series: bionic variables: # https://wiki.ubuntu.com/OpenStack/CloudArchive # packages for an LTS release come in a form of SRUs # do not use cloud: for an LTS version as # installation hooks will fail. Example: openstack-origin: &openstack-origin distro #openstack-origin: &openstack-origin cloud:bionic-rocky openstack-region: &openstack-region RegionOne # !> Important 2 service # containers/host adapt appropriately. reserved-host-memory: &reserved-host-memory 16384 ram-allocation-ratio: &ram-allocation-ratio 0.999999 # XXX bug 1613839 cpu-allocation-ratio: &cpu-allocation-ratio 4.0 # This is Management network, unrelated to OpenStack and other applications # OAM - Operations, Administration and Maintenance oam-space: &oam-space oam-space # This is OpenStack Admin network; for adminURL endpoints admin-space: &admin-space oam-space # This is OpenStack Public network; for publicURL endpoints public-space: &public-space external-space # This is OpenStack Internal network; for internalURL endpoints internal-space: &internal-space oam-space # CEPH configuration # CEPH access network ceph-public-space: &ceph-public-space ceph-access-space # CEPH replication network ceph-cluster-space: &ceph-cluster-space ceph-replica-space sdn-transport: &sdn-transport sdn-transport # Workaround for 'only one default binding supported' oam-space-constr: &oam-space-constr spaces=oam-space ceph-access-constr: &ceph-access-constr spaces=ceph-access-space combi-access-constr: &combi-access-constr spaces=ceph-access-space,oam-space # Various VIPs aodh-vip: &aodh-vip "172.30.204.132 172.30.205.132" cinder-vip: &cinder-vip "172.30.204.133 172.30.205.133" dashboard-vip: &dashboard-vip "172.30.205.144" glance-vip: &glance-vip "172.30.204.134 172.30.205.134" gnocchi-vip: &gnocchi-vip "172.30.204.135 172.30.205.135" heat-vip: &heat-vip "172.30.204.136 172.30.205.136" keystone-vip: &keystone-vip "172.30.204.137 172.30.205.137" mysql-vip: &mysql-vip "172.30.205.140" neutron-api-vip: &neutron-api-vip "172.30.204.138 172.30.205.138" nova-cc-vip: &nova-cc-vip "172.30.204.139 172.30.205.139" rados-gateway-vip: &rados-gateway-vip "172.30.204.141 172.30.205.141" vault-vip: &vault-vip "172.30.205.142" # NTP configuration ntp-source: &ntp-source "ntp.ubuntu.com" # Contrail variables contrail-docker-registry: &contrail-docker-registry hub.juniper.net/contrail contrail-docker-user: &contrail-docker-user "xxxxx" contrail-docker-password: &contrail-docker-password "xxxxxx" contrail-image-tag: &contrail-image-tag "2011.138" contrail-control-net: &contrail-control-net 172.30.205.128/25 contrail-data-net: &contrail-data-net 192.168.254.0/24 contrail-api-vip: &contrail-api-vip 172.30.204.145 # Add policy-routing to the external network external-network-cidr: &external-network-cidr 172.30.204.128/26 external-network-gateway: &external-network-gateway 172.30.204.129 services: ubuntu: charm: cs:bionic/ubuntu num_units: 3 to: - 1 - 2 - 3 ntp: charm: cs:ntp options: source: *ntp-source easyrsa: charm: cs:~containers/easyrsa num_units: 1 bindings: "": *oam-space to: - lxd:1 mysql: charm: cs:percona-cluster num_units: 3 bindings: "": *oam-space cluster: *internal-space shared-db: *internal-space ha: *internal-space db: *internal-space db-admin: *internal-space options: source: *openstack-origin innodb-buffer-pool-size: 512M vip: *mysql-vip wait-timeout: 3600 min-cluster-size: 3 enable-binlogs: True performance-schema: True max-connections: *mysql-connections tuning-level: *mysql-tuning-level wsrep-slave-threads: 48 to: - lxd:1 - lxd:2 - lxd:3 memcached: charm: cs:memcached