1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
100 GlanceNotifierStrategy:
101 description: Strategy to use for Glance notification queue
105 description: The filepath of the file to use for logging messages from Glance.
110 description: The password for the glance service account, used by the glance services.
115 description: Glance port.
119 description: Protocol to use when connecting to glance, set to https for SSL.
123 description: The password for the Heat service account, used by the Heat services.
126 HeatStackDomainAdminPassword:
127 description: Password for heat_domain_admin user.
133 default: overcloud-control
135 default: 'REBUILD_PRESERVE_EPHEMERAL'
136 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
140 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
142 KeystoneCACertificate:
144 description: Keystone self-signed certificate authority certificate.
146 KeystoneSigningCertificate:
148 description: Keystone certificate for verifying token validity.
152 description: Keystone key for signing tokens.
155 MysqlClusterUniquePart:
156 description: A unique identifier of the MySQL cluster the controller is in.
158 default: 'unset' # Has to be here because of the ignored empty value bug
160 - length: {min: 4, max: 10}
161 MysqlInnodbBufferPoolSize:
163 Specifies the size of the buffer pool in megabytes. Setting to
164 zero should be interpreted as "no value" and will defer to the
171 default: '' # Has to be here because of the ignored empty value bug
172 NeutronBridgeMappings:
174 The OVS logical->physical bridge mappings to use. See the Neutron
175 documentation for details. Defaults to mapping br-ex - the external
176 bridge on hosts - to a physical name 'datacentre' which can be used
177 to create provider networks (and we use this for the default floating
178 network) - if changing this either use different post-install network
179 scripts or be sure to keep 'datacentre' as a mapping network name.
182 NeutronDnsmasqOptions:
183 default: 'dhcp-option-force=26,1400'
184 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
186 NeutronEnableTunnelling:
192 description: If set, flat networks to configure in neutron plugins.
195 description: The tenant network type for Neutron, either gre or vxlan.
197 NeutronNetworkVLANRanges:
198 default: 'datacentre'
200 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
201 Neutron documentation for permitted values. Defaults to permitting any
202 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
206 description: The password for the neutron service account, used by neutron agents.
209 NeutronPublicInterface:
211 description: What interface to bridge onto br-ex for network nodes.
213 NeutronPublicInterfaceTag:
216 VLAN tag for creating a public VLAN. The tag will be used to
217 create an access port on the exterior bridge for each control plane node,
218 and that port will be given the IP address returned by neutron from the
219 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
220 overcloud.yaml to include the deployment of VLAN ports to the control
223 NeutronPublicInterfaceDefaultRoute:
225 description: A custom default route for the NeutronPublicInterface.
227 NeutronPublicInterfaceIP:
229 description: A custom IP address to put onto the NeutronPublicInterface.
231 NeutronPublicInterfaceRawDevice:
233 description: If set, the public interface is a vlan with this device as the raw device.
238 The tunnel types for the Neutron tenant network. To specify multiple
239 values, use a comma separated string, like so: 'gre,vxlan'
243 description: The password for the nova service account, used by nova-api.
249 PublicVirtualInterface:
252 Specifies the interface where the public-facing virtual ip will be assigned.
253 This should be int_public when a VLAN is being used.
257 default: '' # Has to be here because of the ignored empty value bug
260 default: '' # Has to be here because of the ignored empty value bug
264 description: The password for RabbitMQ
269 description: The username for RabbitMQ
271 SnmpdReadonlyUserName:
272 default: ro_snmp_user
273 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
275 SnmpdReadonlyUserPassword:
277 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
282 description: If set, the contents of an SSL certificate authority file.
286 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
291 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
296 description: A random string to be used as a salt when hashing to determine mappings
302 description: Partition Power to use when building Swift rings
306 description: The password for the swift service account, used by the swift proxy
313 description: How many replicas to use in the swift rings.
