1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
48 ControllerExtraConfig:
51 Controller specific configuration to inject into the cluster. Same
52 structure as ExtraConfig.
54 ControlVirtualInterface:
56 description: Interface where virtual ip will be assigned.
60 description: Set to True to enable debugging on all services.
65 Additional configuration to inject into the cluster. The JSON should have
66 the following structure:
69 [{"section": "SECTIONNAME",
71 [{"option": "OPTIONNAME",
82 [{"section": "default",
84 [{"option": "compute_manager",
85 "value": "ironic.nova.compute.manager.ClusterComputeManager"
92 "value": "nova.cells.rpc_driver.CellsRPCDriver"
101 description: Flavor for control nodes to request when deploying.
104 - custom_constraint: nova.flavor
105 GlanceNotifierStrategy:
106 description: Strategy to use for Glance notification queue
110 description: The filepath of the file to use for logging messages from Glance.
115 description: The password for the glance service account, used by the glance services.
120 description: Glance port.
124 description: Protocol to use when connecting to glance, set to https for SSL.
128 description: The password for the Heat service account, used by the Heat services.
131 HeatStackDomainAdminPassword:
132 description: Password for heat_domain_admin user.
136 HeatAuthEncryptionKey:
137 description: Auth encryption key for heat-engine
141 default: overcloud-control
143 - custom_constraint: glance.image
145 default: 'REBUILD_PRESERVE_EPHEMERAL'
146 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
150 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
153 - custom_constraint: nova.keypair
154 KeystoneCACertificate:
156 description: Keystone self-signed certificate authority certificate.
158 KeystoneSigningCertificate:
160 description: Keystone certificate for verifying token validity.
164 description: Keystone key for signing tokens.
167 KeystoneSSLCertificate:
169 description: Keystone certificate for verifying token validity.
171 KeystoneSSLCertificateKey:
173 description: Keystone key for signing tokens.
176 MysqlClusterUniquePart:
177 description: A unique identifier of the MySQL cluster the controller is in.
179 default: 'unset' # Has to be here because of the ignored empty value bug
180 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
182 # - length: {min: 4, max: 10}
183 MysqlInnodbBufferPoolSize:
185 Specifies the size of the buffer pool in megabytes. Setting to
186 zero should be interpreted as "no value" and will defer to the
193 default: '' # Has to be here because of the ignored empty value bug
194 NeutronBridgeMappings:
196 The OVS logical->physical bridge mappings to use. See the Neutron
197 documentation for details. Defaults to mapping br-ex - the external
198 bridge on hosts - to a physical name 'datacentre' which can be used
199 to create provider networks (and we use this for the default floating
200 network) - if changing this either use different post-install network
201 scripts or be sure to keep 'datacentre' as a mapping network name.
204 NeutronDnsmasqOptions:
205 default: 'dhcp-option-force=26,1400'
206 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
210 description: Agent mode for the neutron-l3-agent on the controller hosts
214 description: Whether to configure Neutron Distributed Virtual Routers
216 NeutronMetadataProxySharedSecret:
218 description: Shared secret to prevent spoofing
220 NeutronMechanismDrivers:
221 default: 'openvswitch'
223 The mechanism drivers for the Neutron tenant network. To specify multiple
224 values, use a comma separated string, like so: 'openvswitch,l2_population'
226 NeutronAllowL3AgentFailover:
228 description: Allow automatic l3-agent failover
232 description: Whether to enable l3-agent HA
234 NeutronEnableTunnelling:
240 description: If set, flat networks to configure in neutron plugins.
243 description: The tenant network type for Neutron, either gre or vxlan.
245 NeutronNetworkVLANRanges:
246 default: 'datacentre'
248 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
249 Neutron documentation for permitted values. Defaults to permitting any
250 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
254 description: The password for the neutron service account, used by neutron agents.
257 NeutronPublicInterface:
259 description: What interface to bridge onto br-ex for network nodes.
