1 heat_template_version: 2014-10-16
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
205 NeutronL3HA: #FIXME this isn't wired in
207 description: Whether to enable l3-agent HA
211 description: Whether to configure Neutron Distributed Virtual Routers
213 NeutronMetadataProxySharedSecret:
215 description: Shared secret to prevent spoofing
217 NeutronMechanismDrivers:
218 default: 'openvswitch'
220 The mechanism drivers for the Neutron tenant network. To specify multiple
221 values, use a comma separated string, like so: 'openvswitch,l2_population'
223 NeutronAllowL3AgentFailover:
225 description: Allow automatic l3-agent failover
227 NeutronEnableTunnelling:
233 description: If set, flat networks to configure in neutron plugins.
236 description: The tenant network type for Neutron, either gre or vxlan.
238 NeutronNetworkVLANRanges:
239 default: 'datacentre'
241 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
242 Neutron documentation for permitted values. Defaults to permitting any
243 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
247 description: The password for the neutron service account, used by neutron agents.
250 NeutronPublicInterface:
252 description: What interface to bridge onto br-ex for network nodes.
254 NeutronPublicInterfaceTag:
257 VLAN tag for creating a public VLAN. The tag will be used to
258 create an access port on the exterior bridge for each control plane node,
259 and that port will be given the IP address returned by neutron from the
260 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
261 overcloud.yaml to include the deployment of VLAN ports to the control
264 NeutronPublicInterfaceDefaultRoute:
266 description: A custom default route for the NeutronPublicInterface.
268 NeutronPublicInterfaceIP:
270 description: A custom IP address to put onto the NeutronPublicInterface.
272 NeutronPublicInterfaceRawDevice:
274 description: If set, the public interface is a vlan with this device as the raw device.
279 The tunnel types for the Neutron tenant network. To specify multiple
280 values, use a comma separated string, like so: 'gre,vxlan'
284 description: The password for the nova service account, used by nova-api.
290 PublicVirtualInterface:
293 Specifies the interface where the public-facing virtual ip will be assigned.
294 This should be int_public when a VLAN is being used.
298 default: '' # Has to be here because of the ignored empty value bug
301 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
322 SnmpdReadonlyUserName:
323 default: ro_snmp_user
324 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
326 SnmpdReadonlyUserPassword:
328 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
333 description: If set, the contents of an SSL certificate authority file.
337 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
342 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
347 description: A random string to be used as a salt when hashing to determine mappings
353 description: Value of mount_check in Swift account/container/object -server.conf
358 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
361 description: Partition Power to use when building Swift rings
365 description: The password for the swift service account, used by the swift proxy
372 description: How many replicas to use in the swift rings.
375 default: '' # Has to be here because of the ignored empty value bug
381 type: OS::Nova::Server
383 image: {get_param: Image}
384 image_update_policy: {get_param: ImageUpdatePolicy}
385 flavor: {get_param: Flavor}
386 key_name: {get_param: KeyName}
389 user_data_format: SOFTWARE_CONFIG
392 type: OS::TripleO::Net::SoftwareConfig
395 type: OS::TripleO::SoftwareDeployment
397 signal_transport: NO_SIGNAL
398 config: {get_attr: [NetworkConfig, config_id]}
399 server: {get_resource: Controller}
402 interface_name: {get_param: NeutronPublicInterface}
404 ControllerDeployment:
405 type: OS::TripleO::SoftwareDeployment
407 signal_transport: NO_SIGNAL
408 config: {get_resource: ControllerConfig}
409 server: {get_resource: Controller}
411 bootstack_nodeid: {get_attr: [Controller, name]}
412 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
413 controller_virtual_ip: {get_param: VirtualIP}
414 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
415 heat.watch_server_url:
419 - {get_param: VirtualIP}
421 heat.metadata_server_url:
425 - {get_param: VirtualIP}
427 heat.waitcondition_server_url:
431 - {get_param: VirtualIP}
432 - ':8000/v1/waitcondition'
433 admin_password: {get_param: AdminPassword}
434 admin_token: {get_param: AdminToken}
435 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
436 debug: {get_param: Debug}
437 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
438 cinder_password: {get_param: CinderPassword}
439 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
443 - - 'mysql://cinder:unset@'
444 - {get_param: VirtualIP}
446 glance_port: {get_param: GlancePort}
447 glance_protocol: {get_param: GlanceProtocol}
448 glance_password: {get_param: GlancePassword}
449 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
450 glance_log_file: {get_param: GlanceLogFile}
454 - - 'mysql://glance:unset@'
455 - {get_param: VirtualIP}
457 heat_password: {get_param: HeatPassword}
458 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
462 - - 'mysql://heat:unset@'
463 - {get_param: VirtualIP}
465 keystone_ca_certificate: {get_param: KeystoneCACertificate}
466 keystone_signing_key: {get_param: KeystoneSigningKey}
467 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
468 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