316 default: '' # Has to be here because of the ignored empty value bug
322 type: OS::Nova::Server
324 image: {get_param: Image}
325 image_update_policy: {get_param: ImageUpdatePolicy}
326 flavor: {get_param: Flavor}
327 key_name: {get_param: KeyName}
330 user_data_format: SOFTWARE_CONFIG
333 type: OS::Heat::StructuredConfig
335 group: os-apply-config
337 admin-password: {get_param: AdminPassword}
338 admin-token: {get_param: AdminToken}
340 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
342 nodeid: {get_input: bootstack_nodeid}
345 {get_param: VirtualIP}
350 - - mysql://cinder:unset@
353 debug: {get_param: Debug}
354 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
355 service-password: {get_param: CinderPassword}
356 iscsi-helper: {get_param: CinderISCSIHelper}
357 controller-address: {get_input: controller_host}
359 bindnetaddr: {get_input: controller_host}
362 stonith_enabled : false
364 quorum_policy : ignore
368 host: {get_input: controller_virtual_ip}
373 - - mysql://glance:unset@
376 debug: {get_param: Debug}
377 host: {get_input: controller_virtual_ip}
378 port: {get_param: GlancePort}
379 protocol: {get_param: GlanceProtocol}
380 service-password: {get_param: GlancePassword}
381 swift-store-user: service:glance
382 swift-store-key: {get_param: GlancePassword}
383 notifier-strategy: {get_param: GlanceNotifierStrategy}
384 log-file: {get_param: GlanceLogFile}
386 admin_password: {get_param: HeatPassword}
387 admin_tenant_name: service
389 auth_encryption_key: unset___________
393 - - mysql://heat:unset@
396 debug: {get_param: Debug}
397 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
398 watch_server_url: {get_input: heat.watch_server_url}
399 metadata_server_url: {get_input: heat.metadata_server_url}
400 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
405 - - mysql://keystone:unset@
408 debug: {get_param: Debug}
409 host: {get_input: controller_virtual_ip}
410 ca_certificate: {get_param: KeystoneCACertificate}
411 signing_key: {get_param: KeystoneSigningKey}
412 signing_certificate: {get_param: KeystoneSigningCertificate}
414 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
416 root-password: {get_param: MysqlRootPassword}
419 template: tripleo-CLUSTER
421 CLUSTER: {get_param: MysqlClusterUniquePart}
423 debug: {get_param: Debug}
424 flat-networks: {get_param: NeutronFlatNetworks}
425 host: {get_input: controller_virtual_ip}
426 metadata_proxy_shared_secret: unset
428 enable_tunneling: {get_input: neutron_enable_tunneling}
429 local_ip: {get_input: controller_host}
430 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
431 bridge_mappings: {get_param: NeutronBridgeMappings}
432 public_interface: {get_param: NeutronPublicInterface}
433 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
434 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
435 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
436 physical_bridge: br-ex
437 tenant_network_type: {get_param: NeutronNetworkType}
438 tunnel_types: {get_param: NeutronTunnelTypes}
442 - - mysql://neutron:unset@
444 - /ovs_neutron?charset=utf8
445 service-password: {get_param: NeutronPassword}
446 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
451 - - mysql://ceilometer:unset@
454 debug: {get_param: Debug}
455 metering_secret: {get_param: CeilometerMeteringSecret}
456 service-password: {get_param: CeilometerPassword}
458 export_MIB: UCD-SNMP-MIB
459 readonly_user_name: {get_param: SnmpdReadonlyUserName}
460 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
462 compute_driver: libvirt.LibvirtDriver
466 - - mysql://nova:unset@
469 default_floating_pool:
471 host: {get_input: controller_virtual_ip}
473 service-password: {get_param: NovaPassword}
475 host: {get_input: controller_virtual_ip}
476 username: {get_param: RabbitUserName}
477 password: {get_param: RabbitPassword}
478 cookie: {get_param: RabbitCookie}
481 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
484 - vrrp_instance_name: VI_CONTROL
485 virtual_router_id: 51
486 keepalive_interface: {get_param: ControlVirtualInterface}
489 - ip: {get_param: VirtualIP}
490 interface: {get_param: ControlVirtualInterface}
491 - vrrp_instance_name: VI_PUBLIC
492 virtual_router_id: 52
493 keepalive_interface: {get_param: PublicVirtualInterface}
496 - ip: {get_param: PublicVirtualIP}
497 interface: {get_param: PublicVirtualInterface}
504 keepalive_interface: {get_param: PublicVirtualInterface}
508 ip: {get_param: VirtualIP}
509 interface: {get_param: ControlVirtualInterface}
511 ip: {get_param: PublicVirtualIP}
512 interface: {get_param: PublicVirtualInterface}
515 - ip: {get_param: VirtualIP}
517 - name: keystone_admin
519 net_binds: &public_binds
520 - ip: {get_param: VirtualIP}
