1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
31 CinderEnableRbdBackend:
33 description: Whether to enable or not the Rbd backend for Cinder
37 description: The iSCSI helper to use with cinder.
39 CinderLVMLoopDeviceSize:
41 description: The size of the loopback file used by the cinder LVM driver.
45 description: The password for the cinder service account, used by cinder-api.
50 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
52 ControllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
58 ControlVirtualInterface:
60 description: Interface where virtual ip will be assigned.
64 description: Set to True to enable debugging on all services.
68 description: Whether to use Galera instead of regular MariaDB.
72 description: If enabled services will be monitored by Pacemaker; it
73 will manage VIPs as well, in place of Keepalived.
77 description: Whether to deploy Ceph Storage (OSD) on the Controller
81 description: Whether to enable Swift Storage on the Controller
86 Additional configuration to inject into the cluster. The JSON should have
87 the following structure:
90 [{"section": "SECTIONNAME",
92 [{"option": "OPTIONNAME",
103 [{"section": "default",
105 [{"option": "compute_manager",
106 "value": "ironic.nova.compute.manager.ClusterComputeManager"
112 [{"option": "driver",
113 "value": "nova.cells.rpc_driver.CellsRPCDriver"
122 description: Flavor for control nodes to request when deploying.
125 - custom_constraint: nova.flavor
126 GlanceNotifierStrategy:
127 description: Strategy to use for Glance notification queue
131 description: The filepath of the file to use for logging messages from Glance.
136 description: The password for the glance service account, used by the glance services.
141 description: Glance port.
145 description: Protocol to use when connecting to glance, set to https for SSL.
149 description: The short name of the Glance backend to use. Should be one
150 of swift, rbd, or file
153 - allowed_values: ['swift', 'file', 'rbd']
156 description: The password for the Heat service account, used by the Heat services.
159 HeatStackDomainAdminPassword:
160 description: Password for heat_domain_admin user.
164 HeatAuthEncryptionKey:
165 description: Auth encryption key for heat-engine
169 default: overcloud-control
171 - custom_constraint: glance.image
173 default: 'REBUILD_PRESERVE_EPHEMERAL'
174 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
178 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
181 - custom_constraint: nova.keypair
182 KeystoneCACertificate:
184 description: Keystone self-signed certificate authority certificate.
186 KeystoneSigningCertificate:
188 description: Keystone certificate for verifying token validity.
192 description: Keystone key for signing tokens.
195 KeystoneSSLCertificate:
197 description: Keystone certificate for verifying token validity.
199 KeystoneSSLCertificateKey:
201 description: Keystone key for signing tokens.
204 MysqlClusterUniquePart:
205 description: A unique identifier of the MySQL cluster the controller is in.
207 default: 'unset' # Has to be here because of the ignored empty value bug
208 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
210 # - length: {min: 4, max: 10}
211 MysqlInnodbBufferPoolSize:
213 Specifies the size of the buffer pool in megabytes. Setting to
214 zero should be interpreted as "no value" and will defer to the
221 default: '' # Has to be here because of the ignored empty value bug
222 NeutronBridgeMappings:
224 The OVS logical->physical bridge mappings to use. See the Neutron
225 documentation for details. Defaults to mapping br-ex - the external
226 bridge on hosts - to a physical name 'datacentre' which can be used
227 to create provider networks (and we use this for the default floating
228 network) - if changing this either use different post-install network
229 scripts or be sure to keep 'datacentre' as a mapping network name.
232 NeutronDnsmasqOptions:
233 default: 'dhcp-option-force=26,1400'
234 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
238 description: Agent mode for the neutron-l3-agent on the controller hosts
242 description: Whether to configure Neutron Distributed Virtual Routers
244 NeutronMetadataProxySharedSecret:
246 description: Shared secret to prevent spoofing
248 NeutronMechanismDrivers:
249 default: 'openvswitch'
251 The mechanism drivers for the Neutron tenant network. To specify multiple
252 values, use a comma separated string, like so: 'openvswitch,l2_population'
254 NeutronAllowL3AgentFailover:
256 description: Allow automatic l3-agent failover
260 description: Whether to enable l3-agent HA
262 NeutronEnableTunnelling:
268 description: If set, flat networks to configure in neutron plugins.