261 NeutronPublicInterfaceTag:
264 VLAN tag for creating a public VLAN. The tag will be used to
265 create an access port on the exterior bridge for each control plane node,
266 and that port will be given the IP address returned by neutron from the
267 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
268 overcloud.yaml to include the deployment of VLAN ports to the control
271 NeutronPublicInterfaceDefaultRoute:
273 description: A custom default route for the NeutronPublicInterface.
275 NeutronPublicInterfaceIP:
277 description: A custom IP address to put onto the NeutronPublicInterface.
279 NeutronPublicInterfaceRawDevice:
281 description: If set, the public interface is a vlan with this device as the raw device.
286 The tunnel types for the Neutron tenant network. To specify multiple
287 values, use a comma separated string, like so: 'gre,vxlan'
291 description: The password for the nova service account, used by nova-api.
297 PublicVirtualInterface:
300 Specifies the interface where the public-facing virtual ip will be assigned.
301 This should be int_public when a VLAN is being used.
305 default: '' # Has to be here because of the ignored empty value bug
308 default: '' # Has to be here because of the ignored empty value bug
312 description: The password for RabbitMQ
317 description: The username for RabbitMQ
322 Rabbit client subscriber parameter to specify
323 an SSL connection to the RabbitMQ host.
327 description: Set rabbit subscriber port, change this if using SSL
329 SnmpdReadonlyUserName:
330 default: ro_snmp_user
331 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
333 SnmpdReadonlyUserPassword:
335 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
340 description: If set, the contents of an SSL certificate authority file.
344 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
349 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
354 description: A random string to be used as a salt when hashing to determine mappings
360 description: Value of mount_check in Swift account/container/object -server.conf
365 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
368 description: Partition Power to use when building Swift rings
372 description: The password for the swift service account, used by the swift proxy
379 description: How many replicas to use in the swift rings.
382 default: '' # Has to be here because of the ignored empty value bug
388 type: OS::Nova::Server
390 image: {get_param: Image}
391 image_update_policy: {get_param: ImageUpdatePolicy}
392 flavor: {get_param: Flavor}
393 key_name: {get_param: KeyName}
396 user_data_format: SOFTWARE_CONFIG
399 type: OS::TripleO::Net::SoftwareConfig
402 type: OS::TripleO::SoftwareDeployment
404 signal_transport: NO_SIGNAL
405 config: {get_attr: [NetworkConfig, config_id]}
406 server: {get_resource: Controller}
409 interface_name: {get_param: NeutronPublicInterface}
411 ControllerPassthroughConfig:
412 type: OS::Heat::StructuredConfig
414 group: os-apply-config
415 config: {get_input: passthrough_config}
417 ControllerPassthroughConfigSpecific:
418 type: OS::Heat::StructuredConfig
420 group: os-apply-config
421 config: {get_input: passthrough_config_specific}
424 type: OS::Heat::StructuredConfig
426 group: os-apply-config
428 admin-password: {get_input: admin_password}
429 admin-token: {get_input: admin_token}
431 public_interface_ip: {get_input: neutron_public_interface_ip}
433 nodeid: {get_input: bootstack_nodeid}
435 db: {get_input: cinder_dsn}
436 debug: {get_input: debug}
437 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
438 service-password: {get_input: cinder_password}
439 iscsi-helper: {get_input: CinderISCSIHelper}
440 controller-address: {get_input: controller_host}
442 bindnetaddr: {get_input: controller_host}
445 stonith_enabled : false
447 quorum_policy : ignore
451 host: {get_input: controller_virtual_ip}
453 db: {get_input: glance_dsn}
454 debug: {get_input: debug}
455 host: {get_input: controller_virtual_ip}
456 port: {get_input: glance_port}
457 protocol: {get_input: glance_protocol}
458 service-password: {get_input: glance_password}
459 swift-store-user: service:glance
