Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:9:CentOS:7.5
ardana-extensions-nsx
ardana-extensions-nsx-9.0+git.1568830037.2eea26...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ardana-extensions-nsx-9.0+git.1568830037.2eea267.obscpio of Package ardana-extensions-nsx
07070100000000000081A40000000000000000000000015D82725500000084000000000000000000000000000000000000003C00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/.gitreview[gerrit] host=gerrit.suse.provo.cloud port=29418 project=ardana/ardana-extensions-nsx.git defaultbranch=master defaultremote=ardana 07070100000001000081A40000000000000000000000015D8272550000279F000000000000000000000000000000000000003900000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/LICENSE Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. 07070100000002000081A40000000000000000000000015D8272550000084A000000000000000000000000000000000000003B00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/README.md(c) Copyright 2018 SUSE LLC THIRD-PARTY IMPORT TO INCORPORATE THE VMWARE-NSXV DRIVER TO NEUTRON To incorporate the NSX-V or NSX-T into neutron, perform the steps below to deploy your cloud. There is no need to rebuild the neutron venv. It already includes the vmware-nsx and its dependent python packages. 1. $ mkdir ~/third-party/vmware $ cp -R /usr/share/ardana/ansible/vmware ~/third-party/vmware/ansible 2. $ cd ~/openstack/ardana/ansible . $ ansible-playbook -i hosts/localhost third-party-import.yml 3. Modify the input model to add vmware-nsxv or vmware-nsxt component and remove the neutron components not needed for NSX. Some of the items need to change in control_plane.yml are: - insert vmware-nsxv or vmware-nsxt after neutron-server - remove the following neutron components: - neutron-dhcp-agent - neutron-openvswitch-agent - neutron-l2gateway-agent - neutron-l3-agent - neutron-vpn-agent - neutron-lbaas-agent - neutron-lbaasv2-agent - neutron-metadata-agent - neutron-ml2-plugin - neutron-ovsvapp-agent - neutron-sriov-nic-agent - For NSX-T, insert vmware-nsxt-node after nova-compute-kvm These changes can be found in the sample input model in either directory: /usr/share/ardana/input-model/2.0/examples/vmware/entry-scale-nsxv /usr/share/ardana/input-model/2.0/examples/vmware/entry-scale-nsxt 4. In your input model, create the NSX config-data file (~/openstack/my_cloud/definition/data/nsx/nsx_config.yml) and the pass_through file (~/openstack/my_cloud/definition/data/pass_through.yml) with the information about the ESX servers, credentials, cluster info, etc). The corresponding files in the sample input model should server as a template. 5. Use git commit to save the changes to the input model. 6. $ cd ~/openstack/ardana/ansible $ ansible-playbook -i hosts/localhost config-processor-run.yml $ ansible-playbook -i hosts/localhost ready-deployment.yml $ cd ~/scratch/ansible/next/ardana/ansible $ ansible-playbook -i hosts/verb_hosts site.yml 07070100000003000041ED0000000000000000000000055D82725500000000000000000000000000000000000000000000003800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware07070100000004000041ED0000000000000000000000055D82725500000000000000000000000000000000000000000000004000000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible07070100000005000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000004700000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/config07070100000006000081A40000000000000000000000015D8272550000039F000000000000000000000000000000000000005800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/config/nsx-symlinks.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # The following relative symlinks are created under the # ~/openstack/my_cloud/config/vmware-nsx/ directory. Users are permitted # to make customizations to the config file templates defined there. --- symlinks: "vmware-nsx/nsxv.ini.j2": "roles/vmware-nsx/templates/nsxv.ini.j2" "vmware-nsx/nsxt.ini.j2": "roles/vmware-nsx/templates/nsxt.ini.j2" 07070100000007000041ED0000000000000000000000035D82725500000000000000000000000000000000000000000000004800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/hooks.d07070100000008000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000004F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/hooks.d/vmware07070100000009000081A40000000000000000000000015D8272550000030E000000000000000000000000000000000000006700000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/hooks.d/vmware/post-clients-deploy.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # This playbook is inserted by ready-deployment.yml into ardana-deploy.yml # immediately after the line # # - include: clients-deploy.yml - include: "{{ playbook_dir }}/nsx-neutronclient-deploy.yml" 0707010000000A000081A40000000000000000000000015D8272550000030E000000000000000000000000000000000000006800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/hooks.d/vmware/post-clients-upgrade.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # This playbook is inserted by ready-deployment.yml into ardana-upgrade.yml # immediately after the line # - include: clients-upgrade.yml - include: "{{ playbook_dir }}/nsx-neutronclient-deploy.yml" 0707010000000B000081A40000000000000000000000015D8272550000030A000000000000000000000000000000000000006300000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/hooks.d/vmware/pre-nova-deploy.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # This playbook is inserted by ready-deployment.yml into ardana-deploy.yml # immediately after the line # # - include: clients-deploy.yml - include: "{{ playbook_dir }}/nsxt-nodes-configure.yml" 0707010000000C000081A40000000000000000000000015D827255000002BD000000000000000000000000000000000000005D00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/nsx-neutronclient-deploy.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NEU-CLI roles: - vmware-nsx tasks: - include: roles/vmware-nsx/tasks/nsx-neutronclient-install.yml 0707010000000D000081A40000000000000000000000015D82725500000353000000000000000000000000000000000000005900000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/nsxt-nodes-configure.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: VMW-NSXT-NODE roles: - network_interface - vmware-nsx tasks: - include: roles/vmware-nsx/tasks/nsxt-node-prerequisites.yml - include: roles/vmware-nsx/tasks/nsxt-gather-facts.yml - include: roles/vmware-nsx/tasks/nsxt-node-configure.yml 0707010000000E000041ED0000000000000000000000035D82725500000000000000000000000000000000000000000000004600000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles0707010000000F000041ED0000000000000000000000065D82725500000000000000000000000000000000000000000000005100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx07070100000010000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000005A00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/defaults07070100000011000081A40000000000000000000000015D82725500000312000000000000000000000000000000000000006300000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/defaults/main.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Default variable values for tasks using the vmware-nsx role. --- required_neutronclient_packages: [] nsxt_node_required_packages: [] nsx_insecure: "{{ config_data | item('NSX.insecure', default='False') }}" 07070100000012000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000005700000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/tasks07070100000013000081A40000000000000000000000015D827255000002B0000000000000000000000000000000000000006000000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/tasks/main.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: vmware-nsx | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml" 07070100000014000081A40000000000000000000000015D8272550000050F000000000000000000000000000000000000007500000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/tasks/nsx-neutronclient-install.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: vmware-nsx | nsx-neutronclient-install | Debian - Install packages become: yes apt: name={{ item }} install_recommends=no state=latest force=yes with_items: required_neutronclient_packages | default([]) when: ansible_os_family == 'Debian' - name: vmware-nsx | nsx-neutronclient-install | RedHat - Install packages become: yes yum: name={{ item }} state=latest with_items: required_neutronclient_packages | default([]) when: ansible_os_family == 'RedHat' - name: vmware-nsx | nsx-neutronclient-install | SUSE - Install packages become: yes zypper: name={{ item }} state=latest with_items: required_neutronclient_packages | default([]) when: ansible_os_family == 'Suse' 07070100000015000081A40000000000000000000000015D82725500000749000000000000000000000000000000000000006D00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/tasks/nsxt-gather-facts.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: vmware-nsx | nsxt-gather-facts | Get transport node profile from manager delegate_to: localhost uri: url: "{{ config_data | item('NSX.nsx_api_managers') }}/api/v1/transport-node-profiles/{{ host.pass_through.vmware_nsxt.transport_node_profile_id }}" method: GET user: "{{ config_data | item('NSX.nsx_api_user') }}" password: "{{ config_data | item('NSX.nsx_api_password') | openstack_user_password_decrypt }}" force_basic_auth: yes validate_certs: "{{ not nsx_insecure }}" return_content: yes register: nsxt_transport_node_profile - name: vmware-nsx | nsxt-gather-facts | Get host thumbprint shell: >- awk '{print $2}' /etc/ssh/ssh_host_rsa_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64 register: nsxt_host_thumbprint - name: vmware-nsx | nsxt-gather-facts | Set facts set_fact: nsxt_host_thumbprint: "{{ nsxt_host_thumbprint.stdout }}" nsxt_transport_node_profile: "{{ nsxt_transport_node_profile.json }}" nsxt_managed_interfaces: >- {{ nsxt_transport_node_profile.json.host_switch_spec.host_switches | sum(attribute='pnics', start=[]) | map(attribute='device_name') | unique | list }} 07070100000016000081A40000000000000000000000015D8272550000180A000000000000000000000000000000000000006F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/tasks/nsxt-node-configure.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: vmware-nsx | nsxt-node-configure | Initialize nsxt managed interface configuration files copy: content: "" dest: "{{ net_path }}/{{ ifcfg_prefix }}-{{ item }}" force: no owner: root group: root mode: 0644 become: yes with_items: "{{ nsxt_managed_interfaces }}" - name: vmware-nsx | nsxt-node-configure | Build transport node request body set_fact: nsxt_transport_node: >- { "node_deployment_info": { "resource_type": "HostNode", "display_name": "{{ inventory_hostname }}", "ip_addresses": [ "{{ host.bind.VMW_NSXT_NODE.ssh.ip_address }}" ], "os_type": "{{ nsxt_os_type }}", "host_credential": { "username": "{{ host.pass_through.vmware_nsxt.username | default(ansible_ssh_user) }}", "password": "{{ host.pass_through.vmware_nsxt.password | openstack_user_password_decrypt }}", "thumbprint": "{{ nsxt_host_thumbprint }}" } }, "host_switch_spec" : {{ nsxt_transport_node_profile.host_switch_spec }}, "transport_zone_endpoints": {{ nsxt_transport_node_profile.transport_zone_endpoints }} } - name: vmware-nsx | nsxt-node-configure | Filter out NiocProfile set_fact: nsxt_transport_node_json: " {{ nsxt_transport_node | to_json | regex_replace('{[^{]*NiocProfile[^}]*},?','') }}" - name: vmware-nsx | nsxt-node-configure | Configure host as transport node delegate_to: localhost uri: url: "{{ config_data | item('NSX.nsx_api_managers') }}/api/v1/transport-nodes" method: POST HEADER_Content-Type: "application/json" body: "{{ nsxt_transport_node_json }}" user: "{{ config_data | item('NSX.nsx_api_user') }}" password: "{{ config_data | item('NSX.nsx_api_password') | openstack_user_password_decrypt }}" force_basic_auth: yes status_code: 201, 400 validate_certs: "{{ not (config_data | item('NSX.insecure', default='False')) }}" return_content: yes register: nsxt_configure_result - name: vmware-nsx | nsxt-node-configure | Check transport node configuration result fail: msg: "NSXT node configuration failed: {{ nsxt_configure_result.json.error_message }}" when: - nsxt_configure_result.status == 400 # error_code 7014 given when transport node with same ip already exists. - nsxt_configure_result.json.error_code != 7014 - name: vmware-nsx | nsxt-node-configure | Get added transport node id set_fact: nsxt_transport_node_id: "{{ nsxt_configure_result.json.id }}" when: - nsxt_configure_result.status == 201 - name: vmware-nsx | nsxt-node-configure | Get existent transport node id set_fact: nsxt_transport_node_id: >- {{ nsxt_configure_result.json.error_message | regex_replace('.*([a-fA-F0-9]{8}(-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}).