271 description: The tenant network type for Neutron, either gre or vxlan.
273 NeutronNetworkVLANRanges:
274 default: 'datacentre'
276 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
277 Neutron documentation for permitted values. Defaults to permitting any
278 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
282 description: The password for the neutron service account, used by neutron agents.
285 NeutronPublicInterface:
287 description: What interface to bridge onto br-ex for network nodes.
289 NeutronPublicInterfaceTag:
292 VLAN tag for creating a public VLAN. The tag will be used to
293 create an access port on the exterior bridge for each control plane node,
294 and that port will be given the IP address returned by neutron from the
295 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
296 overcloud.yaml to include the deployment of VLAN ports to the control
299 NeutronPublicInterfaceDefaultRoute:
301 description: A custom default route for the NeutronPublicInterface.
303 NeutronPublicInterfaceIP:
305 description: A custom IP address to put onto the NeutronPublicInterface.
307 NeutronPublicInterfaceRawDevice:
309 description: If set, the public interface is a vlan with this device as the raw device.
314 The tunnel types for the Neutron tenant network. To specify multiple
315 values, use a comma separated string, like so: 'gre,vxlan'
319 description: The password for the nova service account, used by nova-api.
327 description: The password for the 'pcsd' user.
328 PublicVirtualInterface:
331 Specifies the interface where the public-facing virtual ip will be assigned.
332 This should be int_public when a VLAN is being used.
336 default: '' # Has to be here because of the ignored empty value bug
339 default: '' # Has to be here because of the ignored empty value bug
343 description: The password for RabbitMQ
348 description: The username for RabbitMQ
353 Rabbit client subscriber parameter to specify
354 an SSL connection to the RabbitMQ host.
358 description: Set rabbit subscriber port, change this if using SSL
360 SnmpdReadonlyUserName:
361 default: ro_snmp_user
362 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
364 SnmpdReadonlyUserPassword:
366 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
371 description: If set, the contents of an SSL certificate authority file.
375 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
380 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
385 description: A random string to be used as a salt when hashing to determine mappings
391 description: Value of mount_check in Swift account/container/object -server.conf
396 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
399 description: Partition Power to use when building Swift rings
403 description: The password for the swift service account, used by the swift proxy
410 description: How many replicas to use in the swift rings.
413 default: '' # Has to be here because of the ignored empty value bug
419 type: OS::Nova::Server
421 image: {get_param: Image}
422 image_update_policy: {get_param: ImageUpdatePolicy}
423 flavor: {get_param: Flavor}
424 key_name: {get_param: KeyName}
427 user_data_format: SOFTWARE_CONFIG
428 user_data: {get_resource: NodeUserData}
431 type: OS::TripleO::NodeUserData
434 type: OS::TripleO::Net::SoftwareConfig
437 type: OS::TripleO::SoftwareDeployment
439 signal_transport: NO_SIGNAL
440 config: {get_attr: [NetworkConfig, config_id]}
441 server: {get_resource: Controller}
444 interface_name: {get_param: NeutronPublicInterface}
446 ControllerPassthroughConfig:
447 type: OS::Heat::StructuredConfig
449 group: os-apply-config
450 config: {get_input: passthrough_config}
452 ControllerPassthroughConfigSpecific:
453 type: OS::Heat::StructuredConfig
455 group: os-apply-config
456 config: {get_input: passthrough_config_specific}
459 type: OS::Heat::StructuredConfig
461 group: os-apply-config
463 admin-password: {get_input: admin_password}
464 admin-token: {get_input: admin_token}
466 public_interface_ip: {get_input: neutron_public_interface_ip}
468 nodeid: {get_input: bootstack_nodeid}
470 db: {get_input: cinder_dsn}
471 debug: {get_input: debug}
472 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
473 service-password: {get_input: cinder_password}