469 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
473 - - 'mysql://keystone:unset@'
474 - {get_param: VirtualIP}
476 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
477 mysql_root_password: {get_param: MysqlRootPassword}
480 template: tripleo-CLUSTER
482 CLUSTER: {get_param: MysqlClusterUniquePart}
483 neutron_flat_networks: {get_param: NeutronFlatNetworks}
484 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
485 neutron_agent_mode: {get_param: NeutronAgentMode}
486 neutron_router_distributed: {get_param: NeutronDVR}
487 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
488 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
489 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
490 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
491 neutron_public_interface: {get_param: NeutronPublicInterface}
492 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
493 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
494 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
495 neutron_tenant_network_type: {get_param: NeutronNetworkType}
496 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
497 neutron_password: {get_param: NeutronPassword}
498 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
502 - - 'mysql://neutron:unset@'
503 - {get_param: VirtualIP}
504 - '/ovs_neutron?charset=utf8'
505 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
506 ceilometer_password: {get_param: CeilometerPassword}
510 - - 'mysql://ceilometer:unset@'
511 - {get_param: VirtualIP}
513 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
514 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
515 nova_password: {get_param: NovaPassword}
519 - - 'mysql://nova:unset@'
520 - {get_param: VirtualIP}
522 rabbit_username: {get_param: RabbitUserName}
523 rabbit_password: {get_param: RabbitPassword}
524 rabbit_cookie: {get_param: RabbitCookie}
525 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
526 rabbit_client_port: {get_param: RabbitClientPort}
527 ntp_server: {get_param: NtpServer}
528 control_virtual_interface: {get_param: ControlVirtualInterface}
529 public_virtual_interface: {get_param: PublicVirtualInterface}
530 public_virtual_ip: {get_param: PublicVirtualIP}
533 # Map heat metadata into hiera datafiles
535 type: OS::Heat::StructuredConfig
537 group: os-apply-config
541 - heat_config_%{::deploy_config_name}
546 raw_data: {get_file: puppet/hieradata/common.yaml}
548 raw_data: {get_file: puppet/hieradata/controller.yaml}
549 oac_data: # data we map in from other OAC configurations
550 bootstrap_nodeid: bootstrap_host.bootstrap_nodeid
551 mapped_data: # data supplied directly to this deployment configuration, etc
552 debug: {get_input: debug}
553 bootstack_nodeid: {get_input: bootstack_nodeid}
554 controller_host: {get_input: controller_host} #local-ipv4
556 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
557 cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper}
558 cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host}
559 cinder::database_connection: {get_input: cinder_dsn}
560 cinder::api::keystone_password: {get_input: cinder_password}
561 cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
562 cinder::api::bind_host: {get_input: controller_host}
563 cinder::rabbit_userid: {get_input: rabbit_username}
564 cinder::rabbit_password: {get_input: rabbit_password}
565 #cinder::debug: {get_input: debug}
567 glance::api::bind_port: {get_input: glance_port}
568 glance::api::bind_host: {get_input: controller_host}
569 glance::api::auth_host: {get_input: controller_virtual_ip}
570 glance::api::registry_host: {get_input: controller_host}
571 glance::api::keystone_password: {get_input: glance_password}
572 # used to construct glance_api_servers
573 glance_port: {get_input: glance_port}
574 glance_protocol: {get_input: glance_protocol}
575 glance_notifier_strategy: {get_input: glance_notifier_strategy}
576 glance_log_file: {get_input: glance_log_file}
577 glance_log_file: {get_input: glance_log_file}
578 glance::api::database_connection: {get_input: glance_dsn}
579 glance::registry::keystone_password: {get_input: glance_password}
580 glance::registry::database_connection: {get_input: glance_dsn}
581 glance::registry::bind_host: {get_input: controller_host}
582 glance::registry::auth_host: {get_input: controller_virtual_ip}
584 heat_password: {get_input: heat_password}
585 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
586 heat_dsn: {get_input: heat_dsn}
587 heat.watch_server_url: {get_input: heat.watch_server_url}
588 heat.metadata_server_url: {get_input: heat.metadata_server_url}
589 heat.waitcondition_server_url: {get_input: heat.waitcondition_server_url}
591 keystone::admin_token: {get_input: admin_token}
592 keystone_ca_certificate: {get_input: keystone_ca_certificate}
593 keystone_signing_key: {get_input: keystone_signing_key}
594 keystone_signing_certificate: {get_input: keystone_signing_certificate}
595 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
596 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
597 keystone::database_connection: {get_input: keystone_dsn}
598 keystone::public_bind_host: {get_input: controller_host}
599 keystone::admin_bind_host: {get_input: controller_host}
600 #keystone::debug: {get_input: debug}
602 admin_password: {get_input: admin_password}
603 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
604 mysql_root_password: {get_input: mysql_root_password}
605 mysql_cluster_name: {get_input: mysql_cluster_name}
607 neutron::bind_host: {get_input: controller_host}
608 neutron::rabbit_password: {get_input: rabbit_password}
609 neutron::rabbit_user: {get_input: rabbit_user}
