1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
101 - custom_constraint: nova.flavor
102 GlanceNotifierStrategy:
103 description: Strategy to use for Glance notification queue
107 description: The filepath of the file to use for logging messages from Glance.
112 description: The password for the glance service account, used by the glance services.
117 description: Glance port.
121 description: Protocol to use when connecting to glance, set to https for SSL.
125 description: The password for the Heat service account, used by the Heat services.
128 HeatStackDomainAdminPassword:
129 description: Password for heat_domain_admin user.
135 default: overcloud-control
137 - custom_constraint: glance.image
139 default: 'REBUILD_PRESERVE_EPHEMERAL'
140 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
144 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
147 - custom_constraint: nova.keypair
148 KeystoneCACertificate:
150 description: Keystone self-signed certificate authority certificate.
152 KeystoneSigningCertificate:
154 description: Keystone certificate for verifying token validity.
158 description: Keystone key for signing tokens.
161 KeystoneSSLCertificate:
163 description: Keystone certificate for verifying token validity.
165 KeystoneSSLCertificateKey:
167 description: Keystone key for signing tokens.
170 MysqlClusterUniquePart:
171 description: A unique identifier of the MySQL cluster the controller is in.
173 default: 'unset' # Has to be here because of the ignored empty value bug
175 - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
207 description: Whether to configure Neutron Distributed Virtual Routers
209 NeutronMetadataProxySharedSecret:
211 description: Shared secret to prevent spoofing
213 NeutronMechanismDrivers:
214 default: 'openvswitch'
216 The mechanism drivers for the Neutron tenant network. To specify multiple
217 values, use a comma separated string, like so: 'openvswitch,l2_population'
219 NeutronAllowL3AgentFailover:
221 description: Allow automatic l3-agent failover
223 NeutronEnableTunnelling:
229 description: If set, flat networks to configure in neutron plugins.
232 description: The tenant network type for Neutron, either gre or vxlan.
234 NeutronNetworkVLANRanges:
235 default: 'datacentre'
237 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
238 Neutron documentation for permitted values. Defaults to permitting any
239 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
243 description: The password for the neutron service account, used by neutron agents.
246 NeutronPublicInterface:
248 description: What interface to bridge onto br-ex for network nodes.
250 NeutronPublicInterfaceTag:
253 VLAN tag for creating a public VLAN. The tag will be used to
254 create an access port on the exterior bridge for each control plane node,
255 and that port will be given the IP address returned by neutron from the
256 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
257 overcloud.yaml to include the deployment of VLAN ports to the control
260 NeutronPublicInterfaceDefaultRoute:
262 description: A custom default route for the NeutronPublicInterface.
264 NeutronPublicInterfaceIP:
266 description: A custom IP address to put onto the NeutronPublicInterface.
268 NeutronPublicInterfaceRawDevice:
270 description: If set, the public interface is a vlan with this device as the raw device.
275 The tunnel types for the Neutron tenant network. To specify multiple
276 values, use a comma separated string, like so: 'gre,vxlan'
280 description: The password for the nova service account, used by nova-api.
286 PublicVirtualInterface:
289 Specifies the interface where the public-facing virtual ip will be assigned.
290 This should be int_public when a VLAN is being used.
294 default: '' # Has to be here because of the ignored empty value bug
297 default: '' # Has to be here because of the ignored empty value bug
301 description: The password for RabbitMQ
306 description: The username for RabbitMQ
311 Rabbit client subscriber parameter to specify
312 an SSL connection to the RabbitMQ host.
316 description: Set rabbit subscriber port, change this if using SSL
318 SnmpdReadonlyUserName:
319 default: ro_snmp_user
320 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
322 SnmpdReadonlyUserPassword:
324 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
329 description: If set, the contents of an SSL certificate authority file.
333 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
338 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
343 description: A random string to be used as a salt when hashing to determine mappings
349 description: Partition Power to use when building Swift rings
353 description: The password for the swift service account, used by the swift proxy
360 description: How many replicas to use in the swift rings.
