1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
174 - length: {min: 4, max: 10}
175 MysqlInnodbBufferPoolSize:
177 Specifies the size of the buffer pool in megabytes. Setting to
178 zero should be interpreted as "no value" and will defer to the
185 default: '' # Has to be here because of the ignored empty value bug
186 NeutronBridgeMappings:
188 The OVS logical->physical bridge mappings to use. See the Neutron
189 documentation for details. Defaults to mapping br-ex - the external
190 bridge on hosts - to a physical name 'datacentre' which can be used
191 to create provider networks (and we use this for the default floating
192 network) - if changing this either use different post-install network
193 scripts or be sure to keep 'datacentre' as a mapping network name.
196 NeutronDnsmasqOptions:
197 default: 'dhcp-option-force=26,1400'
198 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
202 description: Agent mode for the neutron-l3-agent on the controller hosts
206 description: Whether to configure Neutron Distributed Virtual Routers
208 NeutronMetadataProxySharedSecret:
210 description: Shared secret to prevent spoofing
212 NeutronMechanismDrivers:
213 default: 'openvswitch'
215 The mechanism drivers for the Neutron tenant network. To specify multiple
216 values, use a comma separated string, like so: 'openvswitch,l2_population'
218 NeutronAllowL3AgentFailover:
220 description: Allow automatic l3-agent failover
222 NeutronEnableTunnelling:
228 description: If set, flat networks to configure in neutron plugins.
231 description: The tenant network type for Neutron, either gre or vxlan.
233 NeutronNetworkVLANRanges:
234 default: 'datacentre'
236 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
237 Neutron documentation for permitted values. Defaults to permitting any
238 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
242 description: The password for the neutron service account, used by neutron agents.
245 NeutronPublicInterface:
247 description: What interface to bridge onto br-ex for network nodes.
249 NeutronPublicInterfaceTag:
252 VLAN tag for creating a public VLAN. The tag will be used to
253 create an access port on the exterior bridge for each control plane node,
254 and that port will be given the IP address returned by neutron from the
255 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
256 overcloud.yaml to include the deployment of VLAN ports to the control
259 NeutronPublicInterfaceDefaultRoute:
261 description: A custom default route for the NeutronPublicInterface.
263 NeutronPublicInterfaceIP:
265 description: A custom IP address to put onto the NeutronPublicInterface.
267 NeutronPublicInterfaceRawDevice:
269 description: If set, the public interface is a vlan with this device as the raw device.
274 The tunnel types for the Neutron tenant network. To specify multiple
275 values, use a comma separated string, like so: 'gre,vxlan'
279 description: The password for the nova service account, used by nova-api.
285 PublicVirtualInterface:
288 Specifies the interface where the public-facing virtual ip will be assigned.
289 This should be int_public when a VLAN is being used.
293 default: '' # Has to be here because of the ignored empty value bug
296 default: '' # Has to be here because of the ignored empty value bug
300 description: The password for RabbitMQ
305 description: The username for RabbitMQ
310 Rabbit client subscriber parameter to specify
311 an SSL connection to the RabbitMQ host.
315 description: Set rabbit subscriber port, change this if using SSL
317 SnmpdReadonlyUserName:
318 default: ro_snmp_user
319 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
321 SnmpdReadonlyUserPassword:
323 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
328 description: If set, the contents of an SSL certificate authority file.
332 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
337 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
342 description: A random string to be used as a salt when hashing to determine mappings
348 description: Partition Power to use when building Swift rings
352 description: The password for the swift service account, used by the swift proxy
359 description: How many replicas to use in the swift rings.