*', '\\1') }} when: - nsxt_configure_result.status == 400 # TODO # We have limited capability to verify that an already configured node has # the desired configuration, so for now, other than verifying the transport # zone information below, we assume it does. A way to solve this problem is to # support node configuration update, for which a filter plugin equivalent to # ansible's 2 'combine' filter would be really helpful. # - include: nsxt-node-update.yml # when: # - nsxt_configure_result.status == 400 # - nsxt_configure_result.json.error_code == 7014 - name: vmware-nsx | nsxt-node-configure | Wait for transport node configuration delegate_to: localhost uri: url: "{{ config_data | item('NSX.nsx_api_managers') }}/api/v1/transport-nodes/{{ nsxt_transport_node_id }}/state" method: GET user: "{{ config_data | item('NSX.nsx_api_user') }}" password: "{{ config_data | item('NSX.nsx_api_password') | openstack_user_password_decrypt }}" force_basic_auth: yes status_code: 200 validate_certs: "{{ not nsx_insecure }}" return_content: yes register: nsxt_transport_node_state retries: 60 delay: 10 until: - nsxt_transport_node_state.json.state != "pending" - nsxt_transport_node_state.json.state != "in_progress" ignore_errors: yes - name: vmware.nsx | nsxt-node-configure | Failed to get transport node configuration state fail: msg: "Failed to get transport node configuration state" when: nsxt_transport_node_state.status != 200 - name: vmware.nsx | nsxt-node-configure | Check transport node configuration state fail: msg: >- Transport node configuration incomplete after timeout, status: {{ nsxt_transport_node_state.json.state }}. Details: {{ nsxt_transport_node_state.json | to_nice_json}} when: - nsxt_transport_node_state.json.state != "success" - name: vmware-nsx | nsxt-node-configure | Prepare node transport zone information set_fact: nsxt_transport_zone_config: >- {{ nsxt_transport_node.transport_zone_endpoints | map(attribute='transport_zone_id') | list }} nsxt_transport_zone_operational: >- {{ nsxt_transport_node_state.json.host_switch_states | sum(attribute='transport_zone_ids', start=[]) }} - name: vmware-nsx | nsxt-node-configure | Check node transport zone operational status fail: msg: "Transport node is not in required transport zones: {{ nsxt_transport_zone_config }}" when: nsxt_transport_zone_config | difference(nsxt_transport_zone_operational) | length > 0 07070100000017000081A40000000000000000000000015D827255000003C7000000000000000000000000000000000000007300000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/tasks/nsxt-node-prerequisites.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: vmware-nsx | nsxt-node-prerequisites | Check if node is supported fail: msg: "Ardana NSX-T extension is not supported for {{ ansible_distribution }}" when: nsxt_os_type is undefined - name: vmware-nsx | nsxt-node-prerequisites | Install node required packages become: yes package: name: "{{ item }}" state: present with_items: nsxt_node_required_packages 07070100000018000041ED0000000000000000000000035D82725500000000000000000000000000000000000000000000005B00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/templates07070100000019000081A40000000000000000000000015D82725500002403000000000000000000000000000000000000006700000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/templates/nsxt.ini.j2# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # [nsx_v3] # The IP address of one or more NSX Managers separated by commas. The IP address # should be in the following form: [<scheme>://]<ip_adress>[:<port>]. If scheme # is not provided https is used. If a port is not provided, port 80 is used for # http and port 443 for https. nsx_api_managers = "{{ config_data | item('NSX.nsx_api_managers') }}" # The username used to access the for NSX Manager API. nsx_api_user = "{{ config_data | item('NSX.nsx_api_user') }}" # The password used to access the NSX Manager API. nsx_api_password = "{{ config_data | item('NSX.nsx_api_password') | openstack_user_password_decrypt }}" # The UUID or name of the default NSX overlay transport zone that is used for # creating tunneled or isolated Neutron networks. If no physical network is # specified when creating a logical network, this transport zone will be used by # default. default_overlay_tz = "{{ config_data | item('NSX.default_overlay_tz_uuid') }}" # The UUID or name of the default tier0 router that is used for connecting to # tier1 logical routers and configuring external networks. default_tier0_router = "{{ config_data | item('NSX.default_tier0_router_uuid') }}" {% set native_dhcp_metadata = config_data | item('NSX.native_dhcp_metadata', default='True') %} # If true, DHCP and metadata proxy services will be provided by NSX. native_dhcp_metadata = "{{ native_dhcp_metadata }}" {%- set metadata_mode = config_data | item('NSX.metadata_mode') %} {% if metadata_mode is defined %} # Acceptable values are: # - access_network: enables a dedicated connection to the metadata proxy for # metadata server access via Neutron router. # - dhcp_host_route: enables host route injection via the dhcp agent. This # option is only useful if running on a host that does not support namespaces # otherwise access_network should be used. metadata_mode = "{{ metadata_mode }}" {% endif %} {%- set metadata_on_demand = config_data | item('NSX.metadata_on_demand') %} {% if metadata_on_demand is defined %} # If True, an internal metadata network is created for a router only when the # router is attached to a DHCP-disabled subnet. metadata_on_demand = "{{ metadata_on_demand }}" {% endif %} {%- set metadata_proxy = config_data | item('NSX.metadata_proxy_uuid') %} {% if metadata_proxy is defined %} # The UUID of the NSX Metadata Proxy that is used to enable native metadata # service. It needs to be created in NSX before starting Neutron with the NSX # plugin. metadata_proxy = "{{ metadata_proxy }}" {% endif %} {%- set dhcp_profile = config_data | item('NSX.dhcp_profile_uuid') %} {% if dhcp_profile is defined %} # The UUID of the NSX DHCP Profile that is used to enable native DHCP service. # It needs to be created in NSX before starting Neutron with the NSX plugin. dhcp_profile = "{{ dhcp_profile }}" {% endif %} {%- dhcp_lease_time = config_data | item('NSX.dhcp_lease_time') %} {% if dhcp_lease_time is defined %} # The DHCP default lease time for DHCP servers in NSX-t. If undefined, wmware- # nsx sets it to 86400 dhcp_lease_time = {{ dhcp_lease_time }} {% endif %} {%- dhcp_relay_service = config_data | item('NSX.dhcp_relay_service') %} {% if dhcp_relay_service is defined %} # This is the name of UUID of the NSX dhcp relay service that will be used to # enable DHCP relay on router ports. dhcp_relay_service = {{ dhcp_relay_service }} {% endif %} {%- set number_of_nested_groups = config_data | item('NSX.number_of_nested_groups') %} {% if number_of_nested_groups is defined %} # The number of nested groups which are used by the plugin. Each Neutron # security-groups is added to one nested group, and each nested group can # contain a maximum of 500 security-groups, therefore, the maximum number of # security groups that can be created is 500 * number_of_nested_groups. The # default is 8 nested groups, which allows a maximum of 4k security-groups. To # allow the creation of more security-groups, modify this figure. number_of_nested_groups = "{{ number_of_nested_groups }}" {% endif %} {%- set dns_domain = config_data | item('NSX.dns_domain') %} {% if dns_domain is defined %} # Domain to use for building the hostnames. dns_domain = "{{ dns_domain }}" {% endif %} {%- set default_vlan_tz = config_data | item('NSX.default_vlan_tz_uuid') %} {% if default_vlan_tz is defined %} # Only required when creating VLAN or flat provider networks. The UUID or name # of the default NSX VLAN transport zone that is used for bridging between # Neutron networks if no physical network has been specified. default_vlan_tz = "{{ default_vlan_tz }}" {% endif %} {%- set default_edge_cluster = config_data | item('NSX.default_edge_cluster_uuid') %} {% if default_edge_cluster is defined %} # Default Edge Cluster UUID or name. default_edge_cluster = "{{ default_edge_cluster }}" {% endif %} {%- set retries = config_data | item('NSX.retries') %} {% if retries is defined %} # The maximum number of times to retry API requests upon stale revision errors. retries = "{{ config_data | item('NSX.retries', default='3') }}" {% endif %} {%- set ca_file = config_data | item('NSX.ca_file') %} {% if ca_file is defined %} # Specify a CA bundle file to use in verifying the NSX Manager server # certificate. This option is ignored if "insecure" is set to True. If # "insecure" is set to False and ca_file is unset, the system root CAs will be # used to verify the server certificate. ca_file = "{{ ca_file }}" {% endif %} {%- set insecure = config_data | item('NSX.insecure') %} {% if insecure is defined %} # If true, the NSX Manager server certificate is not verified. If false the CA # bundle specified via "ca_file" will be used or if unset the default system # root CAs will be used. insecure = "{{ insecure }}" {% endif %} {%- set http_timeout = config_data | item('NSX.http_timeout') %} {% if http_timeout is defined %} # The time in seconds before aborting a HTTP connection to a NSX Manager. http_timeout = "{{ http_timeout }}" {% endif %} {%- set http_read_timeout = config_data | item('NSX.http_read_timeout') %} {% if http_read_timeout is defined %} # The time in seconds before aborting a HTTP read response from a NSX Manager. http_read_timeout = "{{ http_read_timeout }}" {% endif %} {%- set http_retries = config_data | item('NSX.http_retries') %} {% if http_retries is defined %} # Maximum number of times to retry a HTTP connection. http_retries = "{{ http_retries }}" {% endif %} {%- set concurrent_connections = config_data | item('NSX.concurrent_connections') %} {% if concurrent_connections is defined %} # Maximum number of connection connections to each NSX Manager. concurrent_connections = "{{ concurrent_connections }}" {% endif %} {%- set conn_idle_timeout = config_data | item('NSX.conn_idle_timeout') %} {% if conn_idle_timeout is defined %} # The amount of time in seconds to wait before ensuring connectivity to the NSX # manager if no Manager connection has been used. conn_idle_timeout = "{{ conn_idle_timeout }}" {% endif %} {%- set default_bridge_cluster = config_data | item('NSX.default_bridge_cluster_uuid') %} {% if default_bridge_cluster is defined %} # The UUID or name of the default NSX bridge cluster that is used to perform L2 # gateway bridging between VXLAN and VLAN networks. If the default bridge # cluster UUID is not specified, the administrator has to manually create a L2 # gateway corresponding to an NSX Bridge Cluster using L2 gateway APIs. This # field must be specified on one of the active Neutron servers only. default_bridge_cluster = "{{ default_bridge_cluster }}" {% endif %} [NSX] {%- set qos_peak_bw_multiplier = config_data | item('NSX.qos_peak_bw_multiplier') %} {% if qos_peak_bw_multiplier is defined %} # The QoS rules peak bandwidth value will be the configured maximum # bandwidth of the QoS rule, multiplied by this value. Value must be # bigger than 1. Default is 2. qos_peak_bw_multiplier = "{{ qos_peak_bw_multiplier }}" {% endif %} [DEFAULT] {%- if native_dhcp_metadata %} # DHCP agent notification needs to be turned off if native DHCP is used. dhcp_agent_notification = "False" {% endif %} {%- set locking_coordinator_url = config_data | item('NSX.locking_coordinator_url') %} {% if locking_coordinator_url is defined %} # URL for distributed locking coordination resource for lock. locking_coordinator_url = "{{ locking_coordinator_url }}" {% endif %} {%- set ed_list = VMW_NSXT | get_provided_data_values('nsx_extension_drivers', default=[]) -%} {%- if ed_list|length > 0 %} # NSX-T specific extension drivers nsx_extension_drivers = {{ ed_list | unique | join(',') }} {%- endif -%} 0707010000001A000081A40000000000000000000000015D82725500000F85000000000000000000000000000000000000006700000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/templates/nsxv.ini.j2# # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # [nsxv] manager_uri = "{{ config_data | item('NSX.manager_uri', default='') }}" user = "{{ config_data | item('NSX.user', default='') }}" password = "{{ config_data | item('NSX.password', default='') | openstack_user_password_decrypt }}" datacenter_moid = "{{ config_data | item('NSX.datacenter_moid', default='') }}" cluster_moid = "{{ config_data | item('NSX.cluster_moid', default='') }}" resource_pool_id = "{{ config_data | item('NSX.resource_pool_id', default='') }}" {% set ds_id = config_data | item('NSX.datastore_id', default='') -%} {%- set datastore_id_tokens = ['datastore_id', '=', "\"" + ds_id + "\""] -%} {%- if ds_id | length > 0 -%} {{ datastore_id_tokens | join(' ') }} {%- endif %} vdn_scope_id = "{{ config_data | item('NSX.vdn_scope_id', default='') }}" {% set dvs_id = config_data | item('NSX.dvs_id', default='') -%} {%- set dvs_id_tokens = ['dvs_id', '=', "\"" + dvs_id + "\""] -%} {%- if dvs_id | length > 0 -%} {{ dvs_id_tokens | join(' ') }} {%- endif %} backup_edge_pool = {{ config_data | item('NSX.backup_edge_pool', default='service:compact:4:10,vdr:compact:4:10') }} {% set en_id = config_data | item('NSX.external_network', defaults='') -%} {%- set en_id_tokens = ['external_network', '=', "\"" + en_id + "\""] -%} {%- if en_id | length > 0 -%} {{ en_id_tokens | join(' ') }} {%- endif %} {% if VMW_NSXV is defined and VMW_NSXV.consumes_NOV_MTD is defined and NOV_MTD is defined %} nova_metadata_port = {{ VMW_NSXV | item('consumes_NOV_MTD.vips.private.0.port') }} nova_metadata_ips = {{ VMW_NSXV | item('consumes_NOV_MTD.vips.private.0.ip_address') }} metadata_shared_secret = "{{ NOV_MTD | item('vars.metadata_proxy_shared_secret') }}" {% else %} nova_metadata_port = 8775 nova_metadata_ips = {{ NEU_SVR | item('consumes_NOV_API.vips.private.0.host') if NEU_SVR is defined }} metadata_shared_secret = "" {% endif %} {% set mnpn = config_data | item('NSX.mgt_net_proxy_netmask', default='') -%} {%- set mnpn_tokens = ['mgt_net_proxy_netmask', '=', mnpn] -%} {%- if mnpn | length > 0 -%} {{ mnpn_tokens | join(' ') }} {%- endif %} {% set mnpi = config_data | item('NSX.mgt_net_proxy_ips', default='') -%} {%- set mnpi_tokens = ['mgt_net_proxy_ips', '=', "\"" + mnpi + "\""] -%} {%- if mnpi | length > 0 -%} {{ mnpi_tokens | join(' ') }} {%- endif %} {% set mnm = config_data | item('NSX.mgt_net_moid', default='') -%} {%- set mnm_tokens = ['mgt_net_moid', '=', "\"" + mnm + "\""] -%} {%- if mnm | length > 0 -%} {{ mnm_tokens | join(' ') }} {%- endif %} {% for item in NEU_SVR.consumes_FND_MDB.members.mysql_gcomms %} {%- if loop.index is even and item.ardana_ansible_host != host.my_ardana_ansible_name -%} metadata_initializer = false {%- endif %} {% endfor %} {% set ca_file_tokens = ['ca_file', '='] -%} {%- do ca_file_tokens.append(config_data | item('NSX.ca_file', default='')) -%} {%- if ca_file_tokens[2] | length > 0 -%} {{ ca_file_tokens | join(' ') }} {%- endif %} insecure = {{ config_data | item('NSX.insecure', default='True') }} edge_ha = {{ config_data | item('NSX.edge_ha', default='False') }} spoofguard_enabled = {{ config_data | item('NSX.spoofguard_enabled', default='True') }} exclusive_router_appliance_size = {{ config_data | item('NSX.exclusive_router_appliance_size', default='compact') | lower }} # Add customizations here. # Do not add anything after this line 0707010000001B000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000006400000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/templates/policy.d0707010000001C000081A40000000000000000000000015D827255000009AA000000000000000000000000000000000000007A00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/templates/policy.d/neutron-fwaas.json.j2{# # # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} { "shared_firewalls": "field:firewalls:shared=True", "shared_firewall_policies": "field:firewall_policies:shared=True", "shared_firewall_rules": "field:firewall_rules:shared=True", "create_firewall": "", "update_firewall": "rule:admin_or_owner", "delete_firewall": "rule:admin_or_owner", "create_firewall:shared": "rule:admin_only", "update_firewall:shared": "rule:admin_only", "delete_firewall:shared": "rule:admin_only", "get_firewall": "rule:admin_or_owner or rule:shared_firewalls", "shared_firewall_groups": "field:firewall_groups:shared=True", "shared_firewall_policies": "field:firewall_policies:shared=True", "shared_firewall_rules": "field:firewall_rules:shared=True", "create_firewall_group": "", "update_firewall_group": "rule:admin_or_owner", "delete_firewall_group": "rule:admin_or_owner", "create_firewall_group:shared": "rule:admin_only", "update_firewall_group:shared": "rule:admin_only", "delete_firewall_group:shared": "rule:admin_only", "get_firewall_group": "rule:admin_or_owner or rule:shared_firewall_groups", "create_firewall_policy": "", "update_firewall_policy": "rule:admin_or_owner", "delete_firewall_policy": "rule:admin_or_owner", "create_firewall_policy:shared": "rule:admin_only", "update_firewall_policy:shared": "rule:admin_only", "delete_firewall_policy:shared": "rule:admin_only", "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies", "create_firewall_rule": "", "update_firewall_rule": "rule:admin_or_owner", "delete_firewall_rule": "rule:admin_or_owner", "create_firewall_rule:shared": "rule:admin_only", "update_firewall_rule:shared": "rule:admin_only", "delete_firewall_rule:shared": "rule:admin_only", "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewall_rules" } 0707010000001D000081A40000000000000000000000015D827255000004F3000000000000000000000000000000000000007400000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/templates/policy.d/routers.json.j2{# # # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} { "create_router:distributed": "rule:admin_or_owner", "get_router:distributed": "rule:admin_or_owner", "update_router:distributed": "rule:admin_or_owner", "get_router:ha": "rule:admin_only", "create_router": "rule:regular_user", "create_router:external_gateway_info:enable_snat": "rule:admin_or_owner", "create_router:ha": "rule:admin_only", "get_router": "rule:admin_or_owner", "update_router:external_gateway_info:enable_snat": "rule:admin_or_owner", "update_router:ha": "rule:admin_only", "delete_router": "rule:admin_or_owner", "add_router_interface": "rule:admin_or_owner", "remove_router_interface": "rule:admin_or_owner", } 0707010000001E000081A40000000000000000000000015D82725500000396000000000000000000000000000000000000007C00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/templates/policy.d/security-groups.json.j2{# # # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} { "create_security_group:logging": "rule:admin_only", "update_security_group:logging": "rule:admin_only", "get_security_group:logging": "rule:admin_only", "create_security_group:provider": "rule:admin_only", "create_security_group:policy": "rule:admin_only", "update_security_group:policy": "rule:admin_only", } 0707010000001F000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000005600000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/vars07070100000020000081A40000000000000000000000015D827255000002CD000000000000000000000000000000000000006100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/vars/debian.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. #--- # Contains packages needed by all the vmware-nsx role, specific to debian Systems required_neutronclient_packages: - python-vmware-nsx 07070100000021000081A40000000000000000000000015D8272550000048C000000000000000000000000000000000000006100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/vars/redhat.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. --- # Contains packages needed by the vmware-nsx role, specific to RedHat Systems required_neutronclient_packages: - python-vmware-nsx nsxt_os_type: "{{ (ansible_distribution | lower == 'centos') | ternary('CENTOSKVM', 'RHELKVM') }}" nsxt_node_required_packages: - PyYAML - c-ares - gperftools-libs - initscripts - libev - libunwind - libvirt-libs - libyaml - python-beaker - python-gevent - python-greenlet - python-mako - python-markupsafe - python-netaddr - python-paste - python-tempita - redhat-lsb-core - wget ifcfg_prefix: "{{ rhel_prefix}}" 07070100000022000081A40000000000000000000000015D827255000003C8000000000000000000000000000000000000005F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/ansible/roles/vmware-nsx/vars/suse.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. --- # packages listed here will be installed by NSX neutronclient command extensions required_neutronclient_packages: - python-vmware-nsx nsxt_os_type: SLESKVM nsxt_node_required_packages: - libcap-progs - libvirt-libs - libunwind - lsb-release - lsof - net-tools - python-netaddr - python-PyYAML - python-simplejson - wget - tcpdump ifcfg_prefix: "{{ suse_prefix}}" 07070100000023000041ED0000000000000000000000035D82725500000000000000000000000000000000000000000000004100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples07070100000024000041ED0000000000000000000000045D82725500000000000000000000000000000000000000000000004800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models07070100000025000041ED0000000000000000000000035D82725500000000000000000000000000000000000000000000005900000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt07070100000026000081A40000000000000000000000015D82725500001788000000000000000000000000000000000000006300000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/README.md (c) Copyright 2019 SUSE LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ## Ardana Single region Entry Scale Cloud with ESX + NSX-T Example ## The input files in this example deploy a cloud with both ESX and KVM hypervisors that uses NSX-T networking with has the following characteristics: ### Compute Proxy Nodes ### - One single server that runs the Nova ESX compute proxy. There should be one node per ESX resource pool. The proxy nodes can be ESX virtual machines. When running as VMs, they should be in a HA cluster. Do not image the VMs serving as compute proxy nodes. Use the nodelist option with bm-reimage.yml playbook to avoid imaging them. - It is assumed that vCenter and NSX-T are properly configured so that ESX computes networking is automatically managed without any specific configuration action needed by Ardana. ### NSX-T KVM transport node ### - One KVM compute server that will be configured as transport node through NSX-T manager. This is indicated via the optional ***vmware-nsxt-node*** service component. If not specified, the transport node will be assumed as being already configured. If specified but already configured before deployment, it will be verified that the transport node is in the expected transport zone. ### Control Planes ### - A single control plane consisting of three servers that co-host all of the other required openstack services. ### Deployer Node ### This configuration runs the lifecycle-manager (formerly referred to as the deployer) on a control plane node. You need to include this node address in your servers.yml definition. This function does not need a dedicated network. The minimum server count for this example is therefore 4 servers (Control Plane (x3) for Openstack services + 1 activated vCenter cluster having at least 1 host, for vCenter appliance, NSX Manager, and ESX compute proxy VMs). An example set of servers are defined in ***data/servers.yml***. You will need to modify this file to reflect your specific environment. ### Networking ### The example requires the following networks: IPMI/iLO network, connected to the deployer and the IPMI/iLO ports of all servers A pair of bonded NICs which are used by the following networks: - EXTERNAL-API - This is the network that users will use to make requests to the cloud - INTERNAL-API - This is the network that will be used to access the ESX metadata proxy servers - MANAGEMENT - This is the network that will be used for all internal traffic between the cloud services and traffic between VMs on private networks within the cloud Additionally, for KVM compute nodes, one or more NICs specified for completness sake as TRUNK network that NSX-T will use for overlay networks. The Data Center Management network, which hosts the vCenter server and the NSX-T manager, must be reachable from the Cloud Management network so that the controllers and compute proxy nodes can communicate with them. An example set of networks are defined in ***data/networks.yml***. You will need to modify this file to reflect your environment. The example uses the devices hed3 & hed4 as a bonded network for all services. If you need to modify these for your environment they are defined in ***data/net_interfaces.yml***. The network devices eth3 & eth4 are renamed to devices hed3 & hed4 using the PCI bus mappings specified in ***data/nic_mappings.yml***. You may need to modify the PCI bus addresses to match your system. ### Adapting the entry-scale model to fit your environment ### The minimum set of changes you need to make to adapt the model for your environment are: - Update servers.yml to list the details of your bare metal servers (i.e, ILO access info). You need to perform this step if you are using the Ardana supplied Cobber playbooks to install Linux on your servers. - Update the networks.yml file to replace network CIDRs and VLANs with site specific values - Update the nic_mappings.yml file to ensure that network devices are mapped to the correct physical port(s) - Review the disk models (disks_*.yml) and confirm that the associated servers have the number of disks required by the disk model. The device names in the disk models might need to be adjusted to match the probe order of your servers. Disk models are provided as follows: - DISK SET CONTROLLER: Minimum 1 disk - DISK SET COMPUTE NODE DISKS: This is the disks used on the ESX compute proxy nodes. Each node is a ESX VM. ESX VM is expected to create 1 virtual disk for each VM. - Update the net interfaces.yml file to match the server NICs used in your configuration. This file has a separate interface model definition for each of the following: - INTERFACE SET CONTROLLER - INTERFACE SET ESX-COMPUTE *DISK_SET used by Nova compute proxy is not recommanded to modify by user* ## The NSX Configuration Data ## The NSX Configuration data file data/nsx/nsx_config.yml contains the information on the NSX installation needed to configure neutron to use the NSX-T core-plugin. See the comments for the parameter descriptions. ## The pass_through.yml File ## The ESX compute proxy needs to have the information in pass_through.yml in order to configure itself. Additionaly, the KVM compute nodes that include the component ***vmware-nsxt-node*** need to have information specified in order to configure them as transport nodes in NSX-T Manager. See the comments for the parameter descriptions. 07070100000027000081A40000000000000000000000015D82725500000995000000000000000000000000000000000000006900000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/cloudConfig.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 cloud: name: entry-scale-nsxt # The following values are used when # building hostnames hostname-data: host-prefix: ardana member-prefix: -m # List of ntp servers for your site ntp-servers: # - "ntp-server1" # - "ntp-server2" # dns resolving configuration for your site # refer to resolv.conf for details on each option dns-settings: # nameservers: # - name-server1 # - name-server2 # - name-server3 # # domain: sub1.example.net # # search: # - sub1.example.net # - sub2.example.net # # sortlist: # - 192.168.160.0/255.255.240.0 # - 192.168.0.0 # # # option flags are '<name>:' to enable, remove to unset # # options with values are '<name>:<value>' to set # # options: # debug: # ndots: 2 # timeout: 30 # attempts: 5 # rotate: # no-check-names: # inet6: smtp-settings: # server: mailserver.examplecloud.com # port: 25 # timeout: 15 # These are only needed if your server requires authentication # user: # password: # Generate firewall rules firewall-settings: enable: true # log dropped packets logging: true # Disc space needs to be allocated to the audit directory before enabling # auditing. # Default can be either "disabled" or "enabled". Services listed in # "enabled-services" and "disabled-services" override the default setting. audit-settings: audit-dir: /var/audit default: disabled #enabled-services: # - keystone # - barbican disabled-services: - nova - barbican - keystone - cinder - ceilometer - neutron - swift 07070100000028000041ED0000000000000000000000055D82725500000000000000000000000000000000000000000000005E00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data07070100000029000081A40000000000000000000000015D82725500001036000000000000000000000000000000000000007000000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/control_plane.