1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
31 CinderEnableRbdBackend:
33 description: Whether to enable or not the Rbd backend for Cinder
37 description: The iSCSI helper to use with cinder.
39 CinderLVMLoopDeviceSize:
41 description: The size of the loopback file used by the cinder LVM driver.
45 description: The password for the cinder service account, used by cinder-api.
50 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
52 ControllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
58 ControlVirtualInterface:
60 description: Interface where virtual ip will be assigned.
64 description: Set to True to enable debugging on all services.
68 description: Whether to use Galera instead of regular MariaDB.
72 description: If enabled services will be monitored by Pacemaker; it
73 will manage VIPs as well, in place of Keepalived.
78 Additional configuration to inject into the cluster. The JSON should have
79 the following structure:
82 [{"section": "SECTIONNAME",
84 [{"option": "OPTIONNAME",
95 [{"section": "default",
97 [{"option": "compute_manager",
98 "value": "ironic.nova.compute.manager.ClusterComputeManager"
104 [{"option": "driver",
105 "value": "nova.cells.rpc_driver.CellsRPCDriver"
114 description: Flavor for control nodes to request when deploying.
117 - custom_constraint: nova.flavor
118 GlanceNotifierStrategy:
119 description: Strategy to use for Glance notification queue
123 description: The filepath of the file to use for logging messages from Glance.
128 description: The password for the glance service account, used by the glance services.
133 description: Glance port.
137 description: Protocol to use when connecting to glance, set to https for SSL.
141 description: The password for the Heat service account, used by the Heat services.
144 HeatStackDomainAdminPassword:
145 description: Password for heat_domain_admin user.
149 HeatAuthEncryptionKey:
150 description: Auth encryption key for heat-engine
154 default: overcloud-control
156 - custom_constraint: glance.image
158 default: 'REBUILD_PRESERVE_EPHEMERAL'
159 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
163 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
166 - custom_constraint: nova.keypair
167 KeystoneCACertificate:
169 description: Keystone self-signed certificate authority certificate.
171 KeystoneSigningCertificate:
173 description: Keystone certificate for verifying token validity.
177 description: Keystone key for signing tokens.
180 KeystoneSSLCertificate:
182 description: Keystone certificate for verifying token validity.
184 KeystoneSSLCertificateKey:
186 description: Keystone key for signing tokens.
189 MysqlClusterUniquePart:
190 description: A unique identifier of the MySQL cluster the controller is in.
192 default: 'unset' # Has to be here because of the ignored empty value bug
193 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
195 # - length: {min: 4, max: 10}
196 MysqlInnodbBufferPoolSize:
198 Specifies the size of the buffer pool in megabytes. Setting to
199 zero should be interpreted as "no value" and will defer to the
206 default: '' # Has to be here because of the ignored empty value bug
207 NeutronBridgeMappings:
209 The OVS logical->physical bridge mappings to use. See the Neutron
210 documentation for details. Defaults to mapping br-ex - the external
211 bridge on hosts - to a physical name 'datacentre' which can be used
212 to create provider networks (and we use this for the default floating
213 network) - if changing this either use different post-install network
214 scripts or be sure to keep 'datacentre' as a mapping network name.
217 NeutronDnsmasqOptions:
218 default: 'dhcp-option-force=26,1400'
219 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
223 description: Agent mode for the neutron-l3-agent on the controller hosts
227 description: Whether to configure Neutron Distributed Virtual Routers
229 NeutronMetadataProxySharedSecret:
231 description: Shared secret to prevent spoofing
233 NeutronMechanismDrivers:
234 default: 'openvswitch'
236 The mechanism drivers for the Neutron tenant network. To specify multiple
237 values, use a comma separated string, like so: 'openvswitch,l2_population'
239 NeutronAllowL3AgentFailover:
241 description: Allow automatic l3-agent failover
245 description: Whether to enable l3-agent HA
247 NeutronEnableTunnelling:
253 description: If set, flat networks to configure in neutron plugins.
256 description: The tenant network type for Neutron, either gre or vxlan.