num_units: 3 constraints: *oam-space-constr bindings: "": *internal-space cache: *internal-space options: allow-ufw-ip6-softfail: True to: - lxd:1 - lxd:2 - lxd:3 rabbitmq-server: charm: cs:rabbitmq-server bindings: "": *oam-space amqp: *internal-space cluster: *internal-space options: source: *openstack-origin min-cluster-size: 3 num_units: 3 to: - lxd:1 - lxd:2 - lxd:3 heat: charm: cs:heat num_units: 3 constraints: mem=8196 cores=4 root-disk=64G spaces=oam-space,sdn-transport,external-space bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space heat-plugin-subordinate: *sdn-transport options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin region: *openstack-region vip: *heat-vip use-internal-endpoints: True to: - kvm:1 - kvm:2 - kvm:3 keystone: charm: cs:keystone num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin vip: *keystone-vip region: *openstack-region preferred-api-version: 3 token-provider: 'fernet' # For contrail rbac admin-role: "admin" admin-password: "c0ntrail123" to: - lxd:1 - lxd:2 - lxd:3 nova-cloud-controller: charm: cs:nova-cloud-controller num_units: 3 bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space memcache: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin network-manager: Neutron region: *openstack-region vip: *nova-cc-vip console-access-protocol: novnc console-proxy-ip: local use-internal-endpoints: True ram-allocation-ratio: *ram-allocation-ratio cpu-allocation-ratio: *cpu-allocation-ratio to: - lxd:1 - lxd:2 - lxd:3 neutron-api: charm: cs:neutron-api num_units: 3 constraints: mem=8196 cores=8 root-disk=100G spaces=oam-space,sdn-transport,external-space bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space neutron-plugin-api-subordinate: *sdn-transport options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin region: *openstack-region neutron-security-groups: True overlay-network-type: '' use-internal-endpoints: True vip: *neutron-api-vip enable-l3ha: True dhcp-agents-per-network: 2 enable-ml2-port-security: True default-tenant-network-type: vlan l2-population: True global-physnet-mtu: 9000 # Contrail manage-neutron-plugin-legacy-mode: false to: - kvm:1 - kvm:2 - kvm:3 glance: charm: cs:glance #constraints: *combi-access-constr bindings: "": *oam-space public: *public-space admin: *admin-space internal: *internal-space shared-db: *internal-space options: worker-multiplier: *worker-multiplier openstack-origin: *openstack-origin vip: *glance-vip use-internal-endpoints: True restrict-ceph-pools: False region: *openstack-region num_units: 3 to: - lxd:1 - lxd:2 - lxd:3 openstack-dashboard: charm: cs:openstack-dashboard num_units: 3 constraints: *oam-space-constr bindings: "": *public-space shared-db: *internal-space options: openstack-origin: *openstack-origin webroot: "/" secret: "encryptcookieswithme" vip: *dashboard-vip neutron-network-l3ha: True neutron-network-lb: True neutron-network-firewall: False cinder-backup: False password-retrieve: True endpoint-type: 'publicURL' to: - lxd:1 - lxd:2 - lxd:3 nova-compute: charm: cs:nova-compute options: openstack-origin: *openstack-origin #os-internal-network: 172.30.205.128/25 num_units: 2 to: - 4 - 5 mysql-hacluster: charm: cs:hacluster options: cluster_count: 3 keystone-hacluster: charm: cs:hacluster options: cluster_count: 3 ncc-hacluster: charm: cs:hacluster options: cluster_count: 3 neutron-hacluster: charm: cs:hacluster options: cluster_count: 3 glance-hacluster: charm: cs:hacluster options: cluster_count: 3 dashboard-hacluster: charm: cs:hacluster options: cluster_count: 3 heat-hacluster: charm: cs:hacluster options: cluster_count: 3 contrail-openstack: #charm: ./contrail-charms/contrail-openstack charm: cs:~juniper-os-software/contrail-openstack-26 options: docker-registry: *contrail-docker-registry docker-user: *contrail-docker-user docker-password: *contrail-docker-password image-tag: *contrail-image-tag use-internal-endpoints: True contrail-agent: #charm: ./contrail-charms/contrail-agent charm: cs:~juniper-os-software/contrail-agent-25 options: log-level: "SYS_INFO" docker-registry: *contrail-docker-registry docker-user: *contrail-docker-user docker-password: *contrail-docker-password image-tag: *contrail-image-tag #data-network: *contrail-data-net #control-network: *contrail-control-net physical-interface: bond0.300 vhost-gateway: 192.168.254.1 #sriov-physical-interface: eno2 #sriov-numvfs: "4" contrail-analytics: #charm: ./contrail-charms/contrail-analytics charm: cs:~juniper-os-software/contrail-analytics-23 min-cluster-size: 3 num_units: 3 constraints: mem=16384 cores=8 root-disk=100G spaces=oam-space,sdn-transport bindings: "": *oam-space options: log-level: "SYS_DEBUG" min-cluster-size: 3 docker-registry: *contrail-docker-registry docker-user: *contrail-docker-user docker-password: *contrail-docker-password image-tag: *contrail-image-tag control-network: *contrail-control-net haproxy-http-mode: "http" to: - kvm:1 - kvm:2 - kvm:3 contrail-analyticsdb: #charm: ./contrail-charms/contrail-analyticsdb charm: cs:~juniper-os-software/contrail-analyticsdb-23 num_units: 3 constraints: mem=32768 cores=8 root-disk=256G spaces=oam-space,sdn-transport bindings: "": *oam-space options: log-level: "SYS_DEBUG" min-cluster-size: 3 docker-registry: *contrail-docker-registry docker-user: *contrail-docker-user docker-password: *contrail-docker-password image-tag: *contrail-image-tag control-network: *contrail-control-net cassandra-minimum-diskgb: "8" cassandra-jvm-extra-opts: "-Xms8g -Xmx8g" to: - kvm:1 - kvm:2 - kvm:3 contrail-controller: #charm: ./contrail-charms/contrail-controller charm: cs:~juniper-os-software/contrail-controller-25 num_units: 3 constraints: mem=32768 cores=8 root-disk=100G spaces=oam-space,sdn-transport,external-space bindings: "": *oam-space options: log-level: "SYS_DEBUG" min-cluster-size: 3 docker-registry: *contrail-docker-registry docker-user: *contrail-docker-user docker-password: *contrail-docker-password image-tag: *contrail-image-tag data-network: *contrail-data-net control-network: *contrail-control-net bgp-asn: '65000' auth-mode: rbac cassandra-minimum-diskgb: "8" cassandra-jvm-extra-opts: "-Xms8g -Xmx8g" vip: *contrail-api-vip local-rabbitmq-hostname-resolution: True haproxy-https-mode: "http" haproxy-http-mode: "http" to: - kvm:1 - kvm:2 - kvm:3 contrail-keystone-auth: #charm: ./contrail-charms/contrail-keystone-auth charm: cs:~juniper-os-software/contrail-keystone-auth-23 num_units: 3 constraints: spaces=oam-space,sdn-transport bindings: "": *oam-space to: - lxd:1 - lxd:2 - lxd:3 contrail-keepalived: charm: cs:~containers/keepalived series: bionic options: virtual_ip: *contrail-api-vip #network_interface: eth0 port: 8143 contrail-haproxy: charm: cs:haproxy num_units: 3 bindings: "": *oam-space reverseproxy: *internal-space website: *public-space public: *public-space options: default_timeouts: >- queue 60000, connect 5000, client 120000, server 120000 services: "" source: backports peering_mode: "active-active" enable_monitoring: True ssl_cert: SELFSIGNED to: - lxd:1 - lxd:2 - lxd:3 external-policy-routing: charm: cs:~canonical-bootstack/policy-routing-3 options: cidr: *external-network-cidr