474 iscsi-helper: {get_input: CinderISCSIHelper}
475 controller-address: {get_input: controller_host}
477 bindnetaddr: {get_input: controller_host}
480 stonith_enabled : false
482 quorum_policy : ignore
486 host: {get_input: controller_virtual_ip}
488 db: {get_input: glance_dsn}
489 debug: {get_input: debug}
490 host: {get_input: controller_virtual_ip}
491 port: {get_input: glance_port}
492 protocol: {get_input: glance_protocol}
493 service-password: {get_input: glance_password}
494 swift-store-user: service:glance
495 swift-store-key: {get_input: glance_password}
496 notifier-strategy: {get_input: glance_notifier_strategy}
497 log-file: {get_input: glance_log_file}
499 admin_password: {get_input: heat_password}
500 admin_tenant_name: service
502 auth_encryption_key: {get_input: heat_auth_encryption_key}
503 db: {get_input: heat_dsn}
504 debug: {get_input: debug}
505 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
506 watch_server_url: {get_input: heat.watch_server_url}
507 metadata_server_url: {get_input: heat.metadata_server_url}
508 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
510 db: {get_input: keystone_dsn}
511 debug: {get_input: debug}
512 host: {get_input: controller_virtual_ip}
513 ca_certificate: {get_input: keystone_ca_certificate}
514 signing_key: {get_input: keystone_signing_key}
515 signing_certificate: {get_input: keystone_signing_certificate}
517 certificate: {get_input: keystone_ssl_certificate}
518 certificate_key: {get_input: keystone_ssl_certificate_key}
520 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
522 root-password: {get_input: mysql_root_password}
523 cluster_name: {get_input: mysql_cluster_name}
525 debug: {get_input: debug}
526 flat-networks: {get_input: neutron_flat_networks}
527 host: {get_input: controller_virtual_ip}
528 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
529 agent_mode: {get_input: neutron_agent_mode}
530 router_distributed: {get_input: neutron_router_distributed}
531 mechanism_drivers: {get_input: neutron_mechanism_drivers}
532 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
533 l3_ha: {get_input: neutron_l3_ha}
535 enable_tunneling: {get_input: neutron_enable_tunneling}
536 local_ip: {get_input: controller_host}
537 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
538 bridge_mappings: {get_input: neutron_bridge_mappings}
539 public_interface: {get_input: neutron_public_interface}
540 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
541 public_interface_route: {get_input: neutron_public_interface_default_route}
542 public_interface_tag: {get_input: neutron_public_interface_tag}
543 physical_bridge: br-ex
544 tenant_network_type: {get_input: neutron_tenant_network_type}
545 tunnel_types: {get_input: neutron_tunnel_types}
546 ovs_db: {get_input: neutron_dsn}
547 service-password: {get_input: neutron_password}
548 dnsmasq-options: {get_input: neutron_dnsmasq_options}
550 db: {get_input: ceilometer_dsn}
551 debug: {get_input: debug}
552 metering_secret: {get_input: ceilometer_metering_secret}
553 service-password: {get_input: ceilometer_password}
555 export_MIB: UCD-SNMP-MIB
556 readonly_user_name: {get_input: snmpd_readonly_user_name}
557 readonly_user_password: {get_input: snmpd_readonly_user_password}
559 compute_driver: libvirt.LibvirtDriver
560 db: {get_input: nova_dsn}
561 default_floating_pool:
563 host: {get_input: controller_virtual_ip}
565 service-password: {get_input: nova_password}
567 host: {get_input: controller_virtual_ip}
568 username: {get_input: rabbit_username}
569 password: {get_input: rabbit_password}
570 cookie: {get_input: rabbit_cookie}
571 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
572 rabbit_port: {get_input: rabbit_client_port}
575 - {server: {get_input: ntp_server}}
578 - vrrp_instance_name: VI_CONTROL
579 virtual_router_id: 51
580 keepalive_interface: {get_input: control_virtual_interface}
583 - ip: {get_input: controller_virtual_ip}
584 interface: {get_input: control_virtual_interface}
585 - vrrp_instance_name: VI_PUBLIC
586 virtual_router_id: 52
587 keepalive_interface: {get_input: public_virtual_interface}
590 - ip: {get_input: public_virtual_ip}
591 interface: {get_input: public_virtual_interface}
598 keepalive_interface: {get_input: public_virtual_interface}
602 ip: {get_input: controller_virtual_ip}