258 NeutronNetworkVLANRanges:
259 default: 'datacentre'
261 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
262 Neutron documentation for permitted values. Defaults to permitting any
263 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
267 description: The password for the neutron service account, used by neutron agents.
270 NeutronPublicInterface:
272 description: What interface to bridge onto br-ex for network nodes.
274 NeutronPublicInterfaceTag:
277 VLAN tag for creating a public VLAN. The tag will be used to
278 create an access port on the exterior bridge for each control plane node,
279 and that port will be given the IP address returned by neutron from the
280 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
281 overcloud.yaml to include the deployment of VLAN ports to the control
284 NeutronPublicInterfaceDefaultRoute:
286 description: A custom default route for the NeutronPublicInterface.
288 NeutronPublicInterfaceIP:
290 description: A custom IP address to put onto the NeutronPublicInterface.
292 NeutronPublicInterfaceRawDevice:
294 description: If set, the public interface is a vlan with this device as the raw device.
299 The tunnel types for the Neutron tenant network. To specify multiple
300 values, use a comma separated string, like so: 'gre,vxlan'
304 description: The password for the nova service account, used by nova-api.
312 description: The password for the 'pcsd' user.
313 PublicVirtualInterface:
316 Specifies the interface where the public-facing virtual ip will be assigned.
317 This should be int_public when a VLAN is being used.
321 default: '' # Has to be here because of the ignored empty value bug
324 default: '' # Has to be here because of the ignored empty value bug
328 description: The password for RabbitMQ
333 description: The username for RabbitMQ
338 Rabbit client subscriber parameter to specify
339 an SSL connection to the RabbitMQ host.
343 description: Set rabbit subscriber port, change this if using SSL
345 SnmpdReadonlyUserName:
346 default: ro_snmp_user
347 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
349 SnmpdReadonlyUserPassword:
351 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
356 description: If set, the contents of an SSL certificate authority file.
360 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
365 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
370 description: A random string to be used as a salt when hashing to determine mappings
376 description: Value of mount_check in Swift account/container/object -server.conf
381 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
384 description: Partition Power to use when building Swift rings
388 description: The password for the swift service account, used by the swift proxy
395 description: How many replicas to use in the swift rings.
398 default: '' # Has to be here because of the ignored empty value bug
404 type: OS::Nova::Server
406 image: {get_param: Image}
407 image_update_policy: {get_param: ImageUpdatePolicy}
408 flavor: {get_param: Flavor}
409 key_name: {get_param: KeyName}
412 user_data_format: SOFTWARE_CONFIG
415 type: OS::TripleO::Net::SoftwareConfig
418 type: OS::TripleO::SoftwareDeployment
420 signal_transport: NO_SIGNAL
421 config: {get_attr: [NetworkConfig, config_id]}
422 server: {get_resource: Controller}
425 interface_name: {get_param: NeutronPublicInterface}
427 ControllerPassthroughConfig:
428 type: OS::Heat::StructuredConfig
430 group: os-apply-config
431 config: {get_input: passthrough_config}
433 ControllerPassthroughConfigSpecific:
434 type: OS::Heat::StructuredConfig
436 group: os-apply-config
437 config: {get_input: passthrough_config_specific}
440 type: OS::Heat::StructuredConfig
442 group: os-apply-config
444 admin-password: {get_input: admin_password}
445 admin-token: {get_input: admin_token}
447 public_interface_ip: {get_input: neutron_public_interface_ip}
449 nodeid: {get_input: bootstack_nodeid}
451 db: {get_input: cinder_dsn}
452 debug: {get_input: debug}
453 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
454 service-password: {get_input: cinder_password}
455 iscsi-helper: {get_input: CinderISCSIHelper}
456 controller-address: {get_input: controller_host}
458 bindnetaddr: {get_input: controller_host}