gateway: *external-network-gateway relations: # openstack - [ "ubuntu", "ntp" ] - [ "mysql:ha", "mysql-hacluster:ha" ] - [ "keystone", "mysql" ] - [ "keystone:ha", "keystone-hacluster:ha" ] - [ "glance", "mysql" ] - [ "glance", "keystone" ] - [ "glance:ha", "glance-hacluster:ha" ] - [ "nova-cloud-controller:shared-db", "mysql:shared-db" ] - [ "nova-cloud-controller:amqp", "rabbitmq-server:amqp" ] - [ "nova-cloud-controller", "keystone" ] - [ "nova-cloud-controller", "glance" ] - [ "nova-cloud-controller:ha", "ncc-hacluster:ha" ] - [ "neutron-api", "mysql" ] - [ "neutron-api", "rabbitmq-server" ] - [ "neutron-api", "nova-cloud-controller" ] - [ "neutron-api", "keystone" ] - [ "neutron-api:ha", "neutron-hacluster:ha" ] - [ "nova-compute:amqp", "rabbitmq-server:amqp" ] - [ "nova-compute", "glance" ] - [ "nova-compute", "nova-cloud-controller" ] - [ "nova-compute", "ntp" ] - [ "openstack-dashboard:identity-service", "keystone" ] - [ "openstack-dashboard", "dashboard-hacluster" ] - [ "heat", "mysql" ] - [ "heat", "rabbitmq-server" ] - [ "heat", "keystone" ] - [ "heat:ha", "heat-hacluster:ha" ] #contrail - [ "contrail-agent:tls-certificates", "easyrsa:client" ] - [ "contrail-controller:tls-certificates", "easyrsa:client" ] - [ "contrail-analytics:tls-certificates", "easyrsa:client" ] - [ "contrail-analyticsdb:tls-certificates", "easyrsa:client" ] - [ "contrail-agent", "contrail-controller" ] - [ "contrail-agent:juju-info", "nova-compute:juju-info" ] - [ "contrail-analytics", "contrail-analyticsdb" ] - [ "contrail-analytics", "contrail-controller" ] - [ "contrail-analytics", "contrail-haproxy" ] - [ "contrail-analyticsdb", "contrail-controller" ] - [ "contrail-controller", "contrail-keystone-auth" ] - [ "contrail-controller:http-services", "contrail-haproxy" ] - [ "contrail-controller:https-services", "contrail-haproxy" ] - [ "contrail-keystone-auth", "keystone" ] - [ "contrail-openstack", "nova-compute" ] - [ "contrail-openstack", "neutron-api" ] - [ "contrail-openstack", "heat" ] - [ "contrail-openstack", "contrail-controller" ] #haproxy - [ "contrail-haproxy:juju-info", "contrail-keepalived:juju-info" ] #memcached for nova-cc in HA - [ "nova-cloud-controller:memcache", "memcached:cache" ] # Policy routing #- ["external-policy-routing:juju-info", "aodh:juju-info"] #- ["external-policy-routing:juju-info", "ceilometer:juju-info"] #- ["external-policy-routing:juju-info", "cinder:juju-info"] # ["external-policy-routing:juju-info", "openstack-dashboard:juju-info"] # ["external-policy-routing:juju-info", "glance:juju-info"] #- ["external-policy-routing:juju-info", "gnocchi:juju-info"] # ["external-policy-routing:juju-info", "heat:juju-info"] # ["external-policy-routing:juju-info", "keystone:juju-info"] # ["external-policy-routing:juju-info", "neutron-api:juju-info"] # ["external-policy-routing:juju-info", "nova-cloud-controller:juju-info"] #- ["external-policy-routing:juju-info", "ceph-radosgw:juju-info"] # ["external-policy-routing:juju-info", "contrail-haproxy:juju-info"] - [ "ntp:juju-info", "contrail-controller:juju-info" ] - [ "ntp:juju-info", "contrail-analytics:juju-info" ] - [ "ntp:juju-info", "contrail-analyticsdb:juju-info" ] # Heat and neutron-api are KVM machines and require NTP - [ "ntp:juju-info", "neutron-api:juju-info" ] - [ "ntp:juju-info", "heat:juju-info" ] machines: "1": series: bionic constraints: tags=controller1 "2": series: bionic constraints: tags=controller2 "3": series: bionic constraints: tags=controller3 "4": series: bionic constraints: tags=compute1 "5": series: bionic constraints: tags=compute2