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 control-planes: - name: control-plane-1 control-plane-prefix: cp1 region-name: region1 failure-zones: - AZ1 - AZ2 - AZ3 configuration-data: - DESIGNATE-CONFIG-CP1 - NSXT-CONFIG-CP1 - SWIFT-CONFIG-CP1 common-service-components: - logging-rotate - logging-producer - monasca-agent - stunnel - lifecycle-manager-target clusters: - name: cluster1 cluster-prefix: c1 server-role: CONTROLLER-ROLE member-count: 3 allocation-policy: strict service-components: - lifecycle-manager - tempest - ntp-server - swift-ring-builder - mysql - ip-cluster - apache2 - keystone-api - keystone-client - rabbitmq - glance-api - glance-registry - glance-client - cinder-api - cinder-scheduler - cinder-volume - cinder-backup - cinder-client - nova-api - nova-placement-api - nova-scheduler - nova-conductor - nova-console-auth - nova-novncproxy - nova-client - neutron-server - vmware-nsxt - neutron-client - horizon - swift-proxy - memcached - swift-account - swift-container - swift-object - swift-client - heat-api - heat-api-cfn - heat-engine - heat-client - openstack-client - ceilometer-api - ceilometer-polling - ceilometer-agent-notification - ceilometer-common - ceilometer-client - zookeeper - kafka - spark - cassandra - storm - monasca-api - monasca-persister - monasca-notifier - monasca-threshold - monasca-client - monasca-transform - logging-server - ops-console-web - barbican-api - barbican-client - barbican-worker - designate-api - designate-central - designate-producer - designate-worker - designate-mdns - designate-client - bind - magnum-api - magnum-conductor # If NSXT native metadata is enabled, set here the same secret as # in the NSXT metadata proxy configuration. Or do not specify a # secret here and update the NSXT metadata proxy configuration # with the secret generated by the configuration processor. #- nova-metadata: # metadata_proxy_shared_secret: secret resources: - name: compute resource-prefix: comp server-role: COMPUTE-ROLE allocation-policy: any min-count: 0 service-components: - ntp-client - nova-compute - nova-compute-kvm - vmware-nsxt-node - name: esx-compute resource-prefix: esx-comp server-role: ESX-COMPUTE-ROLE allocation-policy: any service-components: - nova-esx-compute-proxy - nova-compute - ntp-client 0707010000002A000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000006800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/designate0707010000002B000081A40000000000000000000000015D82725500000379000000000000000000000000000000000000007D00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/designate/designate_config.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 configuration-data: - name: DESIGNATE-CONFIG-CP1 services: - designate data: dns_domain: example.org. ns_records: - hostname: ns1.example.org. priority: 1 - hostname: ns2.example.org. priority: 2 0707010000002C000081A40000000000000000000000015D8272550000049D000000000000000000000000000000000000007500000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/disks_compute_node.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 disk-models: - name: COMPUTE-NODE-DISKS # Disk model to be used for compute nodes # /dev/sda_root is used as a volume group for /, /var/log and /var/crash # Additional disks can be added to either volume group volume-groups: - name: cpn-vg physical-volumes: - /dev/sda_root logical-volumes: - name: root size: 80% fstype: ext4 mount: / - name: LV_CRASH size: 15% mount: /var/crash fstype: ext4 mkfs-opts: -O large_file 0707010000002D000081A40000000000000000000000015D82725500001963000000000000000000000000000000000000007700000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/disks_controller_1TB.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 disk-models: - name: CONTROLLER-1TB-DISKS # This example is based on using a single 1TB disk for a volume # group that contains all file systems on a controller with 64GB # of memory. # # Additional disks can be added to the 'physical-volumes' section. # # volume-groups: - name: ctlr-vg physical-volumes: # NOTE: 'sda_root' is a templated value. This value is checked in # os-config and replaced by the partition actually used on sda #e.g. sda1 or sda5 - /dev/sda_root # Add any additional disks for the volume group here # -/dev/sdx # -/dev/sdy logical-volumes: # The policy is not to consume 100% of the space of each volume group. # At least 5% should be left free for snapshots. This example leaves 18% # free to allow for some flexibility. - name: root size: 6% fstype: ext4 mount: / # Reserved space for kernel crash dumps # Should evaluate to a value that is slightly larger than # the memory size of your server - name: crash size: 6% mount: /var/crash fstype: ext4 mkfs-opts: -O large_file # Local Log files. Depending on your retention policy # log files can require significant disc space - name: log size: 16% mount: /var/log fstype: ext4 mkfs-opts: -O large_file # Mysql Database. All persistent state from OpenStack services # is saved here. Although the individual objects are small the # accumulated data can grow over time - name: mysql size: 6% mount: /var/lib/mysql fstype: ext4 mkfs-opts: -O large_file consumer: name: mysql # Rabbitmq works mostly in memory, but needs to be able to persist # messages to disc under high load. This area should evaluate to a value # that is slightly larger than the memory size of your server - name: rabbitmq size: 7% mount: /var/lib/rabbitmq fstype: ext4 mkfs-opts: -O large_file consumer: name: rabbitmq rabbitmq_env: home # Database storage for event monitoring and metering data (Monasca). - name: cassandra_db size: 19% mount: /var/cassandra/data fstype: ext4 mkfs-opts: -O large_file consumer: name: cassandra - name: cassandra_log size: 1% mount: /var/cassandra/commitlog fstype: ext4 mkfs-opts: -O large_file consumer: name: cassandra # Messaging system for monitoring and logging. - name: kafka size: 7% mount: /var/kafka fstype: ext4 mkfs-opts: -O large_file consumer: name: kafka # Data storage for centralized logging. This holds log entries from all # servers in the cloud and hence can require a lot of disk space. - name: elasticsearch size: 13% mount: /var/lib/elasticsearch fstype: ext4 # Zookeeper is used to provide cluster co-ordination in the monitoring # system. Although not a high user of disc space we have seen issues # with zookeeper snapshots filling up filesystems so we keep it in its # own space for stability. - name: zookeeper size: 1% mount: /var/lib/zookeeper fstype: ext4 consumer: name: os # Cinder: cinder volume needs temporary local filesystem space to convert # images to raw when creating bootable volumes. Using a separate volume # will both ringfence this space and avoid filling / # The size should represent the raw size of the largest image times # the number of concurrent bootable volume creations. # The logical volume can be part of an existing volume group or a # dedicated volume group. # - name: cinder-vg # physical-volumes: # - /dev/sdx # logical-volumes: # - name: cinder_image # size: 5% # mount: /var/lib/cinder # fstype: ext4 # Glance cache: if a logical volume with consumer usage 'glance-cache' # is defined Glance caching will be enabled. The logical volume can be # part of an existing volume group or a dedicated volume group. # - name: glance-vg # physical-volumes: # - /dev/sdx # logical-volumes: # - name: glance-cache # size: 95% # mount: /var/lib/glance/cache # fstype: ext4 # mkfs-opts: -O large_file # consumer: # name: glance-api # usage: glance-cache # Audit: Audit logs can consume significant disc space. If you # are enabling audit then it is recommended that you use a dedicated # disc. # - name: audit-vg # physical-volumes: # - /dev/sdz # logical-volumes: # - name: audit # size: 95% # mount: /var/audit # fstype: ext4 # mkfs-opts: -O large_file # Additional disk group defined for Swift device-groups: - name: swiftobj devices: - name: /dev/sdb - name: /dev/sdc # Add any additional disks for swift here # -name: /dev/sdd # -name: /dev/sde consumer: name: swift attrs: rings: - account - container - object-0 0707010000002E000081A40000000000000000000000015D827255000006E3000000000000000000000000000000000000007100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/firewall_rules.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 # # Ardana will create firewall rules to enable the required access for # all of the deployed services. Use this section to define any # additional access. # # Each group of rules can be applied to one or more network groups # Examples are given for ping and ssh # # Names of rules, (e.g. "PING") are arbitrary and have no special significance # firewall-rules: - name: SSH # network-groups is a list of all the network group names # that the rules apply to network-groups: - MANAGEMENT - INTERNAL-API rules: - type: allow # range of remote addresses in CIDR format that this # rule applies to remote-ip-prefix: 0.0.0.0/0 port-range-min: 22 port-range-max: 22 # protocol must be one of: null, tcp, udp or icmp protocol: tcp - name: PING network-groups: - MANAGEMENT - EXTERNAL-API - INTERNAL-API rules: # open ICMP echo request (ping) - type: allow remote-ip-prefix: 0.0.0.0/0 # icmp type port-range-min: 8 # icmp code port-range-max: 0 protocol: icmp 0707010000002F000081A40000000000000000000000015D82725500000926000000000000000000000000000000000000007100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/net_interfaces.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 interface-models: # # Edit the device names and bond options # to match your environment # - name: CONTROLLER-INTERFACES network-interfaces: - name: BOND0 device: name: bond0 bond-data: options: mode: active-backup miimon: 200 primary: hed3 provider: linux devices: - name: hed3 - name: hed4 network-groups: - MANAGEMENT - EXTERNAL-API - INTERNAL-API - name: COMPUTE-INTERFACES network-interfaces: - name: hed1 device: name: hed1 network-groups: - TRUNK - name: hed2 device: name: hed2 network-groups: - TRUNK - name: BOND0 device: name: bond0 bond-data: options: mode: active-backup miimon: 200 primary: hed3 provider: linux devices: - name: hed3 - name: hed4 network-groups: - MANAGEMENT - EXTERNAL-API - INTERNAL-API - name: ESX-COMPUTE-INTERFACES network-interfaces: - name: eth0 device: name: eth0 forced-network-groups: - EXTERNAL-API - name: eth1 device: name: eth1 forced-network-groups: - MANAGEMENT - name: eth2 device: name: eth2 forced-network-groups: - INTERNAL-API 07070100000030000081A40000000000000000000000015D827255000010E8000000000000000000000000000000000000007100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/network_groups.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 network-groups: # # External API # # This is the network group that users will use to # access the public API endpoints of your cloud # - name: EXTERNAL-API hostname-suffix: extapi component-endpoints: - bind-ext load-balancers: - provider: ip-cluster name: extlb # If external-name is set then public urls in keystone # will use this name instead of the IP address. # You must either set this to a name that can be resolved in your network # or comment out this line to use IP addresses # external-name: tls-components: - default roles: - public cert-file: my-public-entry-scale-esx-nsx-cert # This is the name of the certificate that will be used on load balancer. # Ardana will look for a file with this name in the config/tls/certs directory. # This is the certificate that matches your setting for external-name # # Note that it is also possible to have per service certificates: # # cert-file: # default: my-public-entry-scale-esx-nsx-cert # horizon: my-horizon-cert # nova-api: my-nova-cert # # The configuration-processor will also create a request templates for each # named certificates under # "info/cert_reqs/" # # And this will be of the form # # info/cert_reqs/my-public-entry-scale-esx-nsx-cert # info/cert_reqs/my-horizon-cert # info/cert_reqs/my-nova-cert # # These request templates contain the subject Alt-names that # the certificates need. A customer can add to this template # before generating their Certificate Signing Request (CSR). # They would then send the CSR to their CA to be signed and # receive the certificate, which can then be dropped into # "config/tls/certs". # # When you bring in your own certificate you may want to bring # in the trust chains (or CA certificate) for this certificate. # This is usually not required if the CA is a public signer that # gets bundled by the system. However, we suggest you include it # into Ardana anyway by copying the file into the directory # "config/cacerts/". # Note that the file extension should be .crt or it will not # be processed by Ardana. # # # Management # # This is the network group that will be used to for # management traffic within the cloud. # # The interface used by this group will be presented # to Neutron as physnet1, and used by tenant VLANS # - name: MANAGEMENT hostname-suffix: mgmt hostname: true component-endpoints: - lifecycle-manager - lifecycle-manager-target routes: - default ## ## TRUNK ## ## This is the network group that will be used for ## trunk network on the OVSvApp service VM. ## The trunk network is used to apply security ## group rules on tenant traffic. - name: TRUNK hostname-suffix: trunk # # INTERNAL-API # - name: INTERNAL-API tls-component-endpoints: - barbican-api component-endpoints: - default load-balancers: - provider: ip-cluster name: lb tls-components: - default components: - nova-metadata roles: - internal - admin cert-file: ardana-internal-cert 07070100000031000081A40000000000000000000000015D8272550000067D000000000000000000000000000000000000006B00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/networks.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 networks: # # This example uses the following networks # # Network CIDR VLAN # ------- ---- ---- # External API 10.0.1.0/24 101 (tagged) # Internal API 192.168.50.0/23 102 (tagged) # Management 192.168.10.0/24 100 (untagged) # Trunk untagged # # Modify these values to match your environment # - name: EXTERNAL-API-NET vlanid: 101 tagged-vlan: true cidr: 10.0.1.0/24 gateway-ip: 10.0.1.1 network-group: EXTERNAL-API - name: MANAGEMENT-NET tagged-vlan: false vlanid: 100 cidr: 192.168.10.0/24 gateway-ip: 192.168.10.1 network-group: MANAGEMENT addresses: - 192.168.10.1-192.168.10.250 - name: TRUNK-NET tagged-vlan: false network-group: TRUNK - name: INTERNAL-API-NET vlanid: 102 cidr: 192.168.50.0/24 tagged-vlan: true network-group: INTERNAL-API addresses: - 192.168.50.4-192.168.50.250 07070100000032000081A40000000000000000000000015D82725500000B75000000000000000000000000000000000000006F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/nic_mappings.