363 default: '' # Has to be here because of the ignored empty value bug
369 type: OS::Nova::Server
371 image: {get_param: Image}
372 image_update_policy: {get_param: ImageUpdatePolicy}
373 flavor: {get_param: Flavor}
374 key_name: {get_param: KeyName}
377 user_data_format: SOFTWARE_CONFIG
380 type: OS::Heat::StructuredConfig
382 group: os-apply-config
384 admin-password: {get_param: AdminPassword}
385 admin-token: {get_param: AdminToken}
387 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
389 nodeid: {get_input: bootstack_nodeid}
392 {get_param: VirtualIP}
397 - - mysql://cinder:unset@
400 debug: {get_param: Debug}
401 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
402 service-password: {get_param: CinderPassword}
403 iscsi-helper: {get_param: CinderISCSIHelper}
404 controller-address: {get_input: controller_host}
406 bindnetaddr: {get_input: controller_host}
409 stonith_enabled : false
411 quorum_policy : ignore
415 host: {get_input: controller_virtual_ip}
420 - - mysql://glance:unset@
423 debug: {get_param: Debug}
424 host: {get_input: controller_virtual_ip}
425 port: {get_param: GlancePort}
426 protocol: {get_param: GlanceProtocol}
427 service-password: {get_param: GlancePassword}
428 swift-store-user: service:glance
429 swift-store-key: {get_param: GlancePassword}
430 notifier-strategy: {get_param: GlanceNotifierStrategy}
431 log-file: {get_param: GlanceLogFile}
433 admin_password: {get_param: HeatPassword}
434 admin_tenant_name: service
436 auth_encryption_key: unset___________
440 - - mysql://heat:unset@
443 debug: {get_param: Debug}
444 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
445 watch_server_url: {get_input: heat.watch_server_url}
446 metadata_server_url: {get_input: heat.metadata_server_url}
447 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
452 - - mysql://keystone:unset@
455 debug: {get_param: Debug}
456 host: {get_input: controller_virtual_ip}
457 ca_certificate: {get_param: KeystoneCACertificate}
458 signing_key: {get_param: KeystoneSigningKey}
459 signing_certificate: {get_param: KeystoneSigningCertificate}
461 certificate: {get_param: KeystoneSSLCertificate}
462 certificate_key: {get_param: KeystoneSSLCertificateKey}
464 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
466 root-password: {get_param: MysqlRootPassword}
469 template: tripleo-CLUSTER
471 CLUSTER: {get_param: MysqlClusterUniquePart}
473 debug: {get_param: Debug}
474 flat-networks: {get_param: NeutronFlatNetworks}
475 host: {get_input: controller_virtual_ip}
476 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
477 agent_mode: {get_param: NeutronAgentMode}
478 router_distributed: {get_param: NeutronDVR}
479 mechanism_drivers: {get_param: NeutronMechanismDrivers}
480 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
482 enable_tunneling: {get_input: neutron_enable_tunneling}
483 local_ip: {get_input: controller_host}
484 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
485 bridge_mappings: {get_param: NeutronBridgeMappings}
486 public_interface: {get_param: NeutronPublicInterface}
487 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
488 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
489 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
490 physical_bridge: br-ex
491 tenant_network_type: {get_param: NeutronNetworkType}
492 tunnel_types: {get_param: NeutronTunnelTypes}
496 - - mysql://neutron:unset@
498 - /ovs_neutron?charset=utf8
499 service-password: {get_param: NeutronPassword}
500 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
505 - - mysql://ceilometer:unset@
508 debug: {get_param: Debug}
509 metering_secret: {get_param: CeilometerMeteringSecret}
510 service-password: {get_param: CeilometerPassword}
512 export_MIB: UCD-SNMP-MIB
513 readonly_user_name: {get_param: SnmpdReadonlyUserName}
514 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
516 compute_driver: libvirt.LibvirtDriver
520 - - mysql://nova:unset@
523 default_floating_pool:
525 host: {get_input: controller_virtual_ip}
527 service-password: {get_param: NovaPassword}
529 host: {get_input: controller_virtual_ip}
530 username: {get_param: RabbitUserName}
531 password: {get_param: RabbitPassword}
532 cookie: {get_param: RabbitCookie}
533 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
534 rabbit_port: {get_param: RabbitClientPort}
537 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
540 - vrrp_instance_name: VI_CONTROL
541 virtual_router_id: 51
542 keepalive_interface: {get_param: ControlVirtualInterface}
545 - ip: {get_param: VirtualIP}
546 interface: {get_param: ControlVirtualInterface}
547 - vrrp_instance_name: VI_PUBLIC
548 virtual_router_id: 52
549 keepalive_interface: {get_param: PublicVirtualInterface}
552 - ip: {get_param: PublicVirtualIP}
553 interface: {get_param: PublicVirtualInterface}
560 keepalive_interface: {get_param: PublicVirtualInterface}
564 ip: {get_param: VirtualIP}
565 interface: {get_param: ControlVirtualInterface}
567 ip: {get_param: PublicVirtualIP}
568 interface: {get_param: PublicVirtualInterface}