610 #neutron::debug: {get_input: debug}
611 neutron::server::auth_host: {get_input: controller_virtual_ip}
612 neutron::server::database_connection: {get_input: neutron_dsn}
613 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
614 neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
615 neutron_flat_networks: {get_input: neutron_flat_networks}
616 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
617 neutron_agent_mode: {get_input: neutron_agent_mode}
618 neutron_router_distributed: {get_input: neutron_router_distributed}
619 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
620 neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
621 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
622 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
623 neutron_public_interface: {get_input: neutron_public_interface}
624 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
625 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
626 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
627 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
628 neutron_tunnel_types: {get_input: neutron_tunnel_types}
629 neutron::server::auth_password: {get_input: neutron_password}
630 neutron::agents::metadata::auth_password: {get_input: neutron_password}
631 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
632 neutron_dsn: {get_input: neutron_dsn}
634 ceilometer_metering_secret: {get_input: ceilometer_metering_secret}
635 ceilometer_password: {get_input: ceilometer_password}
636 ceilometer_dsn: {get_input: ceilometer_dsn}
637 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
638 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
640 nova::rabbit_userid: {get_input: rabbit_username}
641 nova::rabbit_password: {get_input: rabbit_password}
642 nova::api::auth_host: {get_input: controller_virtual_ip}
643 nova::api::api_bind_address: {get_input: controller_host}
644 nova::api::metadata_listen: {get_input: controller_host}
645 nova::api::admin_password: {get_input: nova_password}
646 nova::database_connection: {get_input: nova_dsn}
647 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
649 rabbit_username: {get_input: rabbit_username}
650 rabbit_password: {get_input: rabbit_password}
651 rabbit_cookie: {get_input: rabbit_cookie}
652 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
653 rabbit_client_port: {get_input: rabbit_client_port}
655 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
656 ntp_server: {get_input: ntp_server}
657 control_virtual_interface: {get_input: control_virtual_interface}
658 controller_virtual_ip: {get_input: controller_virtual_ip}
659 public_virtual_interface: {get_input: public_virtual_interface}
660 public_virtual_ip: {get_input: public_virtual_ip}
661 # Load Balancer (composition class parameters)
662 tripleo::loadbalancer::keystone_admin: true
663 tripleo::loadbalancer::keystone_public: true
664 tripleo::loadbalancer::neutron: true
665 tripleo::loadbalancer::cinder: true
666 tripleo::loadbalancer::glance_api: true
667 tripleo::loadbalancer::glance_registry: true
668 tripleo::loadbalancer::nova_ec2: true
669 tripleo::loadbalancer::nova_osapi: true
670 tripleo::loadbalancer::nova_metadata: true
671 tripleo::loadbalancer::nova_novncproxy: true
672 tripleo::loadbalancer::mysql: true
673 tripleo::loadbalancer::rabbitmq: true
675 # NOTE(dprince): this example uses a composition class
676 # on the puppet side (loadbalancer.pp). This seemed like the
677 # cleanest way to encapulate the puppet resources definitions
678 # for HAProxy and Keepalived.
679 ControllerLoadbalancerPuppetConfig:
680 type: OS::Heat::SoftwareConfig
690 get_file: puppet/loadbalancer.pp
692 ControllerLoadbalancerPuppetDeployment:
693 type: OS::Heat::StructuredDeployment
696 server: {get_resource: Controller}
697 config: {get_resource: ControllerLoadbalancerPuppetConfig}
699 ControllerPuppetConfig:
700 type: OS::Heat::SoftwareConfig
711 get_file: puppet/overcloud_controller.pp
713 # Step through a series of two more Puppet runs using the same manifest.
714 # NOTE(dprince): Heat breakpoints would make for a really cool way to step
715 # through breakpoints in a controlled manner across the entire cluster
716 ControllerPuppetDeploymentTwo:
717 type: OS::Heat::StructuredDeployment
720 server: {get_resource: Controller}
721 config: {get_resource: ControllerPuppetConfig}
724 actions: ['CREATE'] # no need for two passes on an UPDATE
726 ControllerPuppetDeploymentThree:
727 type: OS::Heat::StructuredDeployment
730 server: {get_resource: Controller}
731 config: {get_resource: ControllerPuppetConfig}
737 description: IP address of the server in the ctlplane network
738 value: {get_attr: [Controller, networks, ctlplane, 0]}
740 description: Hostname of the server
741 value: {get_attr: [Controller, name]}
744 Node object in the format {ip: ..., name: ...} format that the corosync
747 ip: {get_attr: [Controller, networks, ctlplane, 0]}
748 name: {get_attr: [Controller, name]}
751 Server's IP address and hostname in the /etc/hosts format
754 template: IP HOST HOST.novalocal CLOUDNAME
756 IP: {get_attr: [Controller, networks, ctlplane, 0]}
757 HOST: {get_attr: [Controller, name]}
758 CLOUDNAME: {get_param: CloudName}
759 nova_server_resource:
760 description: Heat resource handle for the Nova compute server
762 {get_resource: Controller}
764 description: Swift device formatted for swift-ring-builder
767 template: 'r1z1-IP:%PORT%/d1'
769 IP: {get_attr: [Controller, networks, ctlplane, 0]}
770 swift_proxy_memcache:
771 description: Swift proxy-memcache value
776 IP: {get_attr: [Controller, networks, ctlplane, 0]}