diff --git a/config/bundle_focal.yaml b/config/bundle_focal.yaml new file mode 100644 index 0000000..71a8167 --- /dev/null +++ b/config/bundle_focal.yaml @@ -0,0 +1,1611 @@ +# Copyright (c) 2017-2018 Canonical USA Inc. All rights reserved. +# +# Foundation HyperConverged +# +series: focal +variables: + # https://wiki.ubuntu.com/OpenStack/CloudArchive + # packages for an LTS release come in a form of SRUs + # do not use cloud: for an LTS version as + # installation hooks will fail. Example: + openstack-origin: &openstack-origin distro + + openstack-region: &openstack-region RegionOne + + # !> Important 2 service + # containers/host adapt appropriately. + reserved-host-memory: &reserved-host-memory 512 + #ram-allocation-ratio: &ram-allocation-ratio 0.999999 # XXX bug 1613839 + ram-allocation-ratio: &ram-allocation-ratio 1.0 # now fixed + # changed from 4.0 as used on borehamwood 1 and adastral to 2.0 for borehamwood (003) env + cpu-allocation-ratio: &cpu-allocation-ratio 2.0 + + + # This is Management network, unrelated to OpenStack and other applications + # OAM - Operations, Administration and Maintenance + oam-space: &oam-space oam + + # This is OpenStack Admin network; for adminURL endpoints + admin-space: &admin-space oam + + # This is OpenStack Public network; for publicURL endpoints + #public-space: &public-space external + public-space: &public-space oam + + # This is OpenStack Internal network; for internalURL endpoints + internal-space: &internal-space oam + + # CEPH configuration + # CEPH access network + ceph-public-space: &ceph-public-space ceph-access + + # CEPH replication network + ceph-cluster-space: &ceph-cluster-space ceph-replica + + overlay-space: &overlay-space overlay + + # Workaround for 'only one default binding supported' + oam-space-constr: &oam-space-constr spaces=oam + ceph-access-constr: &ceph-access-constr spaces=ceph-access + combi-access-constr: &combi-access-constr spaces=ceph-access,oam + + # CEPH OSD and journal devices; temporary workaround for #1674148 + osd-devices: &osd-devices "/dev/sdb /dev/sdc" + + customize-failure-domain: &customize-failure-domain True + + # Expected OSD count is total number of OSD disks that will be part of Ceph cluster. + # Never set this number higher or much lower than the real number. 10-20% less than + # actual number is acceptable + expected-osd-count: &expected-osd-count 12 + expected-mon-count: &expected-mon-count 3 + + nagios-context: &nagios-context arif-nc01 + + # Various VIPs + aodh-vip: &aodh-vip "10.0.1.211" + cinder-vip: &cinder-vip "10.0.1.212" + dashboard-vip: &dashboard-vip "10.0.1.213" + glance-vip: &glance-vip "10.0.1.214" + heat-vip: &heat-vip "10.0.1.215" + keystone-vip: &keystone-vip "10.0.1.216" + mysql-vip: &mysql-vip "10.0.1.217" + neutron-api-vip: &neutron-api-vip "10.0.1.218" + nova-cc-vip: &nova-cc-vip "10.0.1.219" + gnocchi-vip: &gnocchi-vip "10.0.1.220" + contrail-vip: &contrail-api-vip "10.0.1.221" + vault-vip: &vault-vip "10.0.1.222" + placement-vip: &placement-vip "10.0.1.223" + + # NTP configuration + ntp-source: &ntp-source "192.168.1.11" + + # Add policy-routing to the external network + external-network-cidr: &external-network-cidr 192.168.1.0/24 + external-network-gateway: &external-network-gateway 192.168.1.249 + + # After bundle has been deployed, log in to Landscape server and create + # an account. In the account settings, set the Registration key and then + # configure landscape-client to use that registration-key: + # juju config landscape-client registration-key=$your_registration_key + + # Encryption At Rest + # removed for borehamwood 003 design as all storage shared and distributed on ceph + # ephemeral-device: &ephemeral-device /dev/disk/by-dname/ephemeral + + # DNS configuration + # This configuration for overlay networks. Usually domain should be set to something + # like "openstack.customername.lan." (notice . at the end), while cidr is for PTR + # records, so in most cases 24 is just fine (16 is another option) + # dns-domain: &dns-domain "openstack.customername.lan." + # dns-cidr: &dns-cidr 24 + # DNS server needs to be the same in the different charms to avoid conflict. + dns-servers: &dns-servers '192.168.1.13' + + # Mappings to provide connectivity to a physical network, used by neutron-gateway + # and possibly neutron-openvswitch, therefore do not configure an IP address for + # this port in MAAS. + data-port: &data-port "br-data:ens9" + bridge-mappings: &bridge-mappings 'physnet1:br-data' + +machines: + # Baremetals + # Control Nodes + "100": + constraints: tags=control + "101": + constraints: tags=control + "102": + constraints: tags=control + # LMA Nodes + "200": + constraints: tags=compute + "201": + constraints: tags=compute + "202": + constraints: tags=compute + # Landscape Nodes + "300": + constraints: tags=compute + "301": + constraints: tags=compute + "302": + constraints: tags=compute + # Contrail Nodes + "400": + constraints: tags=control + "401": + constraints: tags=control + "402": + constraints: tags=control +# "500": +# constraints: tags=compute +# "501": +# constraints: tags=compute +# "502": +# constraints: tags=compute +# "503": +# constraints: tags=compute +# "504": +# constraints: tags=compute +# "505": +# constraints: tags=compute +# "506": +# constraints: tags=compute +# "507": +# constraints: tags=compute +# "508": +# constraints: tags=compute + + # hyper-converged nova/ceph Nodes + "1000": + constraints: tags=compute + "1001": + constraints: tags=compute + "1002": + constraints: tags=compute + "1003": + constraints: tags=compute + "1004": + constraints: tags=compute + "1005": + constraints: tags=compute + +applications: + # HAcluster + hacluster-aodh: + charm: cs:hacluster + hacluster-cinder: + charm: cs:hacluster + hacluster-glance: + charm: cs:hacluster + hacluster-gnocchi: + charm: cs:hacluster + hacluster-horizon: + charm: cs:hacluster + hacluster-keystone: + charm: cs:hacluster + hacluster-neutron: + charm: cs:hacluster + hacluster-nova: + charm: cs:hacluster + hacluster-heat: + charm: cs:hacluster + hacluster-vault: + charm: cs:hacluster + + # CPU governor applications + sysconfig-compute: + charm: cs:sysconfig + options: + enable-iommu: false + governor: "performance" + enable-pti: true + update-grub: true +# sysconfig-storage: +# charm: cs:sysconfig +# options: +# enable-iommu: true +# governor: "performance" +# enable-pti: true +# update-grub: true + sysconfig-control: + charm: cs:sysconfig + options: + enable-iommu: true + governor: "performance" + enable-pti: true + update-grub: true + + # bcache-tuning + #bcache-tuning: + # charm: cs:bcache-tuning + + # Ceph + ceph-mon: + charm: cs:ceph-mon + num_units: 3 + bindings: + "": *oam-space + public: *ceph-public-space + osd: *ceph-public-space + client: *ceph-public-space + admin: *ceph-public-space + cluster: *ceph-cluster-space + options: + expected-osd-count: *expected-osd-count + source: *openstack-origin + monitor-count: *expected-mon-count + customize-failure-domain: *customize-failure-domain + to: + - lxd:100 + - lxd:101 + - lxd:102 +# ceph-mon2: +# charm: cs:ceph-mon +# num_units: 3 +# bindings: +# "": *oam-space +# public: *ceph-public-space +# osd: *ceph-public-space +# client: *ceph-public-space +# admin: *ceph-public-space +# cluster: *ceph-cluster-space +# options: +# expected-osd-count: *expected-osd-count +# source: *openstack-origin +# monitor-count: *expected-mon-count +# customize-failure-domain: *customize-failure-domain +# to: +# - lxd:100 +# - lxd:101 +# - lxd:102 + ceph-osd: + charm: cs:ceph-osd + num_units: 6 + bindings: + "": *oam-space + public: *ceph-public-space + cluster: *ceph-cluster-space + secrets-storage: *internal-space + mon: *ceph-public-space + options: + osd-devices: *osd-devices + source: *openstack-origin + customize-failure-domain: *customize-failure-domain + autotune: false + aa-profile-mode: complain + bluestore: true + osd-encrypt: True + osd-encrypt-keymanager: vault + to: + - '1000' + - '1001' + - '1002' + - '1003' + - '1004' + - '1005' +# ceph-osd2: +# charm: cs:ceph-osd +# num_units: 6 +# bindings: +# "": *oam-space +# public: *ceph-public-space +# cluster: *ceph-cluster-space +# secrets-storage: *internal-space +# mon: *ceph-public-space +# options: +# osd-devices: *osd-devices +# source: *openstack-origin +# customize-failure-domain: *customize-failure-domain +# autotune: false +# aa-profile-mode: complain +# bluestore: true +# osd-encrypt: True +# osd-encrypt-keymanager: vault +# to: +# - '1000' +# - '1001' +# - '1002' +# - '1003' +# - '1004' +# - '1005' + # OpenStack + aodh: + charm: cs:aodh + num_units: 3 + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + region: *openstack-region + vip: *aodh-vip + use-internal-endpoints: True + to: + - lxd:200 + - lxd:201 + - lxd:202 + gnocchi: + charm: cs:gnocchi + num_units: 3 + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + storage-ceph: *ceph-public-space + coordinator-memcached: *internal-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + region: *openstack-region + vip: *gnocchi-vip + use-internal-endpoints: True + to: + - lxd:200 + - lxd:201 + - lxd:202 + cinder: + charm: cs:cinder + num_units: 3 + constraints: *combi-access-constr + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + block-device: None + glance-api-version: 2 + vip: *cinder-vip + use-internal-endpoints: True + region: *openstack-region + enabled-services: "api,scheduler,volume" + to: + - lxd:100 + - lxd:101 + - lxd:102 +# cinder2: +# charm: cs:cinder +# num_units: 3 +# constraints: *combi-access-constr +# bindings: +# "": *oam-space +# public: *public-space +# admin: *admin-space +# internal: *internal-space +# shared-db: *internal-space +# options: +# worker-multiplier: *worker-multiplier +# openstack-origin: *openstack-origin +# block-device: None +# glance-api-version: 2 +# vip: *cinder-vip +# use-internal-endpoints: True +# region: *openstack-region +# enabled-services: "backup" +# to: +# - as1-maas-node-07 +# - as2-maas-node-07 +# - as3-maas-node-07 +# cinder3: +# charm: cs:cinder +# num_units: 3 +# constraints: *combi-access-constr +# bindings: +# "": *oam-space +# public: *public-space +# admin: *admin-space +# internal: *internal-space +# shared-db: *internal-space +# options: +# worker-multiplier: *worker-multiplier +# openstack-origin: *openstack-origin +# block-device: None +# glance-api-version: 2 +# vip: *cinder-vip +# use-internal-endpoints: True +# region: *openstack-region +# enabled-services: "backup" +# to: +# - lxd:200 +# - lxd:201 +# - lxd:202 +# cinder-backup: +# charm: cs:cinder-backup + cinder-ceph: + charm: cs:cinder-ceph + options: + restrict-ceph-pools: False + glance: + charm: cs:glance + constraints: *combi-access-constr + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + vip: *glance-vip + use-internal-endpoints: True + restrict-ceph-pools: False + region: *openstack-region + num_units: 3 + to: + - lxd:100 + - lxd:101 + - lxd:102 + keystone: + charm: cs:keystone + num_units: 3 + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + vip: *keystone-vip + region: *openstack-region + preferred-api-version: 3 + token-provider: 'fernet' + to: + - lxd:100 + - lxd:101 + - lxd:102 + mysql: + charm: cs:mysql-innodb-cluster + num_units: 3 + bindings: + "": *oam-space + cluster: *internal-space + db-router: *internal-space + options: + source: *openstack-origin + innodb-buffer-pool-size: 16G + wait-timeout: 3600 + enable-binlogs: False + snapd_refresh: 'max' + max-connections: *mysql-connections + tuning-level: *mysql-tuning-level + to: + - lxd:100 + - lxd:101 + - lxd:102 + aodh-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + keystone-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + cinder-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + glance-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + gnocchi-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + heat-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + nova-cloud-controller-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + neutron-api-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + openstack-dashboard-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + placement-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + vault-mysql-router: + charm: cs:mysql-router + bindings: + "": *oam-space + shared-db: *internal-space + db-router: *internal-space + options: + openstack-origin: *openstack-origin + + neutron-api: + charm: cs:neutron-api + num_units: 3 + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + #neutron-plugin-api-subordinate: *overlay-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + region: *openstack-region + neutron-security-groups: True + #overlay-network-type: vxlan gre + overlay-network-type: 'vxlan' + use-internal-endpoints: True + vip: *neutron-api-vip + enable-l3ha: True + dhcp-agents-per-network: 2 + enable-ml2-port-security: True + default-tenant-network-type: vxlan + l2-population: True + #global-physnet-mtu: 9000 + to: + - lxd:100 + - lxd:101 + - lxd:102 + neutron-gateway: + charm: cs:neutron-gateway + num_units: 3 + bindings: + "": *oam-space + data: *overlay-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + bridge-mappings: *bridge-mappings + data-port: *data-port + aa-profile-mode: enforce + dns-servers: *dns-servers + customize-failure-domain: *customize-failure-domain + to: + - 100 + - 101 + - 102 + neutron-openvswitch: + charm: cs:neutron-openvswitch + num_units: 0 + bindings: + "": *oam-space + data: *overlay-space + options: + worker-multiplier: *worker-multiplier + bridge-mappings: *bridge-mappings + prevent-arp-spoofing: True + firewall-driver: openvswitch + dns-servers: *dns-servers + data-port: *data-port + nova-cloud-controller: + charm: cs:nova-cloud-controller + num_units: 3 + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + memcache: *internal-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + network-manager: Neutron + region: *openstack-region + vip: *nova-cc-vip + console-access-protocol: novnc + console-proxy-ip: local + use-internal-endpoints: True + ram-allocation-ratio: *ram-allocation-ratio + cpu-allocation-ratio: *cpu-allocation-ratio + to: + - lxd:100 + - lxd:101 + - lxd:102 + placement: + charm: cs:placement + num_units: 3 + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + vip: *placement-vip + to: + - lxd:100 + - lxd:101 + - lxd:102 + + nova-compute: + charm: cs:nova-compute + num_units: 6 + bindings: + "": *oam-space + internal: *internal-space + options: + openstack-origin: *openstack-origin + enable-live-migration: True + enable-resize: True + migration-auth-type: ssh + use-internal-endpoints: True + libvirt-image-backend: rbd + restrict-ceph-pools: False + aa-profile-mode: enforce + virt-type: kvm + customize-failure-domain: *customize-failure-domain + reserved-host-memory: *reserved-host-memory + #cpu-mode: custom + #cpu-model: 'Skylake-Server-IBRS' + to: + - 1000 + - 1001 + - 1002 + - 1003 + - 1004 + - 1005 + ntp: + charm: cs:ntp + options: + source: *ntp-source + pools: '' + openstack-dashboard: + charm: cs:openstack-dashboard + num_units: 3 + constraints: *oam-space-constr + bindings: + "": *public-space + shared-db: *internal-space + options: + openstack-origin: *openstack-origin + webroot: "/" + secret: "encryptcookieswithme" + vip: *dashboard-vip + neutron-network-l3ha: True + neutron-network-lb: True + neutron-network-firewall: False + cinder-backup: False + password-retrieve: True + endpoint-type: 'publicURL' + to: + - lxd:100 + - lxd:101 + - lxd:102 + rabbitmq-server: + charm: cs:rabbitmq-server + bindings: + "": *oam-space + amqp: *internal-space + cluster: *internal-space + options: + source: *openstack-origin + min-cluster-size: 3 + cluster-partition-handling: pause_minority + num_units: 3 + to: + - lxd:100 + - lxd:101 + - lxd:102 + heat: + charm: cs:heat + num_units: 3 + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + shared-db: *internal-space + #heat-plugin-subordinate: *overlay-space + options: + worker-multiplier: *worker-multiplier + openstack-origin: *openstack-origin + region: *openstack-region + vip: *heat-vip + use-internal-endpoints: True + config-flags: "max_nested_stack_depth=20" + to: + - lxd:100 + - lxd:101 + - lxd:102 + memcached: + charm: cs:memcached + num_units: 3 + constraints: *oam-space-constr + bindings: + "": *internal-space + cache: *internal-space + options: + allow-ufw-ip6-softfail: True + to: + - lxd:100 + - lxd:101 + - lxd:102 + +# LMA stack applications + landscape-server: + charm: cs:landscape-server + series: bionic + bindings: + "": *oam-space + options: + install_sources: |- + - 'deb http://192.168.1.12/ppa.launchpad.net/landscape/19.10/ubuntu bionic main' + install_keys: |- + - | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: SKS 1.1.6 + Comment: Hostname: keyserver.ubuntu.com + mI0ESXN/egEEAOgRYISU9dnQm4BB5ZEEwKT+NKUDNd/DhMYdtBMw9Yk7S5cyoqpbtwoPJVzK + AXxq+ng5e3yYypSv98pLMr5UF09FGaeyGlD4s1uaVFWkFCO4jsTg7pWIY6qzO/jMxB5+Yu/G + 0GjWQMNKxFk0oHMa0PhNBZtdPacVz65mOVmCsh/lABEBAAG0G0xhdW5jaHBhZCBQUEEgZm9y + IExhbmRzY2FwZYi2BBMBAgAgBQJJc396AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ + boWobkZStOb+rwP+ONKUWeX+MTIPqGWkknBPV7jm8nyyIUojC4IhS+9YR6GYnn0hMABSkEHm + IV73feKmrT2GESYI1UdYeKiOkWsPN/JyBk+eTvKet0qsw5TluqiHSW+LEi/+zUyrS3dDMX3o + yaLgYa+UkjIyxnaKLkQuCiS+D+fYwnJulIkhaKObtdE= + =UwRd + -----END PGP PUBLIC KEY BLOCK----- + license-file: include-base64://../secrets/ldslicense.txt + #root-url: http://landscape.example.com/ + num_units: 3 + to: + - 300 + - 301 + - 302 + landscape-rabbitmq-server: + charm: cs:rabbitmq-server + bindings: + "": *oam-space + cluster: *oam-space + amqp: *oam-space + num_units: 3 + options: + source: *openstack-origin + min-cluster-size: 3 + cluster-partition-handling: ignore + to: + - lxd:300 + - lxd:301 + - lxd:302 + landscape-postgresql: + charm: cs:postgresql + series: bionic + bindings: + "": *oam-space + options: + extra_packages: python-apt postgresql-contrib postgresql-.