571 - ip: {get_param: VirtualIP}
573 - option httpchk GET /
575 - name: keystone_admin
577 net_binds: &public_binds
578 - ip: {get_param: VirtualIP}
579 - ip: {get_param: PublicVirtualIP}
580 - name: keystone_public
582 net_binds: *public_binds
585 net_binds: *public_binds
588 net_binds: *public_binds
591 net_binds: *public_binds
594 net_binds: *public_binds
595 - name: glance_registry
597 net_binds: *public_binds
598 options: # overwrite options as glace_reg needs auth for http req
601 net_binds: *public_binds
602 - name: heat_cloudwatch
604 net_binds: *public_binds
607 net_binds: *public_binds
619 net_binds: *public_binds
620 - name: nova_metadata
622 net_binds: *public_binds
623 - name: nova_novncproxy
625 net_binds: *public_binds
628 net_binds: *public_binds
629 options: # overwrite options as ceil needs auth for http req
630 - name: swift_proxy_server
632 net_binds: *public_binds
634 - option httpchk GET /info
642 ControllerPassthroughConfig:
643 type: OS::Heat::StructuredConfig
645 group: os-apply-config
646 config: {get_input: passthrough_config}
648 ControllerPassthroughConfigSpecific:
649 type: OS::Heat::StructuredConfig
651 group: os-apply-config
652 config: {get_input: passthrough_config_specific}
654 ControllerDeployment:
655 type: OS::Heat::StructuredDeployment
657 signal_transport: NO_SIGNAL
658 config: {get_resource: ControllerConfig}
659 server: {get_resource: Controller}
661 bootstack_nodeid: {get_attr: [Controller, name]}
662 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
663 controller_virtual_ip: {get_param: VirtualIP}
664 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
665 heat.watch_server_url:
669 - {get_param: VirtualIP}
671 heat.metadata_server_url:
675 - {get_param: VirtualIP}
677 heat.waitcondition_server_url:
681 - {get_param: VirtualIP}
682 - ':8000/v1/waitcondition'
685 type: OS::Heat::StructuredConfig
687 group: os-apply-config
690 ca_certificate: {get_input: ssl_ca_certificate}
692 cert: {get_input: ssl_certificate}
693 key: {get_input: ssl_key}
694 cacert: {get_input: ssl_ca_certificate}
699 connect_host: {get_input: controller_host}
703 connect_host: {get_input: controller_host}
707 connect_host: {get_input: controller_host}
711 connect_host: {get_input: controller_host}
715 connect_host: {get_input: controller_host}
716 - name: 'swift-proxy'
719 connect_host: {get_input: controller_host}
723 connect_host: {get_input: controller_host}
727 connect_host: {get_input: controller_host}
729 ControllerSSLDeployment:
730 type: OS::Heat::StructuredDeployment
732 config: {get_resource: SSLConfig}
733 server: {get_resource: Controller}
734 signal_transport: NO_SIGNAL
736 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
737 ssl_certificate: {get_param: SSLCertificate}
738 ssl_key: {get_param: SSLKey}
739 ssl_ca_certificate: {get_param: SSLCACertificate}
741 ControllerPassthroughDeployment:
742 type: OS::Heat::StructuredDeployment
744 config: {get_resource: ControllerPassthroughConfig}
745 server: {get_resource: Controller}
746 signal_transport: NO_SIGNAL
748 passthrough_config: {get_param: ExtraConfig}
750 ControllerPassthroughSpecificDeployment:
751 depends_on: [ControllerPassthroughDeployment]
752 type: OS::Heat::StructuredDeployment
754 config: {get_resource: ControllerPassthroughConfigSpecific}
755 server: {get_resource: Controller}
756 signal_transport: NO_SIGNAL
758 passthrough_config_specific: {get_param: ControllerExtraConfig}
761 type: OS::Heat::StructuredConfig
763 group: os-apply-config
766 hash: { get_input: swift_hash_suffix }
767 part-power: { get_input: swift_part_power }
768 replicas: {get_input: swift_replicas }
769 service-password: { get_input: swift_password }
772 type: OS::Heat::StructuredDeployment
774 server: {get_resource: Controller}
775 config: {get_resource: SwiftConfig}
776 signal_transport: NO_SIGNAL
778 swift_hash_suffix: {get_param: SwiftHashSuffix}
779 swift_password: {get_param: SwiftPassword}
780 swift_part_power: {get_param: SwiftPartPower}
781 swift_replicas: { get_param: SwiftReplicas}
785 description: IP address of the server in the ctlplane network
786 value: {get_attr: [Controller, networks, ctlplane, 0]}
788 description: Hostname of the server
789 value: {get_attr: [Controller, name]}
792 Node object in the format {ip: ..., name: ...} format that the corosync
795 ip: {get_attr: [Controller, networks, ctlplane, 0]}
796 name: {get_attr: [Controller, name]}
799 Server's IP address and hostname in the /etc/hosts format
802 template: IP HOST HOST.novalocal CLOUDNAME
804 IP: {get_attr: [Controller, networks, ctlplane, 0]}
805 HOST: {get_attr: [Controller, name]}
806 CLOUDNAME: {get_param: CloudName}
807 nova_server_resource:
808 description: Heat resource handle for the Nova compute server
810 {get_resource: Controller}
812 description: Swift device formatted for swift-ring-builder
815 template: 'r1z1-IP:%PORT%/d1'
817 IP: {get_attr: [Controller, networks, ctlplane, 0]}
818 swift_proxy_memcache:
819 description: Swift proxy-memcache value
824 IP: {get_attr: [Controller, networks, ctlplane, 0]}