461 stonith_enabled : false
463 quorum_policy : ignore
467 host: {get_input: controller_virtual_ip}
469 db: {get_input: glance_dsn}
470 debug: {get_input: debug}
471 host: {get_input: controller_virtual_ip}
472 port: {get_input: glance_port}
473 protocol: {get_input: glance_protocol}
474 service-password: {get_input: glance_password}
475 swift-store-user: service:glance
476 swift-store-key: {get_input: glance_password}
477 notifier-strategy: {get_input: glance_notifier_strategy}
478 log-file: {get_input: glance_log_file}
480 admin_password: {get_input: heat_password}
481 admin_tenant_name: service
483 auth_encryption_key: {get_input: heat_auth_encryption_key}
484 db: {get_input: heat_dsn}
485 debug: {get_input: debug}
486 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
487 watch_server_url: {get_input: heat.watch_server_url}
488 metadata_server_url: {get_input: heat.metadata_server_url}
489 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
491 db: {get_input: keystone_dsn}
492 debug: {get_input: debug}
493 host: {get_input: controller_virtual_ip}
494 ca_certificate: {get_input: keystone_ca_certificate}
495 signing_key: {get_input: keystone_signing_key}
496 signing_certificate: {get_input: keystone_signing_certificate}
498 certificate: {get_input: keystone_ssl_certificate}
499 certificate_key: {get_input: keystone_ssl_certificate_key}
501 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
503 root-password: {get_input: mysql_root_password}
504 cluster_name: {get_input: mysql_cluster_name}
506 debug: {get_input: debug}
507 flat-networks: {get_input: neutron_flat_networks}
508 host: {get_input: controller_virtual_ip}
509 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
510 agent_mode: {get_input: neutron_agent_mode}
511 router_distributed: {get_input: neutron_router_distributed}
512 mechanism_drivers: {get_input: neutron_mechanism_drivers}
513 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
514 l3_ha: {get_input: neutron_l3_ha}
516 enable_tunneling: {get_input: neutron_enable_tunneling}
517 local_ip: {get_input: controller_host}
518 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
519 bridge_mappings: {get_input: neutron_bridge_mappings}
520 public_interface: {get_input: neutron_public_interface}
521 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
522 public_interface_route: {get_input: neutron_public_interface_default_route}
523 public_interface_tag: {get_input: neutron_public_interface_tag}
524 physical_bridge: br-ex
525 tenant_network_type: {get_input: neutron_tenant_network_type}
526 tunnel_types: {get_input: neutron_tunnel_types}
527 ovs_db: {get_input: neutron_dsn}
528 service-password: {get_input: neutron_password}
529 dnsmasq-options: {get_input: neutron_dnsmasq_options}
531 db: {get_input: ceilometer_dsn}
532 debug: {get_input: debug}
533 metering_secret: {get_input: ceilometer_metering_secret}
534 service-password: {get_input: ceilometer_password}
536 export_MIB: UCD-SNMP-MIB
537 readonly_user_name: {get_input: snmpd_readonly_user_name}
538 readonly_user_password: {get_input: snmpd_readonly_user_password}
540 compute_driver: libvirt.LibvirtDriver
541 db: {get_input: nova_dsn}
542 default_floating_pool:
544 host: {get_input: controller_virtual_ip}
546 service-password: {get_input: nova_password}
548 host: {get_input: controller_virtual_ip}
549 username: {get_input: rabbit_username}
550 password: {get_input: rabbit_password}
551 cookie: {get_input: rabbit_cookie}
552 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
553 rabbit_port: {get_input: rabbit_client_port}
556 - {server: {get_input: ntp_server}}
559 - vrrp_instance_name: VI_CONTROL
560 virtual_router_id: 51
561 keepalive_interface: {get_input: control_virtual_interface}
564 - ip: {get_input: controller_virtual_ip}
565 interface: {get_input: control_virtual_interface}
566 - vrrp_instance_name: VI_PUBLIC
567 virtual_router_id: 52
568 keepalive_interface: {get_input: public_virtual_interface}
571 - ip: {get_input: public_virtual_ip}
572 interface: {get_input: public_virtual_interface}
579 keepalive_interface: {get_input: public_virtual_interface}
583 ip: {get_input: controller_virtual_ip}
584 interface: {get_input: control_virtual_interface}
586 ip: {get_input: public_virtual_ip}
