchive # packages for an LTS release come in a form of SRUs # do not use cloud: for an LTS version as # installation hooks will fail. Example: openstack-origin: &openstack-origin cloud:bionic-rocky openstack-region: &openstack-region RegionOne # !> Important :: vlan-ranges: neutron-security-groups: True overlay-network-type: vxlan gre use-internal-endpoints: True vip: *neutron-api-vip enable-l3ha: True dhcp-agents-per-network: 2 enable-ml2-port-security: True default-tenant-network-type: vxlan l2-population: False enable-ml2-dns: True dns-domain: *dns-domain reverse-dns-lookup: True ipv4-ptr-zone-prefix-size: *dns-cidr # set MTU settings to achieve 1500 MTU on instance interfaces in # the overlay network. This will only work provided that the VTEP # VLANs (overlay-space) are configured to have MTU larger than # 1550 (jumbo frames) which is documented in the prerequisites doc global-physnet-mtu: 1550 path-mtu: 1550 physical-network-mtus: physnet1:1500 to: - lxd:3 - lxd:5 - lxd:6 neutron-gateway: charm: cs:~openstack-charmers-next/neutron-gateway num_units: 2 bindings: "": *oam-space data: *overlay-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin bridge-mappings: physnet1:br-data data-port: *data-port aa-profile-mode: complain # XXX: 1761536 # If not using designate, set this to the upstream DNS servers # neutron should use. Instances will talk to neutron, and neutron # will forward to these servers. If using designate, see: # https://openstackdevops.wordpress.com/2018/01/27/designate-and-neutron-dns-integration/ dns-servers: 10.244.32.1 to: - 5 - 6 neutron-openvswitch: charm: cs:~openstack-charmers-next/neutron-openvswitch num_units: 0 bindings: data: *overlay-space options: worker-multiplier: *worker-multiplier bridge-mappings: physnet1:br-data prevent-arp-spoofing: True firewall-driver: openvswitch nova-cloud-controller: charm: cs:~openstack-charmers-next/nova-cloud-controller num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin network-manager: Neutron region: *openstack-region vip: *nova-cc-vip console-access-protocol: spice console-proxy-ip: local use-internal-endpoints: True single-nova-consoleauth: True to: - lxd:3 - lxd:5 - lxd:6 nova-compute-kvm: charm: cs:~openstack-charmers-next/nova-compute num_units: 5 bindings: "": *oam-space internal: *internal-space options: openstack-origin: *openstack-origin enable-live-migration: True enable-resize: True migration-auth-type: ssh use-internal-endpoints: True libvirt-image-backend: qcow2 restrict-ceph-pools: False aa-profile-mode: enforce virt-type: kvm to: - 0 - 1 - 2 - 3 - 4 nova-compute-lxd: charm: cs:~openstack-charmers-next/nova-compute num_units: 2 bindings: "": *oam-space internal: *internal-space options: openstack-origin: *openstack-origin # this is still a beta feature # CRIU is very workload dependent enable-live-migration: False # maybe in the future # enable-resize: True # RBD support for nova-lxd will be in Pike use-internal-endpoints: True restrict-ceph-pools: False aa-profile-mode: enforce virt-type: lxd to: - 7 - 8 ntp: charm: cs:ntp num_units: 0 options: source: *ntp-source openstack-dashboard: charm: cs:~openstack-charmers-next/openstack-dashboard num_units: 3 constraints: *oam-space-constr bindings: "": *public-space shared-db: *internal-space options: openstack-origin: *openstack-origin webroot: "/" secret: "encryptcookieswithme" vip: *dashboard-vip neutron-network-l3ha: True neutron-network-lb: True neutron-network-firewall: False cinder-backup: False password-retrieve: True endpoint-type: publicURL to: - lxd:3 - lxd:5 - lxd:6 rabbitmq-server: charm: cs:~openstack-charmers-next/rabbitmq-server bindings: "": *oam-space amqp: *internal-space cluster: *internal-space options: source: *openstack-origin min-cluster-size: 3 num_units: 3 to: - lxd:3 - lxd:5 - lxd:6 