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 # nic-mappings are used to ensure that the device name used by the # operating system always maps to the same physical device. # A nic-mapping is associated to a server in the server definition. # The logical-name specified here can be used as a device name in # the network interface-models definitions. # # - name user-defined name for each mapping # physical-ports list of ports for this mapping # - logical-name device name to be used by the operating system # type physical port type # bus-address bus address of the physical device # # Notes: # - The PCI bus addresses are examples. You will need to determine # the values pertinent to your servers. These can be found with the # the `lspci` command or from the server BIOS # - enclose the bus address in quotation marks so yaml does not # misinterpret the embedded colon (:) characters # - simple-port is the only currently supported port type # - choosing a new device name prefix (e.g. 'eth' -> 'hed') will # help prevent remapping errors nic-mappings: - name: ESXI_VMXNET3_4PORT physical-ports: - logical-name: hed1 type: simple-port bus-address: "0000:06:00.0" - logical-name: hed2 type: simple-port bus-address: "0000:07:00.0" - logical-name: hed3 type: simple-port bus-address: "0000:08:00.0" - logical-name: hed4 type: simple-port bus-address: "0000:09:00.0" - name: MY-4PORT-SERVER physical-ports: - logical-name: hed1 type: simple-port bus-address: "0000:06:00.0" - logical-name: hed2 type: simple-port bus-address: "0000:07:00.0" - logical-name: hed3 type: simple-port bus-address: "0000:08:00.0" - logical-name: hed4 type: simple-port bus-address: "0000:09:00.0" - name: ESXI-COMPUTE-3PORT physical-ports: - logical-name: eth0 type: simple-port bus-address: "0000:06:00.0" - logical-name: eth1 type: simple-port bus-address: "0000:07:00.0" - logical-name: eth2 type: simple-port bus-address: "0000:08:00.0" 07070100000033000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000006200000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/nsx07070100000034000081A40000000000000000000000015D82725500001F3C000000000000000000000000000000000000007100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/nsx/nsx_config.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 configuration-data: - name: NSXT-CONFIG-CP1 services: - nsx data: # (Required) nsx_flavor. Set to 'nsxt' nsx_flavor: 'nsxt' # (Required) URL for NSXv manager (e.g - https://management_ip). # The IP address of one or more NSX Managers separated by commas nsx_api_managers: 'https://<nsx-mgr-ip>:<port>' # (Required) username to login to the NSX Manager API. nsx_api_user: 'admin' # (Required) Encrypted NSX Manager API password. # Password encryption is done by the script # ~/openstack/ardana/ansible/ardanaencrypt.py on the deployer: # # $ cd ~/openstack/ardana/ansible # $ export ARDANA_USER_PASSWORD_ENCRYPT_KEY=<encryption key> # $ ./ardanaencrypt.py # # The script will prompt for the NSX Manager password. The string # generated is the encrypted password. Enter the string enclosed # by double-quotes below. nsx_api_password: "<encrypted-nsx-mgr-passwd-from-ardanaencrypt>" # (Required) default_overlay_tz_uuid: # UUID of the default NSX overlay transport zone that will be used # for creating tunneled isolated Neutron networks. If no physical # network is specifed when creating a logical network, this transport # zone will be used by default. default_overlay_tz_uuid: '<a-uuid>' # (Optional) dns_domain # Domain to use for building the hostnames. # dns_domain: 'domain' # (Optional) default_vlan_tz_uuid # Only required when creating VLAN or flat provider networks. UUID of default # NSX VLAN transport zone that will be used for bridging between Neutron networks, # if no physical network has been specified. # default_vlan_tz_uuid: '<a-uuid>' # (Optional) default_edge_cluster_uuid: # Default Edge Cluster Identifier # default_edge_cluster_uuid: '<a-uuid>' # (Optional) retries # Maximum number of times to retry API requests upon stale # revision errors. # retries: 3 # (Optional) insecure: # If true (default), the NSXv server certificate is not verified. # If false, then the default CA truststore is used for verification. # This option is ignored if "ca_file" is set # (Required) datacenter id for edge deployment. # insecure: True # (Optional) ca_file: Name of the certificate file. If insecure is set to True, # then this parameter is ignored. If insecure is set to False and this # parameter is not defined, then the system root CAs will be used # to verify the server certificate. # ca_file: a/nsx/certificate/file # (Optional) http_timeout: # Seconds before aborting a HTTP connection to a NSX manager. # http_timeout: 60 # (Optional) http_read_timeout: # Seconds before aborting a HTTP read response from a NSX Manager # http_read_timeout: 60 # (Optional) http_retries # Maximum number of times to retry a HTTP connection # http_retries: 5 # (Optional) Maximum number of connections to each NSX manager # concurrent_connections: 10 # (Optional) conn_idle_timeout # Seconds to wait before ensuring connectivity to the NSX manager # if no manager connection has been used # conn_idle_timeout: 120 # (Optional) default_tier0_router_uuid # UUID of the default tier0 router that will be used for connecting # to tier1 logical routers and configuring external networks. # default_tier0_router_uuid: '<a-uuid>' # (Optional) default_bridge_cluster_uuid # UUID of the default NSX bridge cluster that will be used to perform # L2 gateway bridging between VXLAN and VLAN networks. If not # specified, the admin will # have to create a L2 gateway # corresponding to a NSX bridge cluster using L2 gateway # API. This # field must be specified on one of the active Neutron servers only. # default_bridge_cluster_uuid: '<a-uuid>' # (Optional) number_of_nested_groups # The number of nested groups which are used by the plugin, each # neutron security-group is added to one nested group and each nested # group can contain a maximum of 500 security-groups. Therefore, the # maximum of security groups that can be created is 500 * # number_of_nested_groups. The defult is 8 nested groups, which # allows a maximum of 4000 security-groups # number_of_nested_groups: 8 # (Optional) metadata_mode # Acceptable values are # access_network : enables a dedicated connection to the metadata # proxy for metadata server access via Neutron router. # dhcp_host_route : enables host route injection via the dhcp agent. # This option is only useful if running on a host that does not # support namespaces otherwise access_network should be used. # metadata_mode: '<metadata-mode>' # (Optional) metadata_on_demand # If True, an internal metadata network is created for a router # only when the router is attached to a DHCP-disabled subnet. # metadata_on_demand: 'False' # (Optional) native_dhcp_metadata # If true, DHCP and metadata proxy services will be provided by NSX. # native_dhcp_metadata: True # Note: uncomment dhcp_profile_uuid and metadata_proxy_uuid # if native_dhcp_metadata is True # (Optional) metadata_proxy_uuid # The UUID of the NSX Metadata Proxy that is used to enable native # metadata service. It needs to be created in NSX before starting # Neutron with the NSX plugin. (Uncomment if native_dhcp_metadata is True) # metadata_proxy_uuid: '<metadata-proxy-uuid-from-nsx-manager>' # (Optional) dhcp_profile_uuid # The UUID of the NSX DHCP Profile that is used to enable native # DHCP service. It needs to be created in NSX before starting # Neutron with the NSX plugin (Uncomment if native_dhcp_metadata is True) # dhcp_profile_uuid: '<dhcp-profile-uuid-from-nsx-mgr>' # (Optional) dhcp_lease_time # The amount of seconds an IP address assigned by NSX's dhcp server will # be valid. Default value is 86400. # dhcp_lease_time: 86400 # (Optional) dhcp_relay_service # Name or UUID of the NSX dhcp relay service that will be used to # enable DHCP relay on router ports # dhcp_relay_service: '<dhcp-relay-service-uuid>' # (Optional): locking_coordinator_url # URL for distributed locking coordination resource for lock manager. # This value is passed as a parameter to tooze coordinator. By # default, value is None and oslo_concurrentcy is used for single- # node lock management. Default is None. # locking_coordinator_url: None # # (Optional): qos_peak_bw_multiplier # The QoS rules peak bandwidth value will be the configured maximum # bandwidth of the QoS rule, multiplied by this value. Value must be # bigger than 1. Default is 2. # qos_peak_bw_multiplier: 2 07070100000035000081A40000000000000000000000015D82725500000B2F000000000000000000000000000000000000006F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/pass_through.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 pass-through: global: vmware: - username: <vcenter-admin-username> ip: <vcenter-ip> port: 443 cert_check: false # The password needs to be encrypted using the script # openstack/ardana/ansible/ardanaencrypt.py on the deployer: # # $ cd ~/openstack/ardana/ansible # $ export ARDANA_USER_PASSWORD_ENCRYPT_KEY=<encryption key> # $ ./ardanaencrypt.py # # The script will prompt for the vCenter password. The string # generated is the encrypted password. Enter the string # enclosed by double-quotes below. password: "<encrypted-passwd-from-ardanaencrypt>" # The id is is obtained by the URL # https://<vcenter-ip>/mob/?moid=ServiceInstance&doPath=content%2eabout, # field instanceUUID. id: <vcenter-uuid> servers: - # Here the 'id' refers to the name of the node running the # esx-compute-proxy. This is identical to the 'servers.id' in # servers.yml. There should be one esx-compute-proxy node per ESX # resource pool. id: esx-compute1 data: vmware: vcenter_cluster: <vmware cluster1 name> vcenter_id: <vcenter-uuid> - id: esx-compute2 data: vmware: vcenter_cluster: <vmware cluster2 name> vcenter_id: <vcenter-uuid> - # In case of an NSX-T deployment, specefic parameters need to be # speciefied to register a KVM compute with the manager. As before, # 'id' refers to the 'servers.id' in servers.yml. id: compute1 data: vmware_nsxt: # These are the credentials that the manager will use to access # the host, install nsxt specific host packages and configure them. username: <host username> password: <host encrypted-passwd-from-ardanaencrypt> # The transport node will be configured with the host switch spec and # transport zone endpoints copied from this profile. Note that # included host switch profiles of type NiocProfile will be filtered # out and ignored as they only apply to ESX hosts. transport_node_profile_id: <transport node profile uuid> 07070100000036000081A40000000000000000000000015D82725500000961000000000000000000000000000000000000007000000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/server_groups.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 server-groups: # # Server Groups provide a mechanism for organizing servers # into a hierarchy that reflected the physical topology. # # When allocating a server the configuration processor # will search down the hierarchy from the list of server # groups identified as the failure-zones for the control # plane until it finds an available server of the requested # role. If the allocation policy is "strict" servers are # allocated from different failure-zones. # # When determining which network from a network group to # associate with a server the configuration processor will # search up the hierarchy from the server group containing the # server until it finds a network in the required network # group. # # # In this example there is only one network in each network # group and so we put all networks in the top level server # group. Below this we create server groups for three # failure zones, within which servers are grouped by racks. # # Note: the association of servers to server groups is part # of the server definition (servers.yml) # # # At the top of the tree we have a server groups for # networks that can reach all servers # - name: CLOUD server-groups: - AZ1 - AZ2 - AZ3 networks: - EXTERNAL-API-NET - MANAGEMENT-NET - INTERNAL-API-NET - TRUNK-NET # # Create a group for each failure zone # - name: AZ1 server-groups: - RACK1 - name: AZ2 server-groups: - RACK2 - name: AZ3 server-groups: - RACK3 # # Create a group for each rack # - name: RACK1 - name: RACK2 - name: RACK3 07070100000037000081A40000000000000000000000015D827255000003BA000000000000000000000000000000000000006F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/server_roles.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 server-roles: - name: CONTROLLER-ROLE interface-model: CONTROLLER-INTERFACES disk-model: CONTROLLER-1TB-DISKS - name: COMPUTE-ROLE interface-model: COMPUTE-INTERFACES disk-model: COMPUTE-NODE-DISKS - name: ESX-COMPUTE-ROLE interface-model: ESX-COMPUTE-INTERFACES disk-model: COMPUTE-NODE-DISKS 07070100000038000081A40000000000000000000000015D82725500000A49000000000000000000000000000000000000006A00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/servers.