587 interface: {get_input: public_virtual_interface}
590 - ip: {get_input: controller_virtual_ip}
592 - option httpchk GET /
594 - name: keystone_admin
596 net_binds: &public_binds
597 - ip: {get_input: controller_virtual_ip}
598 - ip: {get_input: public_virtual_ip}
599 - name: keystone_public
601 net_binds: *public_binds
604 net_binds: *public_binds
607 net_binds: *public_binds
610 net_binds: *public_binds
613 net_binds: *public_binds
614 - name: glance_registry
616 net_binds: *public_binds
617 options: # overwrite options as glace_reg needs auth for http req
620 net_binds: *public_binds
621 - name: heat_cloudwatch
623 net_binds: *public_binds
626 net_binds: *public_binds
638 net_binds: *public_binds
639 - name: nova_metadata
641 net_binds: *public_binds
642 - name: nova_novncproxy
644 net_binds: *public_binds
647 net_binds: *public_binds
648 options: # overwrite options as ceil needs auth for http req
649 - name: swift_proxy_server
651 net_binds: *public_binds
653 - option httpchk GET /info
661 ControllerDeployment:
662 type: OS::TripleO::SoftwareDeployment
664 signal_transport: NO_SIGNAL
665 config: {get_resource: ControllerConfig}
666 server: {get_resource: Controller}
668 bootstack_nodeid: {get_attr: [Controller, name]}
669 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
670 controller_virtual_ip: {get_param: VirtualIP}
671 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
672 heat.watch_server_url:
676 - {get_param: VirtualIP}
678 heat.metadata_server_url:
682 - {get_param: VirtualIP}
684 heat.waitcondition_server_url:
688 - {get_param: VirtualIP}
689 - ':8000/v1/waitcondition'
690 admin_password: {get_param: AdminPassword}
691 admin_token: {get_param: AdminToken}
692 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
693 debug: {get_param: Debug}
694 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
695 cinder_password: {get_param: CinderPassword}
696 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
700 - - 'mysql://cinder:unset@'
701 - {get_param: VirtualIP}
703 glance_port: {get_param: GlancePort}
704 glance_protocol: {get_param: GlanceProtocol}
705 glance_password: {get_param: GlancePassword}
706 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
707 glance_log_file: {get_param: GlanceLogFile}
711 - - 'mysql://glance:unset@'
712 - {get_param: VirtualIP}
714 heat_password: {get_param: HeatPassword}
715 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
716 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
720 - - 'mysql://heat:unset@'
721 - {get_param: VirtualIP}
723 keystone_ca_certificate: {get_param: KeystoneCACertificate}
724 keystone_signing_key: {get_param: KeystoneSigningKey}
725 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
726 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
727 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
731 - - 'mysql://keystone:unset@'
732 - {get_param: VirtualIP}
734 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
735 mysql_root_password: {get_param: MysqlRootPassword}
738 template: tripleo-CLUSTER
740 CLUSTER: {get_param: MysqlClusterUniquePart}
741 neutron_flat_networks: {get_param: NeutronFlatNetworks}
742 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
743 neutron_agent_mode: {get_param: NeutronAgentMode}
744 neutron_router_distributed: {get_param: NeutronDVR}
745 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
746 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
747 neutron_l3_ha: {get_param: NeutronL3HA}
748 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
749 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
750 neutron_public_interface: {get_param: NeutronPublicInterface}
751 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
752 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
753 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
754 neutron_tenant_network_type: {get_param: NeutronNetworkType}
755 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
756 neutron_password: {get_param: NeutronPassword}
757 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
761 - - 'mysql://neutron:unset@'
762 - {get_param: VirtualIP}
763 - '/ovs_neutron?charset=utf8'
764 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