460 swift-store-key: {get_input: glance_password}
461 notifier-strategy: {get_input: glance_notifier_strategy}
462 log-file: {get_input: glance_log_file}
464 admin_password: {get_input: heat_password}
465 admin_tenant_name: service
467 auth_encryption_key: {get_input: heat_auth_encryption_key}
468 db: {get_input: heat_dsn}
469 debug: {get_input: debug}
470 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
471 watch_server_url: {get_input: heat.watch_server_url}
472 metadata_server_url: {get_input: heat.metadata_server_url}
473 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
475 db: {get_input: keystone_dsn}
476 debug: {get_input: debug}
477 host: {get_input: controller_virtual_ip}
478 ca_certificate: {get_input: keystone_ca_certificate}
479 signing_key: {get_input: keystone_signing_key}
480 signing_certificate: {get_input: keystone_signing_certificate}
482 certificate: {get_input: keystone_ssl_certificate}
483 certificate_key: {get_input: keystone_ssl_certificate_key}
485 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
487 root-password: {get_input: mysql_root_password}
488 cluster_name: {get_input: mysql_cluster_name}
490 debug: {get_input: debug}
491 flat-networks: {get_input: neutron_flat_networks}
492 host: {get_input: controller_virtual_ip}
493 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
494 agent_mode: {get_input: neutron_agent_mode}
495 router_distributed: {get_input: neutron_router_distributed}
496 mechanism_drivers: {get_input: neutron_mechanism_drivers}
497 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
498 l3_ha: {get_input: neutron_l3_ha}
500 enable_tunneling: {get_input: neutron_enable_tunneling}
501 local_ip: {get_input: controller_host}
502 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
503 bridge_mappings: {get_input: neutron_bridge_mappings}
504 public_interface: {get_input: neutron_public_interface}
505 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
506 public_interface_route: {get_input: neutron_public_interface_default_route}
507 public_interface_tag: {get_input: neutron_public_interface_tag}
508 physical_bridge: br-ex
509 tenant_network_type: {get_input: neutron_tenant_network_type}
510 tunnel_types: {get_input: neutron_tunnel_types}
511 ovs_db: {get_input: neutron_dsn}
512 service-password: {get_input: neutron_password}
513 dnsmasq-options: {get_input: neutron_dnsmasq_options}
515 db: {get_input: ceilometer_dsn}
516 debug: {get_input: debug}
517 metering_secret: {get_input: ceilometer_metering_secret}
518 service-password: {get_input: ceilometer_password}
520 export_MIB: UCD-SNMP-MIB
521 readonly_user_name: {get_input: snmpd_readonly_user_name}
522 readonly_user_password: {get_input: snmpd_readonly_user_password}
524 compute_driver: libvirt.LibvirtDriver
525 db: {get_input: nova_dsn}
526 default_floating_pool:
528 host: {get_input: controller_virtual_ip}
530 service-password: {get_input: nova_password}
532 host: {get_input: controller_virtual_ip}
533 username: {get_input: rabbit_username}
534 password: {get_input: rabbit_password}
535 cookie: {get_input: rabbit_cookie}
536 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
537 rabbit_port: {get_input: rabbit_client_port}
540 - {server: {get_input: ntp_server}}
543 - vrrp_instance_name: VI_CONTROL
544 virtual_router_id: 51
545 keepalive_interface: {get_input: control_virtual_interface}
548 - ip: {get_input: controller_virtual_ip}
549 interface: {get_input: control_virtual_interface}
550 - vrrp_instance_name: VI_PUBLIC
551 virtual_router_id: 52
552 keepalive_interface: {get_input: public_virtual_interface}
555 - ip: {get_input: public_virtual_ip}
556 interface: {get_input: public_virtual_interface}
563 keepalive_interface: {get_input: public_virtual_interface}
567 ip: {get_input: controller_virtual_ip}
568 interface: {get_input: control_virtual_interface}
570 ip: {get_input: public_virtual_ip}
571 interface: {get_input: public_virtual_interface}
574 - ip: {get_input: controller_virtual_ip}
576 - option httpchk GET /
578 - name: keystone_admin
580 net_binds: &public_binds
581 - ip: {get_input: controller_virtual_ip}