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 baremetal: # NOTE: These values need to be changed to match your environment. # Define the network range that contains the ip-addr values for # the individual servers listed below. subnet: 192.168.10.0 netmask: 255.255.255.0 servers: # NOTE: Addresses of servers need to be # changed to match your environment. # # Add additional servers as required # Controllers - id: controller1 ip-addr: 192.168.10.3 role: CONTROLLER-ROLE server-group: RACK1 nic-mapping: ESXI_VMXNET3_4PORT mac-addr: "b2:72:8d:ac:7c:6f" ilo-ip: 192.168.9.3 ilo-password: password ilo-user: admin - id: controller2 ip-addr: 192.168.10.4 role: CONTROLLER-ROLE server-group: RACK2 nic-mapping: ESXI_VMXNET3_4PORT mac-addr: "8a:8e:64:55:43:76" ilo-ip: 192.168.9.4 ilo-password: password ilo-user: admin - id: controller3 ip-addr: 192.168.10.5 role: CONTROLLER-ROLE server-group: RACK3 nic-mapping: ESXI_VMXNET3_4PORT mac-addr: "26:67:3e:49:5a:a7" ilo-ip: 192.168.9.5 ilo-password: password ilo-user: admin # Compute Nodes - id: compute1 server-group: RACK1 nic-mapping: MY-4PORT-SERVER ip-addr: 192.168.10.6 mac-addr: "00:de:ad:be:ef:10" role: COMPUTE-ROLE ilo-ip: 1.1.1.10 ilo-user: dummy-user ilo-password: dummy-password # Nova Compute proxy node - id: esx-compute1 server-group: RACK1 nic-mapping: ESXI-COMPUTE-3PORT ip-addr: 192.168.10.7 mac-addr: "00:de:ad:be:ef:11" role: ESX-COMPUTE-ROLE ilo-ip: 1.1.1.11 ilo-user: dummy-user ilo-password: dummy-password - id: esx-compute2 server-group: RACK1 nic-mapping: ESXI-COMPUTE-3PORT ip-addr: 192.168.10.8 mac-addr: "00:de:ad:be:ef:12" role: ESX-COMPUTE-ROLE ilo-ip: 1.1.1.12 ilo-user: dummy-user ilo-password: dummy-password 07070100000039000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000006400000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/swift0707010000003A000081A40000000000000000000000015D8272550000060A000000000000000000000000000000000000007500000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxt/data/swift/swift_config.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 configuration-data: - name: SWIFT-CONFIG-CP1 services: - swift data: control_plane_rings: swift-zones: - id: 1 server-groups: - AZ1 - id: 2 server-groups: - AZ2 - id: 3 server-groups: - AZ3 rings: - name: account display-name: Account Ring min-part-hours: 16 partition-power: 12 replication-policy: replica-count: 3 - name: container display-name: Container Ring min-part-hours: 16 partition-power: 12 replication-policy: replica-count: 3 - name: object-0 display-name: General default: yes min-part-hours: 16 partition-power: 12 replication-policy: replica-count: 3 0707010000003B000041ED0000000000000000000000035D82725500000000000000000000000000000000000000000000005900000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv0707010000003C000081A40000000000000000000000015D827255000013C6000000000000000000000000000000000000006300000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/README.md (c) Copyright 2017 SUSE LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ## Ardana Single region Entry Scale Cloud with ESX+NSX Example ## The input files in this example deploy a cloud with ESX hypervisor that uses NSX-V networking that has the following characteristics: ### Compute Proxy Nodes ### - One single server that runs the Nova ESX compute proxy. There should be one node per ESX resource pool. The proxy nodes can be ESX virtual machines. When running as VMs, they should be in a HA cluster. Do not image the VMs serving as compute proxy nodes. Use the nodelist option with bm-reimage.yml playbook to avoid imaging them. ### Control Planes ### - A single control plane consisting of three servers that co-host all of the other required openstack services. ### Deployer Node ### This configuration runs the lifecycle-manager (formerly referred to as the deployer) on a control plane node. You need to include this node address in your servers.yml definition. This function does not need a dedicated network. The minimum server count for this example is therefore 4 servers (Control Plane (x3) for Openstack services + 1 activated vCenter cluster having at least 1 host, for vCenter appliance, NSX Manager, and ESX compute proxy VMs). An example set of servers are defined in ***data/servers.yml***. You will need to modify this file to reflect your specific environment. ### Networking ### The example requires the following networks: IPMI/iLO network, connected to the deployer and the IPMI/iLO ports of all servers A pair of bonded NICs which are used by the following networks: - EXTERNAL-API - This is the network that users will use to make requests to the cloud - INTERNAL-API - This is the network that will be used to access the ESX metadata proxy servers - MANAGEMENT - This is the network that will be used for all internal traffic between the cloud services and traffic between VMs on private networks within the cloud The Data Center Management network (which hosts the vCenter server) must be reachable from the Cloud Management network so that the controllers, compute proxy nodes can communicate to the vCenter server. An example set of networks are defined in ***data/networks.yml***. You will need to modify this file to reflect your environment. The example uses the devices hed3 & hed4 as a bonded network for all services. If you need to modify these for your environment they are defined in ***data/net_interfaces.yml***. The network devices eth3 & eth4 are renamed to devices hed3 & hed4 using the PCI bus mappings specified in ***data/nic_mappings.yml***. You may need to modify the PCI bus addresses to match your system. ###Adapting the entry-scale model to fit your environment### The minimum set of changes you need to make to adapt the model for your environment are: - Update servers.yml to list the details of your bare metal servers (i.e, ILO access info). You need to perform this step if you are using the Ardana supplied Cobber playbooks to install Linux on your servers. - Update the networks.yml file to replace network CIDRs and VLANs with site specific values - Update the nic_mappings.yml file to ensure that network devices are mapped to the correct physical port(s) - Review the disk models (disks_*.yml) and confirm that the associated servers have the number of disks required by the disk model. The device names in the disk models might need to be adjusted to match the probe order of your servers. Disk models are provided as follows: - DISK SET CONTROLLER: Minimum 1 disk - DISK SET COMPUTE NODE DISKS: This is the disks used on the ESX compute proxy nodes. Each node is a ESX VM. ESX VM is expected to create 1 virtual disk for each VM. - Update the net interfaces.yml file to match the server NICs used in your configuration. This file has a separate interface model definition for each of the following: - INTERFACE SET CONTROLLER - INTERFACE SET ESX-COMPUTE *DISK_SET used by Nova compute proxy is not recommanded to modify by user* ##The NSX Configuration Data## The NSX Configuration data file data/nsx/nsx_config.yml contains the information on the NSX installation needed to configure neutron to use the NSXV core-plugin. See the comments for the parameters' descriptions. ##The pass_through.yml File## The ESX compute proxy needs to have the information in pass_through.yml in order to configure itself. See the comments for the parameters' descriptions. 0707010000003D000081A40000000000000000000000015D82725500000994000000000000000000000000000000000000006900000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/cloudConfig.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 cloud: name: entry-scale-nsx # The following values are used when # building hostnames hostname-data: host-prefix: ardana member-prefix: -m # List of ntp servers for your site ntp-servers: # - "ntp-server1" # - "ntp-server2" # dns resolving configuration for your site # refer to resolv.conf for details on each option dns-settings: # nameservers: # - name-server1 # - name-server2 # - name-server3 # # domain: sub1.example.net # # search: # - sub1.example.net # - sub2.example.net # # sortlist: # - 192.168.160.0/255.255.240.0 # - 192.168.0.0 # # # option flags are '<name>:' to enable, remove to unset # # options with values are '<name>:<value>' to set # # options: # debug: # ndots: 2 # timeout: 30 # attempts: 5 # rotate: # no-check-names: # inet6: smtp-settings: # server: mailserver.examplecloud.com # port: 25 # timeout: 15 # These are only needed if your server requires authentication # user: # password: # Generate firewall rules firewall-settings: enable: true # log dropped packets logging: true # Disc space needs to be allocated to the audit directory before enabling # auditing. # Default can be either "disabled" or "enabled". Services listed in # "enabled-services" and "disabled-services" override the default setting. audit-settings: audit-dir: /var/audit default: disabled #enabled-services: # - keystone # - barbican disabled-services: - nova - barbican - keystone - cinder - ceilometer - neutron - swift 0707010000003E000041ED0000000000000000000000055D82725500000000000000000000000000000000000000000000005E00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data0707010000003F000081A40000000000000000000000015D82725500000D58000000000000000000000000000000000000007000000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/control_plane.yml# # (c) Copyright 2017-2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 control-planes: - name: control-plane-1 control-plane-prefix: cp1 region-name: region1 failure-zones: - AZ1 - AZ2 - AZ3 configuration-data: - DESIGNATE-CONFIG-CP1 - NSXV-CONFIG-CP1 - SWIFT-CONFIG-CP1 common-service-components: - logging-rotate - logging-producer - monasca-agent - stunnel - lifecycle-manager-target clusters: - name: cluster1 cluster-prefix: c1 server-role: CONTROLLER-ROLE member-count: 3 allocation-policy: strict service-components: - lifecycle-manager - tempest - ntp-server - swift-ring-builder - mysql - ip-cluster - apache2 - keystone-api - keystone-client - rabbitmq - glance-api - glance-registry - glance-client - cinder-api - cinder-scheduler - cinder-volume - cinder-backup - cinder-client - nova-api - nova-placement-api - nova-scheduler - nova-conductor - nova-novncproxy - nova-client - neutron-server - vmware-nsxv - neutron-client - horizon - swift-proxy - memcached - swift-account - swift-container - swift-object - swift-client - heat-api - heat-api-cfn - heat-engine - heat-client - openstack-client - ceilometer-polling - ceilometer-agent-notification - ceilometer-common - ceilometer-client - zookeeper - kafka - spark - cassandra - storm - monasca-api - monasca-persister - monasca-notifier - monasca-threshold - monasca-client - monasca-transform - logging-server - ops-console-web - barbican-api - barbican-client - barbican-worker - designate-api - designate-central - designate-producer - designate-worker - designate-mdns - designate-client - bind - magnum-api - magnum-conductor resources: - name: esx-compute resource-prefix: esx-comp server-role: ESX-COMPUTE-ROLE allocation-policy: any service-components: - nova-esx-compute-proxy - nova-compute - ntp-client 07070100000040000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000006800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/designate07070100000041000081A40000000000000000000000015D82725500000379000000000000000000000000000000000000007D00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/designate/designate_config.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 configuration-data: - name: DESIGNATE-CONFIG-CP1 services: - designate data: dns_domain: example.org. ns_records: - hostname: ns1.example.org. priority: 1 - hostname: ns2.example.org. priority: 2 07070100000042000081A40000000000000000000000015D8272550000049D000000000000000000000000000000000000007500000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/disks_compute_node.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 disk-models: - name: COMPUTE-NODE-DISKS # Disk model to be used for compute nodes # /dev/sda_root is used as a volume group for /, /var/log and /var/crash # Additional disks can be added to either volume group volume-groups: - name: cpn-vg physical-volumes: - /dev/sda_root logical-volumes: - name: root size: 80% fstype: ext4 mount: / - name: LV_CRASH size: 15% mount: /var/crash fstype: ext4 mkfs-opts: -O large_file 07070100000043000081A40000000000000000000000015D82725500001968000000000000000000000000000000000000007700000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/disks_controller_1TB.yml# # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 disk-models: - name: CONTROLLER-1TB-DISKS # This example is based on using a single 1TB disk for a volume # group that contains all file systems on a controller with 64GB # of memory. # # Additional disks can be added to the 'physical-volumes' section. # # volume-groups: - name: ctlr-vg physical-volumes: # NOTE: 'sda_root' is a templated value. This value is checked in # os-config and replaced by the partition actually used on sda #e.g. sda1 or sda5 - /dev/sda_root # Add any additional disks for the volume group here # -/dev/sdx # -/dev/sdy logical-volumes: # The policy is not to consume 100% of the space of each volume group. # At least 5% should be left free for snapshots. This example leaves 18% # free to allow for some flexibility. - name: root size: 6% fstype: ext4 mount: / # Reserved space for kernel crash dumps # Should evaluate to a value that is slightly larger than # the memory size of your server - name: crash size: 6% mount: /var/crash fstype: ext4 mkfs-opts: -O large_file # Local Log files. Depending on your retention policy # log files can require significant disc space - name: log size: 16% mount: /var/log fstype: ext4 mkfs-opts: -O large_file # Mysql Database. All persistent state from OpenStack services # is saved here. Although the individual objects are small the # accumulated data can grow over time - name: mysql size: 6% mount: /var/lib/mysql fstype: ext4 mkfs-opts: -O large_file consumer: name: mysql # Rabbitmq works mostly in memory, but needs to be able to persist # messages to disc under high load. This area should evaluate to a value # that is slightly larger than the memory size of your server - name: rabbitmq size: 7% mount: /var/lib/rabbitmq fstype: ext4 mkfs-opts: -O large_file consumer: name: rabbitmq rabbitmq_env: home # Database storage for event monitoring and metering data (Monasca). - name: cassandra_db size: 19% mount: /var/cassandra/data fstype: ext4 