heat: charm: cs:~openstack-charmers-next/heat num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin region: *openstack-region vip: *heat-vip use-internal-endpoints: True to: - lxd:0 - lxd:1 - lxd:2 designate: charm: cs:~openstack-charmers-next/designate num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: openstack-origin: *openstack-origin region: *openstack-region vip: *designate-vip use-internal-endpoints: True nameservers: *designate-nameservers #TODO to: - lxd:3 - lxd:5 - lxd:6 designate-bind: charm: cs:~openstack-charmers-next/designate-bind num_units: 2 constraints: *oam-space-constr bindings: "": *internal-space options: use-internal-endpoints: True to: - lxd:1 - lxd:2 memcached: charm: cs:memcached num_units: 2 constraints: *oam-space-constr bindings: "": *internal-space options: allow-ufw-ip6-softfail: True to: - designate-bind/0 - designate-bind/1 ceilometer: charm: cs:~openstack-charmers-next/ceilometer num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space options: openstack-origin: *openstack-origin region: *openstack-region vip: *ceilometer-vip use-internal-endpoints: True to: - lxd:3 - lxd:5 - lxd:6 ceilometer-agent: charm: cs:~openstack-charmers-next/ceilometer-agent num_units: 0 options: use-internal-endpoints: True landscape-server: charm: *landscape-charm bindings: "": *oam-space options: source: ppa:landscape/18.03 key: 4652B4E6 num_units: 3 to: - 15 - 20 - 23 landscape-rabbitmq-server: charm: cs:rabbitmq-server bindings: "": *oam-space cluster: *oam-space amqp: *oam-space num_units: 3 to: - 13 - 16 - 21 landscape-postgresql: charm: cs:postgresql bindings: "": *oam-space options: extra_packages: python-apt postgresql-contrib postgresql-.*-debversion postgresql-plpython-.* max_connections: 500 max_prepared_transactions: 500 num_units: 2 to: - 12 - 17 landscape-haproxy: charm: cs:haproxy bindings: "": *oam-space options: default_timeouts: "queue 60000, connect 5000, client 120000, server 120000" services: "" source: backports ssl_cert: SELFSIGNED global_default_bind_options: "no-tlsv10" num_units: 1 to: - 11 graylog: charm: cs:graylog bindings: "": *oam-space options: # If a proxy is required, set it here snap_proxy: http://squid.internal:3128/ num_units: 1 to: - 19 graylog-mongodb: charm: cs:mongodb bindings: "": *oam-space num_units: 1 options: nagios_context: *openstack-region to: - lxd:19 elasticsearch: charm: cs:elasticsearch bindings: "": *oam-space num_units: 2 options: firewall_enabled: False apt-key-url: http://10.245.208.5/elastic-search-gpg-key to: - 14 - 22 filebeat: charm: cs:filebeat nagios: charm: cs:nagios bindings: "": *oam-space num_units: 1 to: - 9 openstack-service-checks: charm: cs:~canonical-bootstack/openstack-service-checks bindings: "": *oam-space num_units: 1 to: - lxd:9 nrpe-host: charm: cs:nrpe bindings: monitors: *oam-space options: nagios_hostname_type: "host" nagios_host_context: *openstack-region xfs_errors: "30" nrpe-container: charm: cs:nrpe bindings: monitors: *oam-space options: nagios_hostname_type: unit nagios_host_context: *openstack-region disk_root: '' load: '' swap: '' swap_activity: '' mem: '' prometheus: charm: cs:prometheus2 bindings: "": *oam-space options: snap_proxy: http://squid.internal:3128/ num_units: 1 to: - 18 prometheus-openstack-exporter: charm: cs:prometheus-openstack-exporter bindings: "": *oam-space num_units: 1 options: snap_proxy: http://squid.internal:3128/ to: - lxd:18 grafana: charm: cs:~prometheus-charmers/grafana bindings: "": *oam-space options: port: "3000" # XXX: bug 1752960 num_units: 1 to: - 10 telegraf: charm: cs:telegraf bindings: # overrides private-address exposed to prometheus prometheus-client: *oam-space telegraf-prometheus: charm: cs:telegraf bindings: # overrides private-address exposed to prometheus prometheus-client: *oam-space lldpd: charm: cs:~ivoks/lldpd options: interfaces-regex: 'en*' relations: # openstack - [ aodh, mysql ] - [ aodh, keystone ] - [ "aodh:amqp", "rabbitmq-server:amqp" ] - [ aodh, nrpe-container ] - [ aodh, telegraf ] - [ aodh, filebeat ] - [ ceph-osd, ceph-mon ] - [ ceph-radosgw, ceph-mon ] - [ keystone, ceph-radosgw ] - [ nova-compute-kvm, ntp ] - [ nova-compute-lxd, ntp ] - [ neutron-gateway, ntp ] - [ nova-compute-kvm, lldpd ] - [ nova-compute-lxd, lldpd ] - [ neutron-gateway, lldpd ] - [ ceph-radosgw, hacluster-radosgw ] - [ mysql, hacluster-mysql ] - [ keystone, hacluster-keystone ] - [ aodh, hacluster-aodh ] - [ glance, hacluster-glance ] - [ gnocchi, hacluster-gnocchi ] - [ cinder, hacluster-cinder ] - [ designate, hacluster-designate ] - [ neutron-api, hacluster-neutron ] - [ nova-cloud-controller, hacluster-nova ] - [ openstack-dashboard, hacluster-horizon ] - [ heat, hacluster-heat ] - [ keystone, mysql ] - [ "ceilometer:identity-credentials", "keystone:identity-credentials" ] - [ "ceilometer:amqp", "rabbitmq-server:amqp" ] - [ ceilometer, hacluster-ceilometer ] - [ cinder, mysql ] - [ cinder, keystone ] - [ cinder-ceph, ceph-mon ] - [ cinder-ceph, cinder ] - [ "cinder:amqp", "rabbitmq-server:amqp" ] - [ designate, mysql ] - [ designate, designate-bind ] - [ designate, keystone ] - [ "designate:amqp", "rabbitmq-server:amqp" ] - [ designate, memcached ] - [ glance, mysql ] - [ glance, keystone ] - [ glance, ceph-mon ] - [ "glance:amqp", "rabbitmq-server:amqp" ] - [ gnocchi, mysql ] - [ "gnocchi:amqp", "rabbitmq-server:amqp" ] - [ gnocchi, keystone ] - [ gnocchi, ceph-mon ] - [ gnocchi, memcached ] - [ gnocchi, ceilometer ] - [ gnocchi, filebeat ] - [ gnocchi, telegraf ] - [ gnocchi, nrpe-container ] - [ heat, mysql ] - [ heat, keystone ] - [ "heat:amqp", "rabbitmq-server:amqp" ] - [ "nova-cloud-controller:shared-db", "mysql:shared-db" ] - [ "nova-cloud-controller:amqp", "rabbitmq-server:amqp" ] - [ nova-cloud-controller, keystone ] - [ nova-cloud-controller, glance ] - [ neutron-api, mysql ] - [ "neutron-api:amqp", "rabbitmq-server:amqp" ] - [ neutron-api, nova-cloud-controller ] - [ neutron-api, keystone ] - [ neutron-gateway, nova-cloud-controller ] - [ "neutron-gateway:amqp", "rabbitmq-server:amqp" ] - [ "neutron-gateway:neutron-plugin-api", "neutron-api:neutron-plugin-api" ] - [ "neutron-openvswitch:amqp", "rabbitmq-server:amqp" ] - [ neutron-openvswitch, neutron-api ] - [ "nova-compute-kvm:amqp", "rabbitmq-server:amqp" ] - [ "nova-compute-lxd:amqp", "rabbitmq-server:amqp" ] - [ nova-compute-kvm, ceph-mon ] - [ nova-compute-kvm, cinder-ceph ] # lxd + rbd will work as of Pike charms + OpenStack only. # After Pike charms are out this can be enabled as they # are backwards-compatible and will render proper templates #- [ nova-compute-lxd, cinder-ceph ] #- [ nova-compute-lxd, ceph-mon ] - [ nova-compute-kvm, glance ] - [ nova-compute-lxd, glance ] - [ nova-compute-kvm, neutron-openvswitch ] - [ nova-compute-lxd, neutron-openvswitch ] - [ nova-compute-kvm, nova-cloud-controller ] - [ nova-compute-lxd, nova-cloud-controller ] - [ "openstack-dashboard:identity-service", "keystone:identity-service" ] - [ openstack-dashboard, mysql ] - [ ceilometer-agent, nova-compute-kvm ] - [ ceilometer-agent, nova-compute-lxd ] - [ ceilometer-agent, ceilometer ] - [ nova-compute-kvm, filebeat ] - [ nova-compute-lxd, filebeat ] - [ nova-compute-kvm, nrpe-host ] - [ nova-compute-lxd, nrpe-host ] - [ "nova-compute-kvm:juju-info", "telegraf:juju-info" ] - [ "nova-compute-lxd:juju-info", "telegraf:juju-info" ] - [ neutron-gateway, filebeat ] - [ neutron-gateway, nrpe-host ] - [ "neutron-gateway:juju-info", "telegraf:juju-info" ] - [ ceph-mon, nrpe-container ] - [ "ceph-mon:juju-info", "telegraf:juju-info" ] - [ ceph-mon, filebeat ] - [ ceph-radosgw, filebeat ] - [ ceph-radosgw, nrpe-container ] - [ "ceph-radosgw:juju-info", "telegraf:juju-info" ] - [ cinder, filebeat ] - [ cinder, nrpe-container ] - [ "cinder:juju-info", "telegraf:juju-info" ] - [ "glance:image-service", "cinder:image-service" ] - [ glance, filebeat ] - [ glance, nrpe-container ] - [ "glance:juju-info", "telegraf:juju-info" ] - [ keystone, filebeat ] - [ keystone, nrpe-container ] - [ "keystone:juju-info", "telegraf:juju-info" ] - [ mysql, filebeat ] - [ mysql, nrpe-container ] - [ "mysql:juju-info", "telegraf:juju-info" ] - [ neutron-api, filebeat ] - [ neutron-api, nrpe-container ] - [ "neutron-api:juju-info", "telegraf:juju-info" ] - [ nova-cloud-controller, filebeat ] - [ nova-cloud-controller, nrpe-container ] - [ "nova-cloud-controller:juju-info", "telegraf:juju-info" ] - [ openstack-dashboard, filebeat ] - [ openstack-dashboard, nrpe-container ] - [ "openstack-dashboard:juju-info", "telegraf:juju-info" ] - [ rabbitmq-server, filebeat ] - [ rabbitmq-server, nrpe-container ] - [ "rabbitmq-server:juju-info", "telegraf:juju-info" ] - [ heat, filebeat ] - [ heat, nrpe-container ] - [ "heat:juju-info", "telegraf:juju-info" ] - [ designate, filebeat ] - [ designate, nrpe-container ] - [ "designate:juju-info", "telegraf:juju-info" ] - [ designate, neutron-api ] - [ designate-bind, filebeat ] - [ designate-bind, nrpe-container ] - [ "designate-bind:juju-info", "telegraf:juju-info" ] - [ ceilometer, filebeat ] - [ ceilometer, nrpe-container ] - [ "ceilometer:juju-info", "telegraf:juju-info" ] - [ landscape-server, filebeat ] - [ landscape-server, nrpe-host ] - [ "landscape-server:juju-info", "telegraf:juju-info" ] - [ landscape-rabbitmq-server, filebeat ] - [ landscape-rabbitmq-server, nrpe-host ] - [ "landscape-rabbitmq-server:juju-info", "telegraf:juju-info" ] - [ landscape-postgresql, filebeat ] - [ "landscape-postgresql:local-monitors", "nrpe-host:local-monitors" ] - [ "landscape-postgresql:juju-info", "nrpe-host:general-info" ] - [ "landscape-postgresql:juju-info", "telegraf:juju-info" ] - [ landscape-haproxy, filebeat ] - [ "landscape-haproxy:juju-info", "nrpe-host:general-info" ] - [ "landscape-haproxy:local-monitors", "nrpe-host:local-monitors" ] - [ "landscape-haproxy:juju-info", "telegraf:juju-info" ] - [ graylog, filebeat ] - [ graylog, nrpe-host ] - [ "graylog:juju-info", "telegraf:juju-info" ] - [ elasticsearch, filebeat ] - [ elasticsearch, nrpe-host ] - [ "elasticsearch:juju-info", "telegraf:juju-info" ] - [ "nagios:juju-info", "filebeat:beats-host" ] - [ "nagios:juju-info", "telegraf:juju-info" ] - [ prometheus, filebeat ] - [ prometheus, ntp ] - [ prometheus, nrpe-host ] - [ "prometheus:juju-info", "telegraf-prometheus:juju-info" ] - [ "prometheus:grafana-source", "grafana:grafana-source" ] - [ grafana, filebeat ] - [ grafana, nrpe-host ] - [ "grafana:juju-info", "telegraf:juju-info" ] - [ nagios, nrpe-container ] - [ nagios, nrpe-host ] - [ landscape-server, landscape-rabbitmq-server ] - [ landscape-server, landscape-haproxy ] - [ "landscape-server:db", "landscape-postgresql:db-admin" ] - [ graylog, elasticsearch ] - [ graylog, graylog-mongodb ] - [ "prometheus:target", "telegraf:prometheus-client" ] - [ "prometheus:target", "telegraf-prometheus:prometheus-client" ] - [ openstack-service-checks, nrpe-container ] - [ openstack-service-checks, telegraf ] - [ openstack-service-checks, filebeat ] - [ "openstack-service-checks:identity-credentials", "keystone:identity-credentials" ] - [ "prometheus-openstack-exporter:identity-credentials", "keystone:identity-credentials" ] - [ "prometheus-openstack-exporter:nrpe-external-master", "nrpe-container:nrpe-external-master" ] - [ "prometheus-openstack-exporter:prometheus-openstack-exporter-service", "prometheus:target" ] - [ prometheus-openstack-exporter, filebeat ]