582 - ip: {get_input: public_virtual_ip}
583 - name: keystone_public
585 net_binds: *public_binds
588 net_binds: *public_binds
591 net_binds: *public_binds
594 net_binds: *public_binds
597 net_binds: *public_binds
598 - name: glance_registry
600 net_binds: *public_binds
601 options: # overwrite options as glace_reg needs auth for http req
604 net_binds: *public_binds
605 - name: heat_cloudwatch
607 net_binds: *public_binds
610 net_binds: *public_binds
622 net_binds: *public_binds
623 - name: nova_metadata
625 net_binds: *public_binds
626 - name: nova_novncproxy
628 net_binds: *public_binds
631 net_binds: *public_binds
632 options: # overwrite options as ceil needs auth for http req
633 - name: swift_proxy_server
635 net_binds: *public_binds
637 - option httpchk GET /info
645 ControllerDeployment:
646 type: OS::TripleO::SoftwareDeployment
648 signal_transport: NO_SIGNAL
649 config: {get_resource: ControllerConfig}
650 server: {get_resource: Controller}
652 bootstack_nodeid: {get_attr: [Controller, name]}
653 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
654 controller_virtual_ip: {get_param: VirtualIP}
655 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
656 heat.watch_server_url:
660 - {get_param: VirtualIP}
662 heat.metadata_server_url:
666 - {get_param: VirtualIP}
668 heat.waitcondition_server_url:
672 - {get_param: VirtualIP}
673 - ':8000/v1/waitcondition'
674 admin_password: {get_param: AdminPassword}
675 admin_token: {get_param: AdminToken}
676 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
677 debug: {get_param: Debug}
678 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
679 cinder_password: {get_param: CinderPassword}
680 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
684 - - 'mysql://cinder:unset@'
685 - {get_param: VirtualIP}
687 glance_port: {get_param: GlancePort}
688 glance_protocol: {get_param: GlanceProtocol}
689 glance_password: {get_param: GlancePassword}
690 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
691 glance_log_file: {get_param: GlanceLogFile}
695 - - 'mysql://glance:unset@'
696 - {get_param: VirtualIP}
698 heat_password: {get_param: HeatPassword}
699 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
700 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
704 - - 'mysql://heat:unset@'
705 - {get_param: VirtualIP}
707 keystone_ca_certificate: {get_param: KeystoneCACertificate}
708 keystone_signing_key: {get_param: KeystoneSigningKey}
709 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
710 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
711 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
715 - - 'mysql://keystone:unset@'
716 - {get_param: VirtualIP}
718 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
719 mysql_root_password: {get_param: MysqlRootPassword}
722 template: tripleo-CLUSTER
724 CLUSTER: {get_param: MysqlClusterUniquePart}
725 neutron_flat_networks: {get_param: NeutronFlatNetworks}
726 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
727 neutron_agent_mode: {get_param: NeutronAgentMode}
728 neutron_router_distributed: {get_param: NeutronDVR}
729 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
730 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
731 neutron_l3_ha: {get_param: NeutronL3HA}
732 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
733 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
734 neutron_public_interface: {get_param: NeutronPublicInterface}
735 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
736 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
737 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
738 neutron_tenant_network_type: {get_param: NeutronNetworkType}
739 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
740 neutron_password: {get_param: NeutronPassword}
741 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
745 - - 'mysql://neutron:unset@'
746 - {get_param: VirtualIP}
747 - '/ovs_neutron?charset=utf8'
748 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
749 ceilometer_password: {get_param: CeilometerPassword}
753 - - 'mysql://ceilometer:unset@'
754 - {get_param: VirtualIP}