mkfs-opts: -O large_file consumer: name: cassandra - name: cassandra_log size: 1% mount: /var/cassandra/commitlog fstype: ext4 mkfs-opts: -O large_file consumer: name: cassandra # Messaging system for monitoring and logging. - name: kafka size: 7% mount: /var/kafka fstype: ext4 mkfs-opts: -O large_file consumer: name: kafka # Data storage for centralized logging. This holds log entries from all # servers in the cloud and hence can require a lot of disk space. - name: elasticsearch size: 13% mount: /var/lib/elasticsearch fstype: ext4 # Zookeeper is used to provide cluster co-ordination in the monitoring # system. Although not a high user of disc space we have seen issues # with zookeeper snapshots filling up filesystems so we keep it in its # own space for stability. - name: zookeeper size: 1% mount: /var/lib/zookeeper fstype: ext4 consumer: name: os # Cinder: cinder volume needs temporary local filesystem space to convert # images to raw when creating bootable volumes. Using a separate volume # will both ringfence this space and avoid filling / # The size should represent the raw size of the largest image times # the number of concurrent bootable volume creations. # The logical volume can be part of an existing volume group or a # dedicated volume group. # - name: cinder-vg # physical-volumes: # - /dev/sdx # logical-volumes: # - name: cinder_image # size: 5% # mount: /var/lib/cinder # fstype: ext4 # Glance cache: if a logical volume with consumer usage 'glance-cache' # is defined Glance caching will be enabled. The logical volume can be # part of an existing volume group or a dedicated volume group. # - name: glance-vg # physical-volumes: # - /dev/sdx # logical-volumes: # - name: glance-cache # size: 95% # mount: /var/lib/glance/cache # fstype: ext4 # mkfs-opts: -O large_file # consumer: # name: glance-api # usage: glance-cache # Audit: Audit logs can consume significant disc space. If you # are enabling audit then it is recommended that you use a dedicated # disc. # - name: audit-vg # physical-volumes: # - /dev/sdz # logical-volumes: # - name: audit # size: 95% # mount: /var/audit # fstype: ext4 # mkfs-opts: -O large_file # Additional disk group defined for Swift device-groups: - name: swiftobj devices: - name: /dev/sdb - name: /dev/sdc # Add any additional disks for swift here # -name: /dev/sdd # -name: /dev/sde consumer: name: swift attrs: rings: - account - container - object-0 07070100000044000081A40000000000000000000000015D827255000006E3000000000000000000000000000000000000007100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/firewall_rules.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 # # Ardana will create firewall rules to enable the required access for # all of the deployed services. Use this section to define any # additional access. # # Each group of rules can be applied to one or more network groups # Examples are given for ping and ssh # # Names of rules, (e.g. "PING") are arbitrary and have no special significance # firewall-rules: - name: SSH # network-groups is a list of all the network group names # that the rules apply to network-groups: - MANAGEMENT - INTERNAL-API rules: - type: allow # range of remote addresses in CIDR format that this # rule applies to remote-ip-prefix: 0.0.0.0/0 port-range-min: 22 port-range-max: 22 # protocol must be one of: null, tcp, udp or icmp protocol: tcp - name: PING network-groups: - MANAGEMENT - EXTERNAL-API - INTERNAL-API rules: # open ICMP echo request (ping) - type: allow remote-ip-prefix: 0.0.0.0/0 # icmp type port-range-min: 8 # icmp code port-range-max: 0 protocol: icmp 07070100000045000081A40000000000000000000000015D82725500000661000000000000000000000000000000000000007100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/net_interfaces.yml# # (c) Copyright 2017-2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 interface-models: # These examples uses hed3 and hed4 as a bonded # pair for all networks on all three server roles # # Edit the device names and bond options # to match your environment # - name: CONTROLLER-INTERFACES network-interfaces: - name: BOND0 device: name: bond0 bond-data: options: mode: active-backup miimon: 200 primary: hed3 provider: linux devices: - name: hed3 - name: hed4 network-groups: - MANAGEMENT - EXTERNAL-API - INTERNAL-API - name: ESX-COMPUTE-INTERFACES network-interfaces: - name: eth0 device: name: eth0 forced-network-groups: - MANAGEMENT - name: eth1 device: name: eth1 forced-network-groups: - INTERNAL-API 07070100000046000081A40000000000000000000000015D827255000010EF000000000000000000000000000000000000007100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/network_groups.yml# # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 network-groups: # # External API # # This is the network group that users will use to # access the public API endpoints of your cloud # - name: EXTERNAL-API hostname-suffix: extapi component-endpoints: - bind-ext load-balancers: - provider: ip-cluster name: extlb # If external-name is set then public urls in keystone # will use this name instead of the IP address. # You must either set this to a name that can be resolved in your network # or comment out this line to use IP addresses # external-name: tls-components: - default roles: - public cert-file: my-public-entry-scale-esx-nsx-cert # This is the name of the certificate that will be used on load balancer. # Ardana will look for a file with this name in the config/tls/certs directory. # This is the certificate that matches your setting for external-name # # Note that it is also possible to have per service certificates: # # cert-file: # default: my-public-entry-scale-esx-nsx-cert # horizon: my-horizon-cert # nova-api: my-nova-cert # # The configuration-processor will also create a request templates for each # named certificates under # "info/cert_reqs/" # # And this will be of the form # # info/cert_reqs/my-public-entry-scale-esx-nsx-cert # info/cert_reqs/my-horizon-cert # info/cert_reqs/my-nova-cert # # These request templates contain the subject Alt-names that # the certificates need. A customer can add to this template # before generating their Certificate Signing Request (CSR). # They would then send the CSR to their CA to be signed and # receive the certificate, which can then be dropped into # "config/tls/certs". # # When you bring in your own certificate you may want to bring # in the trust chains (or CA certificate) for this certificate. # This is usually not required if the CA is a public signer that # gets bundled by the system. However, we suggest you include it # into Ardana anyway by copying the file into the directory # "config/cacerts/". # Note that the file extension should be .crt or it will not # be processed by Ardana. # # # Management # # This is the network group that will be used to for # management traffic within the cloud. # # The interface used by this group will be presented # to Neutron as physnet1, and used by tenant VLANS # - name: MANAGEMENT hostname-suffix: mgmt hostname: true component-endpoints: - lifecycle-manager - lifecycle-manager-target routes: - default ## ## TRUNK ## ## This is the network group that will be used for ## trunk network on the OVSvApp service VM. ## The trunk network is used to apply security ## group rules on tenant traffic. #- name: TRUNK # hostname-suffix: trunk # # INTERNAL-API # - name: INTERNAL-API tls-component-endpoints: - barbican-api component-endpoints: - default load-balancers: - provider: ip-cluster name: lb tls-components: - default components: - nova-metadata roles: - internal - admin cert-file: ardana-internal-cert 07070100000047000081A40000000000000000000000015D82725500000680000000000000000000000000000000000000006B00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/networks.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 networks: # # This example uses the following networks # # Network CIDR VLAN # ------- ---- ---- # External API 10.0.1.0/24 101 (tagged) # Internal API 192.168.50.0/23 102 (tagged) # Management 192.168.10.0/24 100 (untagged) # Trunk untagged # # Modify these values to match your environment # - name: EXTERNAL-API-NET vlanid: 101 tagged-vlan: true cidr: 10.0.1.0/24 gateway-ip: 10.0.1.1 network-group: EXTERNAL-API - name: MANAGEMENT-NET tagged-vlan: false vlanid: 100 cidr: 192.168.10.0/24 gateway-ip: 192.168.10.1 network-group: MANAGEMENT addresses: - 192.168.10.1-192.168.10.250 # - name: TRUNK-NET # tagged-vlan: false # network-group: TRUNK - name: INTERNAL-API-NET vlanid: 102 cidr: 192.168.50.0/24 tagged-vlan: true network-group: INTERNAL-API addresses: - 192.168.50.4-192.168.50.250 07070100000048000081A40000000000000000000000015D82725500000AB5000000000000000000000000000000000000006F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/nic_mappings.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 # nic-mappings are used to ensure that the device name used by the # operating system always maps to the same physical device. # A nic-mapping is associated to a server in the server definition. # The logical-name specified here can be used as a device name in # the network interface-models definitions. # # - name user-defined name for each mapping # physical-ports list of ports for this mapping # - logical-name device name to be used by the operating system # type physical port type # bus-address bus address of the physical device # # Notes: # - The PCI bus addresses are examples. You will need to determine # the values pertinent to your servers. These can be found with the # the `lspci` command or from the server BIOS # - enclose the bus address in quotation marks so yaml does not # misinterpret the embedded colon (:) characters # - simple-port is the only currently supported port type # - choosing a new device name prefix (e.g. 'eth' -> 'hed') will # help prevent remapping errors nic-mappings: - name: ESXI_VMXNET3_4PORT physical-ports: - logical-name: hed1 type: simple-port bus-address: "0000:06:00.0" - logical-name: hed2 type: simple-port bus-address: "0000:07:00.0" - logical-name: hed3 type: simple-port bus-address: "0000:08:00.0" - logical-name: hed4 type: simple-port bus-address: "0000:09:00.0" - name: MY-2PORT-SERVER physical-ports: - logical-name: hed3 type: simple-port bus-address: "0000:08:00.0" - logical-name: hed4 type: simple-port bus-address: "0000:09:00.0" - name: ESXI-COMPUTE-3PORT physical-ports: - logical-name: eth0 type: simple-port bus-address: "0000:06:00.0" - logical-name: eth1 type: simple-port bus-address: "0000:07:00.0" - logical-name: eth2 type: simple-port bus-address: "0000:08:00.0" 07070100000049000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000006200000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/nsx0707010000004A000081A40000000000000000000000015D827255000016AD000000000000000000000000000000000000007100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/nsx/nsx_config.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 configuration-data: - name: NSXV-CONFIG-CP1 services: - nsx data: # (Required) URL for NSXv manager (e.g - https://management_ip). manager_uri: 'https://<nsx-mgr-ip>' # (Required) NSXv username. user: 'admin' # (Required) Encrypted NSX Manager password. # Password encryption is done by the script # ~/openstack/ardana/ansible/ardanaencrypt.py on the deployer: # # $ cd ~/openstack/ardana/ansible # $ export ARDANA_USER_PASSWORD_ENCRYPT_KEY=<encryption key> # $ ./ardanaencrypt.py # # The script will prompt for the NSX Manager password. The string # generated is the encrypted password. Enter the string enclosed # by double-quotes below. password: "<encrypted-nsx-mgr-passwd-from-ardanaencrypt>" # (Required) datacenter id for edge deployment. # Retrieved using # http://<vCenter-ip-addr>/mob/?moid=ServiceInstance&doPath=content # click on the value from the rootFolder property. The datacenter_moid is # the value of the childEntity property. # The vCenter-ip-address comes from the file pass_through.yml in the # input model under "pass-through.global.vmware.ip". datacenter_moid: 'datacenter-21' # (Required) id of logic switch for physical network connectivity. # How to retrieve # 1. Get to the same page where the datacenter_moid is found. # 2. Click on the value of the rootFolder property. # 3. Click on the value of the childEntity property # 4. Look at the network property. The external network is # network associated with EXTERNAL VM in VCenter. external_network: 'dvportgroup-74' # (Required) clusters ids containing OpenStack hosts. # Retrieved using http://<vcenter-ip-addr>/mob, click on the value # from the rootFolder property. Then click on the value of the # hostFolder property. Cluster_moids are the values under childEntity # property of the compute clusters. cluster_moid: 'domain-c33,domain-c35' # (Required) resource-pool id for edge deployment. resource_pool_id: 'resgroup-67' # (Optional) datastore id for edge deployment. If not needed, # do not declare it. # datastore_id: 'datastore-117' # (Required) network scope id of the transport zone. # To get the vdn_scope_id, in the vSphere web client from the Home # menu: # 1. click on Networking & Security # 2. click on installation # 3. click on the Logical Netowrk Preparation tab. # 4. click on the Transport Zones button. # 5. Double click on the transport zone being configure. # 6. Select Manage tab. # 7. The vdn_scope_id will appear at the end of the URL. vdn_scope_id: 'vdnscope-1' # (Optional) Dvs id for VLAN based networks. If not needed, # do not declare it. # dvs_id: 'dvs-68' # (Required) backup_edge_pool: backup edge pools management range, # - edge_type>[edge_size]:<minimum_pooled_edges>:<maximum_pooled_edges> # - edge_type: service (service edge) or vdr (distributed edge) # - edge_size: compact , large (by default), xlarge or quadlarge backup_edge_pool: 'service:compact:4:10,vdr:compact:4:10' # (Optional) mgt_net_proxy_ips: management network IP address for # metadata proxy. If not needed, do not declare it. # mgt_net_proxy_ips: '10.142.14.251,10.142.14.252' # (Optional) mgt_net_proxy_netmask: management network netmask for # metadata proxy. If not needed, do not declare it. # mgt_net_proxy_netmask: '255.255.255.0' # (Optional) mgt_net_moid: Network ID for management network connectivity # Do not declare if not used. # mgt_net_moid: 'dvportgroup-73' # ca_file: Name of the certificate file. If insecure is set to True, # then this parameter is ignored. If insecure is set to False and this # parameter is not defined, then the system root CAs will be used # to verify the server certificate. ca_file: a/nsx/certificate/file # insecure: # If true (default), the NSXv server certificate is not verified. # If false, then the default CA truststore is used for verification. # This option is ignored if "ca_file" is set insecure: True # (Optional) edge_ha: if true, will duplicate any edge pool resources # Default to False if undeclared. # edge_ha: False # (Optional) spoofguard_enabled: # If True (default), indicates NSXV spoofguard component is used to # implement port-security feature. # spoofguard_enabled: True # (Optional) exclusive_router_appliance_size: # Edge appliance size to be used for creating exclusive router. # Valid values: 'compact', 'large', 'xlarge', 'quadlarge' # Defaults to 'compact' if not declared. # exclusive_router_appliance_size: 'compact' 0707010000004B000081A40000000000000000000000015D827255000007BC000000000000000000000000000000000000006F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/pass_through.yml# # (c) Copyright 2017-2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 pass-through: global: vmware: - username: <vcenter-admin-username> ip: <vcenter-ip> port: 443 cert_check: false # The password needs to be encrypted using the script # openstack/ardana/ansible/ardanaencrypt.py on the deployer: # # $ cd ~/openstack/ardana/ansible # $ export ARDANA_USER_PASSWORD_ENCRYPT_KEY=<encryption key> # $ ./ardanaencrypt.py # # The script will prompt for the vCenter password. The string # generated is the encrypted password. Enter the string # enclosed by double-quotes below. password: "<encrypted-passwd-from-ardanaencrypt>" # The id is is obtained by the URL # https://<vcenter-ip>/mob/?moid=ServiceInstance&doPath=content%2eabout, # field instanceUUID. id: <vcenter-uuid> servers: # Here the 'id' refers to the name of the node running the # esx-compute-proxy. This is identical to the 'servers.id' in # servers.yml. There should be one esx-compute-proxy node per ESX # resource pool. - id: esx-compute1 data: vmware: vcenter_cluster: <vmware cluster1 name> vcenter_id: <vcenter-uuid> - id: esx-compute2 data: vmware: vcenter_cluster: <vmware cluster2 name> vcenter_id: <vcenter-uuid> 0707010000004C000081A40000000000000000000000015D8272550000094D000000000000000000000000000000000000007000000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/server_groups.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 server-groups: # # Server Groups provide a mechanism for organizing servers # into a hierarchy that reflected the physical topology. # # When allocating a server the configuration processor # will search down the hierarchy from the list of server # groups identified as the failure-zones for the control # plane until it finds an available server of the requested # role. If the allocation policy is "strict" servers are # allocated from different failure-zones. # # When determining which network from a network group to # associate with a server the configuration processor will # search up the hierarchy from the server group containing the # server until it finds a network in the required network # group. # # # In this example there is only one network in each network # group and so we put all networks in the top level server # group. Below this we create server groups for three # failure zones, within which servers are grouped by racks. # # Note: the association of servers to server groups is part # of the server definition (servers.yml) # # # At the top of the tree we have a server groups for # networks that can reach all servers # - name: CLOUD server-groups: - AZ1 - AZ2 - AZ3 networks: - EXTERNAL-API-NET - MANAGEMENT-NET - INTERNAL-API-NET # # Create a group for each failure zone # - name: AZ1 server-groups: - RACK1 - name: AZ2 server-groups: - RACK2 - name: AZ3 server-groups: - RACK3 # # Create a group for each rack # - name: RACK1 - name: RACK2 - name: RACK3 0707010000004D000081A40000000000000000000000015D82725500000351000000000000000000000000000000000000006F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/server_roles.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 server-roles: - name: CONTROLLER-ROLE interface-model: CONTROLLER-INTERFACES disk-model: CONTROLLER-1TB-DISKS - name: ESX-COMPUTE-ROLE interface-model: ESX-COMPUTE-INTERFACES disk-model: COMPUTE-NODE-DISKS 0707010000004E000081A40000000000000000000000015D82725500000936000000000000000000000000000000000000006A00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/servers.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 baremetal: # NOTE: These values need to be changed to match your environment. # Define the network range that contains the ip-addr values for # the individual servers listed below. subnet: 192.168.10.0 netmask: 255.255.255.0 servers: # NOTE: Addresses of servers need to be # changed to match your environment. # # Add additional servers as required # Controllers - id: controller1 ip-addr: 192.168.10.3 role: CONTROLLER-ROLE server-group: RACK1 nic-mapping: ESXI_VMXNET3_4PORT mac-addr: "b2:72:8d:ac:7c:6f" ilo-ip: 192.168.9.3 ilo-password: password ilo-user: admin - id: controller2 ip-addr: 192.168.10.4 role: CONTROLLER-ROLE server-group: RACK2 nic-mapping: ESXI_VMXNET3_4PORT mac-addr: "8a:8e:64:55:43:76" ilo-ip: 192.168.9.4 ilo-password: password ilo-user: admin - id: controller3 ip-addr: 192.168.10.5 role: CONTROLLER-ROLE server-group: RACK3 nic-mapping: ESXI_VMXNET3_4PORT mac-addr: "26:67:3e:49:5a:a7" ilo-ip: 192.168.9.5 ilo-password: password ilo-user: admin # Nova Compute proxy node - id: esx-compute1 server-group: RACK1 nic-mapping: ESXI-COMPUTE-3PORT ip-addr: 192.168.10.6 mac-addr: "00:de:ad:be:ef:10" role: ESX-COMPUTE-ROLE ilo-ip: 1.1.1.10 ilo-user: dummy-user ilo-password: dummy-password - id: esx-compute2 server-group: RACK1 nic-mapping: ESXI-COMPUTE-3PORT ip-addr: 192.168.10.7 mac-addr: "00:de:ad:be:ef:11" role: ESX-COMPUTE-ROLE ilo-ip: 1.1.1.11 ilo-user: dummy-user ilo-password: dummy-password 0707010000004F000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000006400000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/swift07070100000050000081A40000000000000000000000015D8272550000060A000000000000000000000000000000000000007500000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/examples/models/entry-scale-nsxv/data/swift/swift_config.yml# # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 configuration-data: - name: SWIFT-CONFIG-CP1 services: - swift data: control_plane_rings: swift-zones: - id: 1 server-groups: - AZ1 - id: 2 server-groups: - AZ2 - id: 3 server-groups: - AZ3 rings: - name: account display-name: Account Ring min-part-hours: 16 partition-power: 12 replication-policy: replica-count: 3 - name: container display-name: Container Ring min-part-hours: 16 partition-power: 12 replication-policy: replica-count: 3 - name: object-0 display-name: General default: yes min-part-hours: 16 partition-power: 12 replication-policy: replica-count: 3 07070100000051000041ED0000000000000000000000035D82725500000000000000000000000000000000000000000000004100000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services07070100000052000041ED0000000000000000000000025D82725500000000000000000000000000000000000000000000004800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware07070100000053000081A40000000000000000000000015D82725500000285000000000000000000000000000000000000005000000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/nsx.yml# (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 services: - name: nsx mnemonic: NSX 07070100000054000081A40000000000000000000000015D8272550000039D000000000000000000000000000000000000005C00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxt-dns.yml# (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxt-dns mnemonic: VMW-NSXT-DNS service: nsx requires: - name: vmware-nsxt scope: host provides-data: - to: - name: vmware-nsxt data: - option: nsx_extension_drivers values: - vmware_nsxv3_dns 07070100000055000081A40000000000000000000000015D827255000005A4000000000000000000000000000000000000005E00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxt-fwaas.yml# (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxt-fwaas mnemonic: VMW-NSXT-FWAAS service: nsx requires: - name: vmware-nsxt scope: host provides-data: - to: - name: neutron-server data: - option: service_plugins values: - neutron_fwaas.services.firewall.fwaas_plugin_v2.FirewallPluginV2 - option: fwaas_service_provider values: - FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default - option: fwaas_driver values: - vmware_nsxv3_edge_v2 - option: policy_json values: - source: ../../vmware-nsx/templates/policy.d/neutron-fwaas.json.j2 dest: policy.d/nsxt-neutron-fwaas.json 07070100000056000081A40000000000000000000000015D827255000004D5000000000000000000000000000000000000005D00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxt-l2gw.yml# (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxt-l2gateway mnemonic: VMW-NSXT-L2GW service: nsx requires: - name: vmware-nsxt scope: host provides-data: - to: - name: neutron-server data: - option: service_plugins values: - networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin - option: l2gw_service_provider values: - L2GW:vmware-nsx-l2gw:vmware_nsx.services.l2gateway.nsx_v3.driver.NsxV3Driver:default - option: neutron_server_config_file_args values: - l2gw_plugin.ini 07070100000057000081A40000000000000000000000015D82725500000520000000000000000000000000000000000000005E00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxt-lbaas.yml# (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxt-lbaas mnemonic: VMW-NSXT-LBAAS service: nsx requires: - name: vmware-nsxt scope: host provides-data: - to: - name: neutron-server data: - option: service_plugins values: - vmware_nsx.services.lbaas.nsx_plugin.LoadBalancerNSXPluginV2 - option: lbaas_service_provider values: - LOADBALANCERV2:VMWareEdge:neutron_lbaas.drivers.vmware.edge_driver_v2.EdgeLoadBalancerDriverV2:default - option: api_extensions_path values: - '{{ ''neutron'' | venv_dir }}/lib/python2.7/site-packages/neutron_lbaas/extensions' 07070100000058000081A40000000000000000000000015D82725500000310000000000000000000000000000000000000005D00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxt-node.yml# # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxt-node mnemonic: VMW-NSXT-NODE service: nsx endpoints: - port: 22 protocol: tcp roles: - ssh 07070100000059000081A40000000000000000000000015D827255000003B3000000000000000000000000000000000000005C00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxt-qos.yml# (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxt-qos mnemonic: VMW-NSXT-QOS service: nsx requires: - name: vmware-nsxt scope: host provides-data: - to: - name: neutron-server data: - option: service_plugins values: - neutron.services.qos.qos_plugin.QoSPlugin 0707010000005A000081A40000000000000000000000015D82725500000508000000000000000000000000000000000000005F00000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxt-vpnaas.yml# (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxt-vpnaas mnemonic: VMW-NSXT-VPNAAS service: nsx requires: - name: vmware-nsxt scope: host provides-data: - to: - name: neutron-server data: - option: service_plugins values: - vmware_nsx.services.vpnaas.nsx_plugin.NsxVPNPlugin - option: vpnaas_service_provider values: - VPN:vmware:vmware_nsx.services.vpnaas.nsxv3.ipsec_driver.NSXv3IPsecVpnDriver:default - option: api_extensions_path values: - '{{ ''neutron'' | venv_dir }}/lib/python2.7/site-packages/neutron_vpnaas/extensions' 0707010000005B000081A40000000000000000000000015D827255000006B3000000000000000000000000000000000000005800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxt.yml# (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxt mnemonic: VMW-NSXT service: nsx consumes-services: - service-name: NOV-MTD provides-data: - to: - name: neutron-server data: - option: core_plugin values: - vmware_nsx.plugin.NsxV3Plugin - option: config_files values: - source: ../../vmware-nsx/templates/nsxt.ini.j2 dest: nsxt.ini - option: neutron_server_config_file_args values: - nsxt.ini - option: neutron_db_manage_config_file_args values: - nsxt.ini - option: policy_json values: - source: ../../vmware-nsx/templates/policy.d/security-groups.json.j2 dest: policy.d/nsxt-security-groups.json - source: ../../vmware-nsx/templates/policy.d/routers.json.j2 dest: policy.d/routers.json - to: - name: nova-compute-kvm data: - option: ovs_bridge values: - nsx-managed 0707010000005C000081A40000000000000000000000015D82725500000626000000000000000000000000000000000000005800000000ardana-extensions-nsx-9.0+git.1568830037.2eea267/vmware/services/vmware/vmware-nsxv.yml# (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 service-components: - name: vmware-nsxv mnemonic: VMW-NSXV service: nsx consumes-services: - service-name: NOV-MTD provides-data: - to: - name: neutron-server data: - option: core_plugin values: - vmware_nsx.plugin.NsxVPlugin - option: config_files values: - source: ../../vmware-nsx/templates/nsxv.ini.j2 dest: nsxv.ini - option: neutron_server_config_file_args values: - nsxv.ini - option: neutron_db_manage_config_file_args values: - nsxv.ini - option: policy_json values: - source: ../../vmware-nsx/templates/policy.d/routers.json.j2 dest: policy.d/routers.json - source: ../../vmware-nsx/templates/policy.d/security-groups.json.j2 dest: policy.d/nsxv-security-groups.json 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!353 blocks
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