603 interface: {get_input: control_virtual_interface}
605 ip: {get_input: public_virtual_ip}
606 interface: {get_input: public_virtual_interface}
609 - ip: {get_input: controller_virtual_ip}
611 - option httpchk GET /
613 - name: keystone_admin
615 net_binds: &public_binds
616 - ip: {get_input: controller_virtual_ip}
617 - ip: {get_input: public_virtual_ip}
618 - name: keystone_public
620 net_binds: *public_binds
623 net_binds: *public_binds
626 net_binds: *public_binds
629 net_binds: *public_binds
632 net_binds: *public_binds
633 - name: glance_registry
635 net_binds: *public_binds
636 options: # overwrite options as glace_reg needs auth for http req
639 net_binds: *public_binds
640 - name: heat_cloudwatch
642 net_binds: *public_binds
645 net_binds: *public_binds
657 net_binds: *public_binds
658 - name: nova_metadata
660 net_binds: *public_binds
661 - name: nova_novncproxy
663 net_binds: *public_binds
666 net_binds: *public_binds
667 options: # overwrite options as ceil needs auth for http req
668 - name: swift_proxy_server
670 net_binds: *public_binds
672 - option httpchk GET /info
680 ControllerDeployment:
681 type: OS::TripleO::SoftwareDeployment
683 signal_transport: NO_SIGNAL
684 config: {get_resource: ControllerConfig}
685 server: {get_resource: Controller}
687 bootstack_nodeid: {get_attr: [Controller, name]}
688 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
689 controller_virtual_ip: {get_param: VirtualIP}
690 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
691 heat.watch_server_url:
695 - {get_param: VirtualIP}
697 heat.metadata_server_url:
701 - {get_param: VirtualIP}
703 heat.waitcondition_server_url:
707 - {get_param: VirtualIP}
708 - ':8000/v1/waitcondition'
709 admin_password: {get_param: AdminPassword}
710 admin_token: {get_param: AdminToken}
711 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
712 debug: {get_param: Debug}
713 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
714 cinder_password: {get_param: CinderPassword}
715 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
719 - - 'mysql://cinder:unset@'
720 - {get_param: VirtualIP}
722 glance_port: {get_param: GlancePort}
723 glance_protocol: {get_param: GlanceProtocol}
724 glance_password: {get_param: GlancePassword}
725 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
726 glance_log_file: {get_param: GlanceLogFile}
730 - - 'mysql://glance:unset@'
731 - {get_param: VirtualIP}
733 heat_password: {get_param: HeatPassword}
734 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
735 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
739 - - 'mysql://heat:unset@'
740 - {get_param: VirtualIP}
742 keystone_ca_certificate: {get_param: KeystoneCACertificate}
743 keystone_signing_key: {get_param: KeystoneSigningKey}
744 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
745 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
746 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
750 - - 'mysql://keystone:unset@'
751 - {get_param: VirtualIP}
753 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
754 mysql_root_password: {get_param: MysqlRootPassword}
757 template: tripleo-CLUSTER
759 CLUSTER: {get_param: MysqlClusterUniquePart}
760 neutron_flat_networks: {get_param: NeutronFlatNetworks}
761 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
762 neutron_agent_mode: {get_param: NeutronAgentMode}
763 neutron_router_distributed: {get_param: NeutronDVR}
764 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
765 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
766 neutron_l3_ha: {get_param: NeutronL3HA}
767 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
768 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
769 neutron_public_interface: {get_param: NeutronPublicInterface}
770 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
771 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
772 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
773 neutron_tenant_network_type: {get_param: NeutronNetworkType}
774 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
775 neutron_password: {get_param: NeutronPassword}
776 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
780 - - 'mysql://neutron:unset@'
781 - {get_param: VirtualIP}
782 - '/ovs_neutron?charset=utf8'