*-debversion postgresql-plpython-.* + max_connections: 500 + max_prepared_transactions: 500 + num_units: 2 + to: + - lxd:300 + - lxd:301 + landscape-haproxy: + charm: cs:haproxy + bindings: + "": *oam-space + options: + default_timeouts: "queue 60000, connect 5000, client 120000, server 120000" + services: "" + source: backports + ssl_cert: SELFSIGNED + global_default_bind_options: "no-tlsv10" + num_units: 1 + to: + - lxd:302 + graylog: + charm: cs:graylog + series: bionic + bindings: + "": *oam-space + num_units: 1 + options: + jvm_heap_size: '1G' + rest_transport_uri: http://graylog.example.com:9001 + index_rotation_period: PT3H + to: + - 200 + graylog-mongodb: + charm: cs:mongodb + bindings: + "": *oam-space + num_units: 1 + options: + nagios_context: *nagios-context + to: + - lxd:200 + elasticsearch: + charm: cs:elasticsearch + bindings: + "": *oam-space + num_units: 2 + options: + firewall_enabled: False + es-heap-size: 2 + gpg-key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: SKS 1.1.6 + Comment: Hostname: keyserver.ubuntu.com + + mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy + hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q + RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+ + Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj + 1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB + AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz + QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC + AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75 + nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO + lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB + cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n + TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3 + vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM + KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp + lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA + 07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt + KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu + ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ + WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy + TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ + EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg + R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt + fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E= + =92oX + -----END PGP PUBLIC KEY BLOCK----- + to: + - 201 + - 202 + filebeat: + charm: cs:filebeat + options: + logpath: "/var/log/*.log /var/log/*/*.log /var/log/syslog" + install_keys: |- + - | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: SKS 1.1.6 + Comment: Hostname: keyserver.ubuntu.com + mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy + hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q + RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+ + Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj + 1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB + AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz + QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC + AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75 + nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO + lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB + cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n + TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3 + vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM + KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp + lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA + 07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt + KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu + ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ + WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy + TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ + EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg + R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt + fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E= + =92oX + -----END PGP PUBLIC KEY BLOCK----- + install_sources: | + - 'deb https://192.168.1.12/artifacts.elastic.co/packages/5.x/apt stable main' + nagios: + charm: cs:nagios + series: bionic + bindings: + "": *oam-space + num_units: 1 + options: + enable_livestatus: true + check_timeout: 50 + to: + - lxd:200 + openstack-service-checks: + charm: cs:~canonical-bootstack//nagiosopenstack-service-checks + constraints: *oam-space-constr + bindings: + "": *public-space + identity-credentials: *internal-space + num_units: 1 + to: + - lxd:200 + nrpe-host: + charm: cs:nrpe + bindings: + monitors: *oam-space + options: + nagios_hostname_type: "host" + nagios_host_context: *nagios-context + xfs_errors: "30" + netlinks: | + - bond0 mtu:1500 speed:1000 + - bond1 mtu:9000 speed:50000 + - eno1 mtu:1500 speed:1000 + - eno2 mtu:1500 speed:1000 + - enp25s0f0 mtu:9000 speed:25000 + - enp25s0f1 mtu:9000 speed:25000 + nrpe-container: + charm: cs:nrpe + bindings: + monitors: *oam-space + options: + nagios_hostname_type: unit + nagios_host_context: *nagios-context + disk_root: '' + load: '' + swap: '' + swap_activity: '' + mem: '' + landscape-client: + charm: cs:landscape-client + options: + account-name: "standalone" + #registration-key: include-file://../secrets/landscape-registration.txt + disable-unattended-upgrades: True + # the reason that this has to be done manually is because Landscape server needs an admin user to be + # created first (manual step, see above). Once the user and registration key is set configure the clients' url and ping-url options. + #ping-url: http://landscape.example.com/ping + #url: https://landscape.example.com/message-system + landscape-client-bionic: + charm: cs:landscape-client + options: + account-name: "standalone" + origin: | + deb http://192.168.1.12/ppa.launchpad.net/landscape/19.10/ubuntu bionic main|-----BEGIN PGP PUBLIC KEY BLOCK----- + Version: SKS 1.1.6 + Comment: Hostname: keyserver.ubuntu.com + mI0ESXN/egEEAOgRYISU9dnQm4BB5ZEEwKT+NKUDNd/DhMYdtBMw9Yk7S5cyoqpbtwoPJVzK + AXxq+ng5e3yYypSv98pLMr5UF09FGaeyGlD4s1uaVFWkFCO4jsTg7pWIY6qzO/jMxB5+Yu/G + 0GjWQMNKxFk0oHMa0PhNBZtdPacVz65mOVmCsh/lABEBAAG0G0xhdW5jaHBhZCBQUEEgZm9y + IExhbmRzY2FwZYi2BBMBAgAgBQJJc396AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ + boWobkZStOb+rwP+ONKUWeX+MTIPqGWkknBPV7jm8nyyIUojC4IhS+9YR6GYnn0hMABSkEHm + IV73feKmrT2GESYI1UdYeKiOkWsPN/JyBk+eTvKet0qsw5TluqiHSW+LEi/+zUyrS3dDMX3o + yaLgYa+UkjIyxnaKLkQuCiS+D+fYwnJulIkhaKObtdE= + =UwRd + -----END PGP PUBLIC KEY BLOCK----- + #registration-key: include-file://../secrets/landscape-registration.txt + disable-unattended-upgrades: True + # the reason that this has to be done manually is because Landscape server needs an admin user to be + # created first (manual step, see above). Once the user and registration key is set configure the clients' url and ping-url options. + #ping-url: http://landscape.example.com/ping + #url: https://landscape.example.com/message-system + prometheus: + charm: cs:prometheus2 + series: bionic + bindings: + "": *oam-space + num_units: 1 + to: + - lxd:201 + prometheus-openstack-exporter: + charm: cs:prometheus-openstack-exporter + constraints: *oam-space-constr + bindings: + "": *public-space + identity-credentials: *internal-space + prometheus-openstack-exporter-service: *oam-space + num_units: 1 + to: + - lxd:201 + grafana: + charm: cs:~prometheus-charmers/grafana + bindings: + "": *oam-space + options: + port: "3000" + install_method: snap + num_units: 1 + to: + - lxd:201 + telegraf: + charm: cs:telegraf + options: + # Contrail services are listening on 8094 + socket_listener_port: '8095' + install_sources: | + - 'deb http://192.168.1.12/ppa.launchpad.net/telegraf-devs/ppa/ubuntu focal main' + install_keys: |- + - | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: SKS 1.1.6 + Comment: Hostname: keyserver.ubuntu.com + mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h + LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz + rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M + xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb + s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs + 04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS + AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB + M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy + OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR + Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg + UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE + FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW + 60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V + iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S + Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49 + eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ + 5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3 + XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi + J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/ + +WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI + vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA== + =ufaX + -----END PGP PUBLIC KEY BLOCK----- + extra_plugins: | + [[inputs.exec]] + commands = [ "/usr/bin/awk '{print int($1)}' /proc/uptime" ] + name_override = "exec_uptime" + data_format = "value" + bindings: + # overrides private-address exposed to prometheus + prometheus-client: *oam-space + telegraf-prometheus: + charm: cs:telegraf + bindings: + # overrides private-address exposed to prometheus + prometheus-client: *oam-space + options: + install_sources: | + - 'deb http://192.168.1.12/ppa.launchpad.net/telegraf-devs/ppa/ubuntu focal main' + install_keys: |- + - | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: SKS 1.1.6 + Comment: Hostname: keyserver.ubuntu.com + mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h + LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz + rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M + xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb + s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs + 04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS + AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB + M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy + OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR + Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg + UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE + FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW + 60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V + iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S + Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49 + eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ + 5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3 + XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi + J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/ + +WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI + vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA== + =ufaX + -----END PGP PUBLIC KEY BLOCK----- +# canonical-livepatch: +# charm: cs:canonical-livepatch +# options: +# livepatch_key: include-file://../secrets/livepatch-key.txt +# livepatch_proxy: *snap-proxy +# #livepatch_proxy: 'http://10.2.65.7:8080' +# thruk-agent: +# charm: cs:thruk-agent +# series: bionic +# options: +# source: 'deb http://ppa.launchpad.net/canonical-bootstack/thruk/ubuntu bionic main' +# key: | +# -----BEGIN PGP PUBLIC KEY BLOCK----- +# Version: SKS 1.1.6 +# Comment: Hostname: keyserver.ubuntu.com +# mQINBFQSRaQBEADDAtFnmi0w6ddIoR5olNu2778ACItGLtLPmlKTHJUjbs26nLZQcp5OY2DR +# cE03k55eXy7mn1aSxQaIqbC6lSPzpy+d1RTXMJmIJcEuyJKmJ2XfS9TgdhS3hrYmmNuFnBqp +# xc8FAqDnD/BnlF1suhgLf0mxiEZaTev5/ps3f/Ma8RK5ev5rM3ou/8iLewXlXBH83lf2OnzV +# BuYeAc/ikAnSg7dxyI26RMqdPi60NC67AVYqEddg8XoJ7zppUkvH4F+SlbgeadwEj6tjsOO3 +# S/CII9AuSyUbkxm10HHKh3WiKgd8sUWmOvMwTow7NkThlydzDiyIS+WBCfoMWdogqTER+7wX +# tfpR4Bo84ZJAx9ksi8YBidx1gCn6jgebkB4xeel7BTwoIAZL+ShWyYRCSo++DQneE4LkhPr8 +# 8V2+/VQbkXWIcyNagEA8mTJtkXgk3Pjalumt2TyR95/pxodN1+bVd2scoT4OMlAtKTZISwXs +# evYNo8Z6/ymFuSmtqYGGKA11vpao/OJfF4dvVkdArQ1gxgxhFnZyekZlwD81uC6hT/aTqiz6 +# 9nSYvVZsnQJcPE2hjEZ+Fk3x/A3NGGQrorICRFuoLzjTFAoeOnhdTaMIQzwXg4bdYCNv4j8P +# PJkvF8EPi1lgcOZ1k1Ng4DRSu1EkHGs3i50h4nyVScKEaaDtRwARAQABtCVMYXVuY2hwYWQg +# UFBBIGZvciBDYW5vbmljYWwgQm9vdHN0YWNriQI4BBMBAgAiBQJUEkWkAhsDBgsJCAcDAgYV +# CAIJCgsEFgIDAQIeAQIXgAAKCRBLmoF0eiB1QuDOD/wLwZrtJOSm1W7Gkm5Qj5djkXi7b8mc +# M4vS2fbxdZJjE+KRqxOHGdK68CT8RyUCfl13+RLyA45UxsNSoGmdnTcc7LUJbihxy92WgzF5 +# saJ1ObTMge/avS8kJ7l1B0xS3hue5GXfyVYcYlXV6gD53Kfu03z619PE2rmukm1YtyRWPQho +# okr4kNIJbAqG8LR0GnF0CKt9oq5bIs06LvBm2cbFa9txeDOZcLMKfgMOda3Ju7U6k56MYl4a +# sUUP8oXehcvbLx9nsOT4A4XHLj+yOTuXGsTXvn+M6NXODuHj3cN0OvVN+o6/6kjyVuWJqONr +# IdJ5knIWx6UKoWXzRdcqbsSyDpyuUjOFAPyQdQ3zs1DL9vJbOUasQOilR+YVX+ULN9Q17GkK +# IwZc68b9bDZQRtJi2bOhorWamHKZuEKw95lCEHOms/C4Lw04y7sPnXV0MZejXfn/X4N5BELb +# ItSPhoe2IBrh9p1W7CMvfkvjO62nM6oqh6vdKmgW4Im/PG+7DYpLAIHY+C0WsbI2BKDTHNYu +# VKBmUjgMwfz+peks7pJBUgT74XR954vnOvMn0IiSV/+aoHANzeA9dxkt5W5YW1gBK9sw3eTQ +# 9jcRJzswkuHqgE+HFqGFzIgBYB+769+vUdbVEIDKPQXJB94VoLv2oFe1eOQhIbuBTZtDe2x6 +# DCE3Nw== +# =Kaig +# -----END PGP PUBLIC KEY BLOCK----- + prometheus-ceph-exporter: + charm: cs:prometheus-ceph-exporter + series: bionic + bindings: + "": *oam-space + ceph: *ceph-public-space + num_units: 1 + to: + - lxd:200 +# external-policy-routing: +# charm: cs:~canonical-bootstack/policy-routing +# options: +# cidr: *external-network-cidr +# gateway: *external-network-gateway + + ceilometer: + charm: cs:ceilometer + num_units: 3 + bindings: + "": *oam-space + public: *public-space + admin: *admin-space + internal: *internal-space + options: + openstack-origin: *openstack-origin + region: *openstack-region + use-internal-endpoints: True + to: + - lxd:200 + - lxd:201 + - lxd:202 + ceilometer-agent: + charm: cs:ceilometer-agent + options: + use-internal-endpoints: True + + #Just to depoy ubuntu charm for contrail servers + juniper-server: + charm: cs:ubuntu + num_units: 3 + to: + - 400 + - 401 + - 402 + +# vault stuff + etcd: + charm: cs:etcd + num_units: 3 + bindings: + "": *oam-space + cluster: *internal-space + db: *internal-space + options: + channel: 3.2/stable + to: + - lxd:400 + - lxd:401 + - lxd:402 + easyrsa: + charm: cs:~containers/easyrsa + num_units: 1 + bindings: + "": *oam-space + to: + - lxd:402 + vault: + charm: cs:vault + num_units: 3 + bindings: + "": *oam-space + access: *internal-space + secrets: *internal-space + certificates: *internal-space + ha: *internal-space + etcd: *internal-space + cluster: *internal-space + options: + vip: *vault-vip + nagios_context: *nagios-context + to: + - lxd:400 + - lxd:401 + - lxd:402 + +relations: + # openstack + - [ "keystone:ha", "hacluster-keystone:ha" ] + - [ "keystone:shared-db", "keystone-mysql-router:shared-db" ] + + - [ "cinder:shared-db", "cinder-mysql-router:shared-db" ] + - [ "cinder:identity-service", "keystone:identity-service" ] + - [ "cinder:amqp", "rabbitmq-server:amqp" ] + - [ "cinder:ha", "hacluster-cinder:ha" ] + + - [ "cinder-ceph:ceph", "ceph-mon:client" ] + - [ "cinder-ceph:storage-backend", "cinder:storage-backend" ] + +# - [ "cinder2:shared-db", "cinder2-mysql-router:shared-db" ] +# - [ "cinder2:identity-service", "keystone:identity-service" ] +# - [ "cinder2:amqp", "rabbitmq-server:amqp" ] +# - [ "cinder2:ha", "hacluster-cinder2:ha" ] + +# - [ "cinder-ceph:storage-backend", "cinder2:storage-backend" ] + +# - [ "cinder2", "cinder-backup" ] + + - [ "ceph-osd:mon", "ceph-mon:osd" ] +# - [ "ceph-osd2:mon", "ceph-mon:osd" ] + + - [ "glance:ha", "hacluster-glance:ha" ] + - [ "glance:shared-db", "glance-mysql-router:shared-db" ] + - [ "glance:identity-service", "keystone:identity-service" ] + - [ "glance:ceph", "ceph-mon:client" ] + - [ "glance:amqp", "rabbitmq-server:amqp" ] + - [ "glance:image-service", "cinder:image-service" ] + + - [ "heat:ha", "hacluster-heat:ha" ] + - [ "heat:shared-db", "heat-mysql-router:shared-db" ] + - [ "heat:identity-service", "keystone:identity-service" ] + - [ "heat:amqp", "rabbitmq-server:amqp" ] + + - [ "neutron-api:ha", "hacluster-neutron:ha" ] + - [ "neutron-api:shared-db", "neutron-api-mysql-router:shared-db" ] + - [ "neutron-api:amqp", "rabbitmq-server:amqp" ] + - [ "neutron-api:neutron-api", "nova-cloud-controller:neutron-api" ] + - [ "neutron-api:identity-service", "keystone:identity-service" ] + + - [ "nova-cloud-controller:ha", "hacluster-nova:ha" ] + - [ "nova-cloud-controller:shared-db", "nova-cloud-controller-mysql-router:shared-db" ] + - [ "nova-cloud-controller:amqp", "rabbitmq-server:amqp" ] + - [ "nova-cloud-controller:identity-service", "keystone:identity-service" ] + - [ "nova-cloud-controller:image-service", "glance:image-service" ] + - [ "nova-cloud-controller:memcache", "memcached:cache" ] + + - [ "nova-compute:juju-info", "ntp:juju-info" ] + - [ "nova-compute:amqp", "rabbitmq-server:amqp" ] + - [ "nova-compute:ceph", "ceph-mon:client" ] + - [ "nova-compute:ceph-access", "cinder-ceph:ceph-access" ] + - [ "nova-compute:image-service", "glance:image-service" ] + - [ "nova-compute:cloud-compute", "nova-cloud-controller:cloud-compute" ] + + - [ "openstack-dashboard:ha", "hacluster-horizon:ha" ] + - [ "openstack-dashboard:identity-service", "keystone:identity-service" ] + - [ "openstack-dashboard:shared-db", "keystone-mysql-router:shared-db" ] + + # ceilometer + - [ "ceilometer:identity-credentials", "keystone:identity-credentials" ] + - [ "ceilometer:amqp", "rabbitmq-server:amqp" ] + + - [ "ceilometer-agent:ceilometer-service", "ceilometer:ceilometer-service" ] + - [ "ceilometer-agent:nova-ceilometer", "nova-compute:nova-ceilometer" ] + - [ "ceilometer-agent:amqp", "rabbitmq-server:amqp"] + + # gnocchi + - [ "gnocchi:ha", "hacluster-gnocchi:ha" ] + - [ "gnocchi:shared-db", "gnocchi-mysql-router:shared-db" ] + - [ "gnocchi:amqp", "rabbitmq-server:amqp" ] + - [ "gnocchi:identity-service", "keystone:identity-service" ] + - [ "gnocchi:storage-ceph", "ceph-mon:client" ] + - [ "gnocchi:coordinator-memcached", "memcached:cache" ] + - [ "gnocchi:metric-service", "ceilometer:metric-service" ] + + # aodh + - [ "aodh:shared-db", "aodh-mysql-router:shared-db" ] + - [ "aodh:identity-service", "keystone:identity-service" ] + - [ "aodh:amqp", "rabbitmq-server:amqp" ] + - [ "aodh:ha", "hacluster-aodh:ha" ] + + # sysconfig relations + #- [ "ceph-osd:juju-info", "sysconfig-storage:juju-info" ] + - [ "nova-compute:juju-info", "sysconfig-compute:juju-info" ] + - [ "neutron-gateway:juju-info", "sysconfig-control:juju-info" ] + + # Neutron-gateway relations + - [ "neutron-gateway", "nova-cloud-controller" ] + - [ "neutron-gateway:amqp", "rabbitmq-server:amqp" ] + - [ "neutron-gateway:neutron-plugin-api", "neutron-api:neutron-plugin-api" ] + - [ "neutron-gateway:juju-info", "ntp:juju-info" ] + + # Neutron-openvswitch relations + - [ "neutron-openvswitch:amqp" , "rabbitmq-server:amqp" ] + - [ "neutron-openvswitch" , "neutron-api" ] + - [ "neutron-openvswitch" , "nova-compute" ] + + # vault stuff + - [ "vault:shared-db", "vault-mysql-router:shared-db" ] + - [ "vault:ha", "hacluster-vault:ha" ] + + - [ "ceph-osd:secrets-storage", "vault:secrets"] +# - [ "ceph-osd2:secrets-storage", "vault:secrets"] + - [ "etcd:certificates", "easyrsa:client" ] + - [ "etcd:db", "vault:etcd" ] + + # vault lma/monitoring + - [ "telegraf:juju-info", "vault:juju-info" ] + - [ "filebeat:beats-host", "vault:juju-info" ] + - [ "nrpe-container:nrpe-external-master", "vault:nrpe-external-master" ] + - [ "landscape-client:container", "vault:juju-info" ] + + - [ "telegraf:juju-info", "etcd:juju-info" ] + - [ "filebeat:beats-host", "etcd:juju-info" ] + - [ "nrpe-container:nrpe-external-master", "etcd:nrpe-external-master" ] + - [ "landscape-client:container", "etcd:juju-info" ] + + - [ "telegraf:juju-info", "easyrsa:juju-info" ] + - [ "filebeat:beats-host", "easyrsa:juju-info" ] + - [ "nrpe-container:general-info", "easyrsa:juju-info" ] + - [ "landscape-client:container", "easyrsa:juju-info" ] + + # memcached + - [ "memcached:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "memcached:juju-info", "telegraf:juju-info" ] + - [ "memcached:juju-info", "filebeat:beats-host" ] + - [ "memcached:juju-info", "landscape-client:container" ] + + # grafana + - [ "grafana:juju-info", "filebeat:beats-host" ] + - [ "grafana:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "grafana:juju-info", "telegraf:juju-info" ] + - [ "grafana:juju-info", "landscape-client:container" ] + + # graylog + - [ "graylog:elasticsearch", "elasticsearch:client" ] + - [ "graylog:mongodb", "graylog-mongodb:database" ] + - [ "graylog:beats", "filebeat:logstash" ] + - [ "graylog:nrpe-external-master", "nrpe-host:nrpe-external-master" ] + - [ "graylog:juju-info", "telegraf:juju-info" ] + - [ "graylog:juju-info", "landscape-client:container" ] + + # nagios + - [ "nagios:juju-info", "filebeat:beats-host" ] + - [ "nagios:juju-info", "telegraf:juju-info" ] + - [ "nagios:monitors", "nrpe-container:monitors" ] + - [ "nagios:monitors", "nrpe-host:monitors" ] + - [ "nagios:juju-info", "landscape-client-bionic:container" ] + + # openstack-service-checks + - [ "openstack-service-checks:identity-credentials", "keystone:identity-credentials" ] + - [ "openstack-service-checks:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "openstack-service-checks:juju-info", "telegraf:juju-info" ] + - [ "openstack-service-checks:juju-info", "filebeat:beats-host" ] + - [ "openstack-service-checks:juju-info", "landscape-client:container" ] + + # graylog-mongodb + - [ "graylog-mongodb:juju-info", "telegraf:juju-info" ] + - [ "graylog-mongodb:juju-info", "filebeat:beats-host" ] + - [ "graylog-mongodb:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "graylog-mongodb:juju-info", "landscape-client:container" ] + + # elasticsearch + - [ "elasticsearch:juju-info", "filebeat:beats-host" ] + - [ "elasticsearch:juju-info", "telegraf:juju-info" ] + - [ "elasticsearch:nrpe-external-master", "nrpe-host:nrpe-external-master" ] + - [ "elasticsearch:juju-info", "landscape-client:container" ] + + # prometheus + - [ "prometheus:juju-info", "filebeat:beats-host" ] + - [ "prometheus:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "prometheus:juju-info", "telegraf-prometheus:juju-info" ] + - [ "prometheus:grafana-source", "grafana:grafana-source" ] + - [ "prometheus:target", "telegraf:prometheus-client" ] + - [ "prometheus:juju-info", "landscape-client:container" ] + + # prometheus-openstack-exporter + - [ "prometheus-openstack-exporter:identity-credentials", "keystone:identity-credentials" ] + - [ "prometheus-openstack-exporter:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "prometheus-openstack-exporter:prometheus-openstack-exporter-service", "prometheus:target" ] + - [ "prometheus-openstack-exporter:juju-info", "filebeat:beats-host" ] + - [ "prometheus-openstack-exporter:juju-info", "telegraf:juju-info" ] + - [ "prometheus-openstack-exporter:juju-info", "landscape-client:container" ] + + # prometheus-ceph-exporter + - [ "prometheus-ceph-exporter:ceph", "ceph-mon:client" ] + - [ "prometheus-ceph-exporter:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "prometheus-ceph-exporter:ceph-exporter", "prometheus:target" ] + - [ "prometheus-ceph-exporter:juju-info", "filebeat:beats-host" ] + - [ "prometheus-ceph-exporter:juju-info", "telegraf:juju-info" ] + - [ "prometheus-ceph-exporter:juju-info", "landscape-client:container" ] + + # juniper server + - [ "juniper-server:juju-info", "ntp:juju-info" ] + + # LMA/landscape subordinates + - [ "nova-compute", "filebeat" ] + - [ "nova-compute", "telegraf" ] + - [ "nova-compute", "nrpe-host" ] + - [ "nova-compute", "landscape-client" ] + + - [ "neutron-gateway", "filebeat" ] + - [ "neutron-gateway", "telegraf" ] + - [ "neutron-gateway", "nrpe-host" ] + - [ "neutron-gateway", "landscape-client" ] + + - [ "keystone", "filebeat" ] + - [ "keystone", "telegraf" ] + - [ "keystone", "nrpe-container" ] + - [ "keystone", "landscape-client" ] + + - [ "glance", "filebeat" ] + - [ "glance", "telegraf" ] + - [ "glance", "nrpe-container" ] + - [ "glance", "landscape-client" ] + + - [ "cinder", "filebeat" ] + - [ "cinder", "telegraf" ] + - [ "cinder", "nrpe-container" ] + - [ "cinder", "landscape-client" ] + +# - [ "cinder2", "filebeat" ] +# - [ "cinder2", "telegraf" ] +# - [ "cinder2", "nrpe-container" ] +# - [ "cinder2", "landscape-client" ] + + - [ "heat", "filebeat" ] + - [ "heat", "telegraf" ] + - [ "heat", "nrpe-container" ] + - [ "heat", "landscape-client" ] + + - [ "mysql", "filebeat" ] + - [ "mysql", "telegraf" ] + - [ "mysql", "nrpe-container" ] + - [ "mysql", "landscape-client" ] + + - [ "ceph-mon", "filebeat" ] + - [ "ceph-mon", "telegraf" ] + - [ "ceph-mon", "nrpe-container" ] + - [ "ceph-mon", "landscape-client" ] + + - [ "neutron-api", "filebeat" ] + - [ "neutron-api", "telegraf" ] + - [ "neutron-api", "nrpe-container" ] + - [ "neutron-api", "landscape-client" ] + + - [ "rabbitmq-server", "filebeat" ] + - [ "rabbitmq-server", "telegraf" ] + - [ "rabbitmq-server", "nrpe-container" ] + - [ "rabbitmq-server", "landscape-client" ] + + - [ "openstack-dashboard", "filebeat" ] + - [ "openstack-dashboard", "telegraf" ] + - [ "openstack-dashboard", "nrpe-container" ] + - [ "openstack-dashboard", "landscape-client" ] + + - [ "nova-cloud-controller", "filebeat" ] + - [ "nova-cloud-controller", "telegraf" ] + - [ "nova-cloud-controller", "nrpe-container" ] + - [ "nova-cloud-controller", "landscape-client" ] + + - [ "gnocchi", "filebeat" ] + - [ "gnocchi", "telegraf" ] + - [ "gnocchi", "nrpe-container" ] + - [ "gnocchi", "landscape-client" ] + + - [ "ceilometer", "filebeat" ] + - [ "ceilometer", "telegraf" ] + - [ "ceilometer", "nrpe-container" ] + - [ "ceilometer", "landscape-client" ] + + - [ "aodh", "filebeat" ] + - [ "aodh", "telegraf" ] + - [ "aodh", "landscape-client" ] + - [ "aodh", "nrpe-container" ] + + - [ "juniper-server", "telegraf" ] + - [ "juniper-server", "filebeat" ] + - [ "juniper-server", "landscape-client" ] + - [ "juniper-server", "nrpe-host" ] + + - [ "hacluster-aodh:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "hacluster-cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "hacluster-glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "hacluster-gnocchi:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "hacluster-heat:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "hacluster-horizon:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "hacluster-keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "hacluster-neutron:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + - [ "hacluster-nova:nrpe-external-master", "nrpe-container:nrpe-external-master" ] + + # Landscape + - [ "landscape-server:juju-info", "ntp:juju-info" ] + - [ "landscape-server:juju-info", "filebeat:beats-host" ] + - [ "landscape-server:juju-info", "nrpe-host:general-info" ] + - [ "landscape-server:juju-info", "telegraf:juju-info" ] + - [ "landscape-server:juju-info", "landscape-client-bionic:container" ] + + - [ "landscape-rabbitmq-server:juju-info", "ntp:juju-info" ] + - [ "landscape-rabbitmq-server:juju-info", "filebeat:beats-host" ] + - [ "landscape-rabbitmq-server:nrpe-external-master", "nrpe-host:nrpe-external-master" ] + - [ "landscape-rabbitmq-server:juju-info", "telegraf:juju-info" ] + - [ "landscape-rabbitmq-server:juju-info", "landscape-client:container" ] + + - [ "landscape-postgresql:juju-info", "ntp:juju-info" ] + - [ "landscape-postgresql:juju-info", "filebeat:beats-host" ] + - [ "landscape-postgresql:local-monitors", "nrpe-host:local-monitors" ] + - [ "landscape-postgresql:juju-info", "nrpe-host:general-info" ] + - [ "landscape-postgresql:juju-info", "telegraf:juju-info" ] + - [ "landscape-postgresql:juju-info", "landscape-client-bionic:container" ] + + - [ "landscape-haproxy:juju-info", "filebeat:beats-host" ] + - [ "landscape-haproxy:juju-info", "nrpe-host:general-info" ] + - [ "landscape-haproxy:local-monitors", "nrpe-host:local-monitors" ] + - [ "landscape-haproxy:juju-info", "telegraf:juju-info" ] + - [ "landscape-haproxy:juju-info", "landscape-client:container" ] + + - [ "landscape-server:amqp", "landscape-rabbitmq-server:amqp" ] + - [ "landscape-server:website", "landscape-haproxy:reverseproxy" ] + - [ "landscape-server:db", "landscape-postgresql:db-admin" ] + + +