521 - ip: {get_param: PublicVirtualIP}
522 - name: keystone_public
524 net_binds: *public_binds
527 net_binds: *public_binds
530 net_binds: *public_binds
533 net_binds: *public_binds
536 net_binds: *public_binds
537 - name: glance_registry
539 net_binds: *public_binds
542 net_binds: *public_binds
543 - name: heat_cloudwatch
545 net_binds: *public_binds
548 net_binds: *public_binds
560 net_binds: *public_binds
561 - name: nova_metadata
563 net_binds: *public_binds
566 net_binds: *public_binds
567 - name: swift_proxy_server
569 net_binds: *public_binds
576 ControllerPassthroughConfig:
577 type: OS::Heat::StructuredConfig
579 group: os-apply-config
580 config: {get_input: passthrough_config}
582 ControllerPassthroughConfigSpecific:
583 type: OS::Heat::StructuredConfig
585 group: os-apply-config
586 config: {get_input: passthrough_config_specific}
588 ControllerDeployment:
589 type: OS::Heat::StructuredDeployment
591 signal_transport: NO_SIGNAL
592 config: {get_resource: ControllerConfig}
593 server: {get_resource: Controller}
595 bootstack_nodeid: {get_attr: [Controller, name]}
596 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
597 controller_virtual_ip: {get_param: VirtualIP}
598 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
599 heat.watch_server_url:
603 - {get_param: VirtualIP}
605 heat.metadata_server_url:
609 - {get_param: VirtualIP}
611 heat.waitcondition_server_url:
615 - {get_param: VirtualIP}
616 - ':8000/v1/waitcondition'
619 type: OS::Heat::StructuredConfig
621 group: os-apply-config
624 ca_certificate: {get_input: ssl_ca_certificate}
626 cert: {get_input: ssl_certificate}
627 key: {get_input: ssl_key}
628 cacert: {get_input: ssl_ca_certificate}
633 connect_host: {get_input: controller_host}
637 connect_host: {get_input: controller_host}
641 connect_host: {get_input: controller_host}
645 connect_host: {get_input: controller_host}
649 connect_host: {get_input: controller_host}
650 - name: 'swift-proxy'
653 connect_host: {get_input: controller_host}
657 connect_host: {get_input: controller_host}
661 connect_host: {get_input: controller_host}
663 ControllerSSLDeployment:
664 type: OS::Heat::StructuredDeployment
666 config: {get_resource: SSLConfig}
667 server: {get_resource: Controller}
668 signal_transport: NO_SIGNAL
670 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
671 ssl_certificate: {get_param: SSLCertificate}
672 ssl_key: {get_param: SSLKey}
673 ssl_ca_certificate: {get_param: SSLCACertificate}
675 ControllerPassthroughDeployment:
676 type: OS::Heat::StructuredDeployment
678 config: {get_resource: ControllerPassthroughConfig}
679 server: {get_resource: Controller}
680 signal_transport: NO_SIGNAL
682 passthrough_config: {get_param: ExtraConfig}
684 ControllerPassthroughSpecificDeployment:
685 depends_on: [ControllerPassthroughDeployment]
686 type: OS::Heat::StructuredDeployment
688 config: {get_resource: ControllerPassthroughConfigSpecific}
689 server: {get_resource: Controller}
690 signal_transport: NO_SIGNAL
692 passthrough_config_specific: {get_param: ControllerExtraConfig}
695 type: OS::Heat::StructuredConfig
697 group: os-apply-config
700 hash: { get_input: swift_hash_suffix }
701 part-power: { get_input: swift_part_power }
702 replicas: {get_input: swift_replicas }
703 service-password: { get_input: swift_password }
706 type: OS::Heat::StructuredDeployment
708 server: {get_resource: Controller}
709 config: {get_resource: SwiftConfig}
710 signal_transport: NO_SIGNAL
712 swift_hash_suffix: {get_param: SwiftHashSuffix}
713 swift_password: {get_param: SwiftPassword}
714 swift_part_power: {get_param: SwiftPartPower}
715 swift_replicas: { get_param: SwiftReplicas}
719 description: IP address of the server in the ctlplane network
720 value: {get_attr: [Controller, networks, ctlplane, 0]}
722 description: Hostname of the server
723 value: {get_attr: [Controller, name]}
726 Node object in the format {ip: ..., name: ...} format that the corosync
729 ip: {get_attr: [Controller, networks, ctlplane, 0]}
730 name: {get_attr: [Controller, name]}
733 Server's IP address and hostname in the /etc/hosts format
736 template: IP HOST HOST.novalocal CLOUDNAME
738 IP: {get_attr: [Controller, networks, ctlplane, 0]}
739 HOST: {get_attr: [Controller, name]}
740 CLOUDNAME: {get_param: CloudName}
741 nova_server_resource:
742 description: Heat resource handle for the Nova compute server
744 {get_resource: Controller}
746 description: Swift device formatted for swift-ring-builder
749 template: 'r1z1-IP:%PORT%/d1'
751 IP: {get_attr: [Controller, networks, ctlplane, 0]}
752 swift_proxy_memcache:
753 description: Swift proxy-memcache value
758 IP: {get_attr: [Controller, networks, ctlplane, 0]}