756 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
757 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
758 nova_password: {get_param: NovaPassword}
762 - - 'mysql://nova:unset@'
763 - {get_param: VirtualIP}
765 rabbit_username: {get_param: RabbitUserName}
766 rabbit_password: {get_param: RabbitPassword}
767 rabbit_cookie: {get_param: RabbitCookie}
768 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
769 rabbit_client_port: {get_param: RabbitClientPort}
770 ntp_server: {get_param: NtpServer}
771 control_virtual_interface: {get_param: ControlVirtualInterface}
772 public_virtual_interface: {get_param: PublicVirtualInterface}
773 public_virtual_ip: {get_param: PublicVirtualIP}
776 type: OS::Heat::StructuredConfig
778 group: os-apply-config
781 ca_certificate: {get_input: ssl_ca_certificate}
783 cert: {get_input: ssl_certificate}
784 key: {get_input: ssl_key}
785 cacert: {get_input: ssl_ca_certificate}
790 connect_host: {get_input: controller_host}
794 connect_host: {get_input: controller_host}
798 connect_host: {get_input: controller_host}
802 connect_host: {get_input: controller_host}
806 connect_host: {get_input: controller_host}
807 - name: 'swift-proxy'
810 connect_host: {get_input: controller_host}
814 connect_host: {get_input: controller_host}
818 connect_host: {get_input: controller_host}
820 ControllerSSLDeployment:
821 type: OS::Heat::StructuredDeployment
823 config: {get_resource: SSLConfig}
824 server: {get_resource: Controller}
825 signal_transport: NO_SIGNAL
827 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
828 ssl_certificate: {get_param: SSLCertificate}
829 ssl_key: {get_param: SSLKey}
830 ssl_ca_certificate: {get_param: SSLCACertificate}
832 ControllerPassthroughDeployment:
833 type: OS::Heat::StructuredDeployment
835 config: {get_resource: ControllerPassthroughConfig}
836 server: {get_resource: Controller}
837 signal_transport: NO_SIGNAL
839 passthrough_config: {get_param: ExtraConfig}
841 ControllerPassthroughSpecificDeployment:
842 depends_on: [ControllerPassthroughDeployment]
843 type: OS::Heat::StructuredDeployment
845 config: {get_resource: ControllerPassthroughConfigSpecific}
846 server: {get_resource: Controller}
847 signal_transport: NO_SIGNAL
849 passthrough_config_specific: {get_param: ControllerExtraConfig}
852 type: OS::Heat::StructuredConfig
854 group: os-apply-config
857 hash: { get_input: swift_hash_suffix }
858 part-power: { get_input: swift_part_power }
859 mount-check: { get_input: swift_mount_check }
860 min-part-hours: { get_input: swift_min_part_hours }
861 replicas: {get_input: swift_replicas }
862 service-password: { get_input: swift_password }
865 type: OS::Heat::StructuredDeployment
867 server: {get_resource: Controller}
868 config: {get_resource: SwiftConfig}
869 signal_transport: NO_SIGNAL
871 swift_hash_suffix: {get_param: SwiftHashSuffix}
872 swift_mount_check: {get_param: SwiftMountCheck}
873 swift_password: {get_param: SwiftPassword}
874 swift_min_part_hours: {get_param: SwiftMinPartHours}
875 swift_part_power: {get_param: SwiftPartPower}
876 swift_replicas: { get_param: SwiftReplicas}
880 description: IP address of the server in the ctlplane network
881 value: {get_attr: [Controller, networks, ctlplane, 0]}
883 description: Hostname of the server
884 value: {get_attr: [Controller, name]}
887 Node object in the format {ip: ..., name: ...} format that the corosync
890 ip: {get_attr: [Controller, networks, ctlplane, 0]}
891 name: {get_attr: [Controller, name]}
894 Server's IP address and hostname in the /etc/hosts format
897 template: IP HOST HOST.novalocal CLOUDNAME
899 IP: {get_attr: [Controller, networks, ctlplane, 0]}
900 HOST: {get_attr: [Controller, name]}
901 CLOUDNAME: {get_param: CloudName}
902 nova_server_resource:
903 description: Heat resource handle for the Nova compute server
905 {get_resource: Controller}
907 description: Swift device formatted for swift-ring-builder
910 template: 'r1z1-IP:%PORT%/d1'
912 IP: {get_attr: [Controller, networks, ctlplane, 0]}
913 swift_proxy_memcache:
914 description: Swift proxy-memcache value
919 IP: {get_attr: [Controller, networks, ctlplane, 0]}