783 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
784 ceilometer_password: {get_param: CeilometerPassword}
788 - - 'mysql://ceilometer:unset@'
789 - {get_param: VirtualIP}
791 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
792 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
793 nova_password: {get_param: NovaPassword}
797 - - 'mysql://nova:unset@'
798 - {get_param: VirtualIP}
800 rabbit_username: {get_param: RabbitUserName}
801 rabbit_password: {get_param: RabbitPassword}
802 rabbit_cookie: {get_param: RabbitCookie}
803 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
804 rabbit_client_port: {get_param: RabbitClientPort}
805 ntp_server: {get_param: NtpServer}
806 control_virtual_interface: {get_param: ControlVirtualInterface}
807 public_virtual_interface: {get_param: PublicVirtualInterface}
808 public_virtual_ip: {get_param: PublicVirtualIP}
811 type: OS::Heat::StructuredConfig
813 group: os-apply-config
816 ca_certificate: {get_input: ssl_ca_certificate}
818 cert: {get_input: ssl_certificate}
819 key: {get_input: ssl_key}
820 cacert: {get_input: ssl_ca_certificate}
825 connect_host: {get_input: controller_host}
829 connect_host: {get_input: controller_host}
833 connect_host: {get_input: controller_host}
837 connect_host: {get_input: controller_host}
841 connect_host: {get_input: controller_host}
842 - name: 'swift-proxy'
845 connect_host: {get_input: controller_host}
849 connect_host: {get_input: controller_host}
853 connect_host: {get_input: controller_host}
855 ControllerSSLDeployment:
856 type: OS::Heat::StructuredDeployment
858 config: {get_resource: SSLConfig}
859 server: {get_resource: Controller}
860 signal_transport: NO_SIGNAL
862 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
863 ssl_certificate: {get_param: SSLCertificate}
864 ssl_key: {get_param: SSLKey}
865 ssl_ca_certificate: {get_param: SSLCACertificate}
867 ControllerPassthroughDeployment:
868 type: OS::Heat::StructuredDeployment
870 config: {get_resource: ControllerPassthroughConfig}
871 server: {get_resource: Controller}
872 signal_transport: NO_SIGNAL
874 passthrough_config: {get_param: ExtraConfig}
876 ControllerPassthroughSpecificDeployment:
877 depends_on: [ControllerPassthroughDeployment]
878 type: OS::Heat::StructuredDeployment
880 config: {get_resource: ControllerPassthroughConfigSpecific}
881 server: {get_resource: Controller}
882 signal_transport: NO_SIGNAL
884 passthrough_config_specific: {get_param: ControllerExtraConfig}
887 type: OS::Heat::StructuredConfig
889 group: os-apply-config
892 hash: { get_input: swift_hash_suffix }
893 part-power: { get_input: swift_part_power }
894 mount-check: { get_input: swift_mount_check }
895 min-part-hours: { get_input: swift_min_part_hours }
896 replicas: {get_input: swift_replicas }
897 service-password: { get_input: swift_password }
900 type: OS::Heat::StructuredDeployment
902 server: {get_resource: Controller}
903 config: {get_resource: SwiftConfig}
904 signal_transport: NO_SIGNAL
906 swift_hash_suffix: {get_param: SwiftHashSuffix}
907 swift_mount_check: {get_param: SwiftMountCheck}
908 swift_password: {get_param: SwiftPassword}
909 swift_min_part_hours: {get_param: SwiftMinPartHours}
910 swift_part_power: {get_param: SwiftPartPower}
911 swift_replicas: { get_param: SwiftReplicas}
915 description: IP address of the server in the ctlplane network
916 value: {get_attr: [Controller, networks, ctlplane, 0]}
918 description: Hostname of the server
919 value: {get_attr: [Controller, name]}
922 Node object in the format {ip: ..., name: ...} format that the corosync
925 ip: {get_attr: [Controller, networks, ctlplane, 0]}
926 name: {get_attr: [Controller, name]}
929 Server's IP address and hostname in the /etc/hosts format
932 template: IP HOST HOST.novalocal CLOUDNAME
934 IP: {get_attr: [Controller, networks, ctlplane, 0]}
935 HOST: {get_attr: [Controller, name]}
936 CLOUDNAME: {get_param: CloudName}
937 nova_server_resource:
938 description: Heat resource handle for the Nova compute server
940 {get_resource: Controller}
942 description: Swift device formatted for swift-ring-builder
945 template: 'r1z1-IP:%PORT%/d1'
947 IP: {get_attr: [Controller, networks, ctlplane, 0]}
948 swift_proxy_memcache:
949 description: Swift proxy-memcache value
954 IP: {get_attr: [Controller, networks, ctlplane, 0]}