765 ceilometer_password: {get_param: CeilometerPassword}
769 - - 'mysql://ceilometer:unset@'
770 - {get_param: VirtualIP}
772 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
773 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
774 nova_password: {get_param: NovaPassword}
778 - - 'mysql://nova:unset@'
779 - {get_param: VirtualIP}
781 rabbit_username: {get_param: RabbitUserName}
782 rabbit_password: {get_param: RabbitPassword}
783 rabbit_cookie: {get_param: RabbitCookie}
784 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
785 rabbit_client_port: {get_param: RabbitClientPort}
786 ntp_server: {get_param: NtpServer}
787 control_virtual_interface: {get_param: ControlVirtualInterface}
788 public_virtual_interface: {get_param: PublicVirtualInterface}
789 public_virtual_ip: {get_param: PublicVirtualIP}
792 type: OS::Heat::StructuredConfig
794 group: os-apply-config
797 ca_certificate: {get_input: ssl_ca_certificate}
799 cert: {get_input: ssl_certificate}
800 key: {get_input: ssl_key}
801 cacert: {get_input: ssl_ca_certificate}
806 connect_host: {get_input: controller_host}
810 connect_host: {get_input: controller_host}
814 connect_host: {get_input: controller_host}
818 connect_host: {get_input: controller_host}
822 connect_host: {get_input: controller_host}
823 - name: 'swift-proxy'
826 connect_host: {get_input: controller_host}
830 connect_host: {get_input: controller_host}
834 connect_host: {get_input: controller_host}
836 ControllerSSLDeployment:
837 type: OS::Heat::StructuredDeployment
839 config: {get_resource: SSLConfig}
840 server: {get_resource: Controller}
841 signal_transport: NO_SIGNAL
843 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
844 ssl_certificate: {get_param: SSLCertificate}
845 ssl_key: {get_param: SSLKey}
846 ssl_ca_certificate: {get_param: SSLCACertificate}
848 ControllerPassthroughDeployment:
849 type: OS::Heat::StructuredDeployment
851 config: {get_resource: ControllerPassthroughConfig}
852 server: {get_resource: Controller}
853 signal_transport: NO_SIGNAL
855 passthrough_config: {get_param: ExtraConfig}
857 ControllerPassthroughSpecificDeployment:
858 depends_on: [ControllerPassthroughDeployment]
859 type: OS::Heat::StructuredDeployment
861 config: {get_resource: ControllerPassthroughConfigSpecific}
862 server: {get_resource: Controller}
863 signal_transport: NO_SIGNAL
865 passthrough_config_specific: {get_param: ControllerExtraConfig}
868 type: OS::Heat::StructuredConfig
870 group: os-apply-config
873 hash: { get_input: swift_hash_suffix }
874 part-power: { get_input: swift_part_power }
875 mount-check: { get_input: swift_mount_check }
876 min-part-hours: { get_input: swift_min_part_hours }
877 replicas: {get_input: swift_replicas }
878 service-password: { get_input: swift_password }
881 type: OS::Heat::StructuredDeployment
883 server: {get_resource: Controller}
884 config: {get_resource: SwiftConfig}
885 signal_transport: NO_SIGNAL
887 swift_hash_suffix: {get_param: SwiftHashSuffix}
888 swift_mount_check: {get_param: SwiftMountCheck}
889 swift_password: {get_param: SwiftPassword}
890 swift_min_part_hours: {get_param: SwiftMinPartHours}
891 swift_part_power: {get_param: SwiftPartPower}
892 swift_replicas: { get_param: SwiftReplicas}
896 description: IP address of the server in the ctlplane network
897 value: {get_attr: [Controller, networks, ctlplane, 0]}
899 description: Hostname of the server
900 value: {get_attr: [Controller, name]}
903 Node object in the format {ip: ..., name: ...} format that the corosync
906 ip: {get_attr: [Controller, networks, ctlplane, 0]}
907 name: {get_attr: [Controller, name]}
910 Server's IP address and hostname in the /etc/hosts format
913 template: IP HOST HOST.novalocal CLOUDNAME
915 IP: {get_attr: [Controller, networks, ctlplane, 0]}
916 HOST: {get_attr: [Controller, name]}
917 CLOUDNAME: {get_param: CloudName}
918 nova_server_resource:
919 description: Heat resource handle for the Nova compute server
921 {get_resource: Controller}
923 description: Swift device formatted for swift-ring-builder
926 template: 'r1z1-IP:%PORT%/d1'
928 IP: {get_attr: [Controller, networks, ctlplane, 0]}
929 swift_proxy_memcache:
930 description: Swift proxy-memcache value
935 IP: {get_attr: [Controller, networks, ctlplane, 0]}