362 default: '' # Has to be here because of the ignored empty value bug
368 type: OS::Nova::Server
370 image: {get_param: Image}
371 image_update_policy: {get_param: ImageUpdatePolicy}
372 flavor: {get_param: Flavor}
373 key_name: {get_param: KeyName}
376 user_data_format: SOFTWARE_CONFIG
379 type: OS::Heat::StructuredConfig
381 group: os-apply-config
383 admin-password: {get_param: AdminPassword}
384 admin-token: {get_param: AdminToken}
386 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
388 nodeid: {get_input: bootstack_nodeid}
391 {get_param: VirtualIP}
396 - - mysql://cinder:unset@
399 debug: {get_param: Debug}
400 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
401 service-password: {get_param: CinderPassword}
402 iscsi-helper: {get_param: CinderISCSIHelper}
403 controller-address: {get_input: controller_host}
405 bindnetaddr: {get_input: controller_host}
408 stonith_enabled : false
410 quorum_policy : ignore
414 host: {get_input: controller_virtual_ip}
419 - - mysql://glance:unset@
422 debug: {get_param: Debug}
423 host: {get_input: controller_virtual_ip}
424 port: {get_param: GlancePort}
425 protocol: {get_param: GlanceProtocol}
426 service-password: {get_param: GlancePassword}
427 swift-store-user: service:glance
428 swift-store-key: {get_param: GlancePassword}
429 notifier-strategy: {get_param: GlanceNotifierStrategy}
430 log-file: {get_param: GlanceLogFile}
432 admin_password: {get_param: HeatPassword}
433 admin_tenant_name: service
435 auth_encryption_key: unset___________
439 - - mysql://heat:unset@
442 debug: {get_param: Debug}
443 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
444 watch_server_url: {get_input: heat.watch_server_url}
445 metadata_server_url: {get_input: heat.metadata_server_url}
446 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
451 - - mysql://keystone:unset@
454 debug: {get_param: Debug}
455 host: {get_input: controller_virtual_ip}
456 ca_certificate: {get_param: KeystoneCACertificate}
457 signing_key: {get_param: KeystoneSigningKey}
458 signing_certificate: {get_param: KeystoneSigningCertificate}
460 certificate: {get_param: KeystoneSSLCertificate}
461 certificate_key: {get_param: KeystoneSSLCertificateKey}
463 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
465 root-password: {get_param: MysqlRootPassword}
468 template: tripleo-CLUSTER
470 CLUSTER: {get_param: MysqlClusterUniquePart}
472 debug: {get_param: Debug}
473 flat-networks: {get_param: NeutronFlatNetworks}
474 host: {get_input: controller_virtual_ip}
475 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
476 agent_mode: {get_param: NeutronAgentMode}
477 router_distributed: {get_param: NeutronDVR}
478 mechanism_drivers: {get_param: NeutronMechanismDrivers}
479 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
481 enable_tunneling: {get_input: neutron_enable_tunneling}
482 local_ip: {get_input: controller_host}
483 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
484 bridge_mappings: {get_param: NeutronBridgeMappings}
485 public_interface: {get_param: NeutronPublicInterface}
486 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
487 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
488 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
489 physical_bridge: br-ex
490 tenant_network_type: {get_param: NeutronNetworkType}
491 tunnel_types: {get_param: NeutronTunnelTypes}
495 - - mysql://neutron:unset@
497 - /ovs_neutron?charset=utf8
498 service-password: {get_param: NeutronPassword}
499 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
504 - - mysql://ceilometer:unset@
507 debug: {get_param: Debug}
508 metering_secret: {get_param: CeilometerMeteringSecret}
509 service-password: {get_param: CeilometerPassword}
511 export_MIB: UCD-SNMP-MIB
512 readonly_user_name: {get_param: SnmpdReadonlyUserName}
513 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
515 compute_driver: libvirt.LibvirtDriver
519 - - mysql://nova:unset@
522 default_floating_pool:
524 host: {get_input: controller_virtual_ip}
526 service-password: {get_param: NovaPassword}
528 host: {get_input: controller_virtual_ip}
529 username: {get_param: RabbitUserName}
530 password: {get_param: RabbitPassword}
531 cookie: {get_param: RabbitCookie}
532 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
533 rabbit_port: {get_param: RabbitClientPort}
536 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
539 - vrrp_instance_name: VI_CONTROL
540 virtual_router_id: 51
541 keepalive_interface: {get_param: ControlVirtualInterface}
544 - ip: {get_param: VirtualIP}
545 interface: {get_param: ControlVirtualInterface}
546 - vrrp_instance_name: VI_PUBLIC
547 virtual_router_id: 52
548 keepalive_interface: {get_param: PublicVirtualInterface}
551 - ip: {get_param: PublicVirtualIP}
552 interface: {get_param: PublicVirtualInterface}
559 keepalive_interface: {get_param: PublicVirtualInterface}
563 ip: {get_param: VirtualIP}
564 interface: {get_param: ControlVirtualInterface}
566 ip: {get_param: PublicVirtualIP}
567 interface: {get_param: PublicVirtualInterface}
570 - ip: {get_param: VirtualIP}
572 - option httpchk GET /
574 - name: keystone_admin
576 net_binds: &public_binds
577 - ip: {get_param: VirtualIP}
578 - ip: {get_param: PublicVirtualIP}
579 - name: keystone_public
581 net_binds: *public_binds
584 net_binds: *public_binds
587 net_binds: *public_binds
590 net_binds: *public_binds
593 net_binds: *public_binds
594 - name: glance_registry
596 net_binds: *public_binds
597 options: # overwrite options as glace_reg needs auth for http req
600 net_binds: *public_binds
601 - name: heat_cloudwatch
603 net_binds: *public_binds
606 net_binds: *public_binds
618 net_binds: *public_binds
619 - name: nova_metadata
621 net_binds: *public_binds
622 - name: nova_novncproxy
624 net_binds: *public_binds
627 net_binds: *public_binds
628 options: # overwrite options as ceil needs auth for http req
629 - name: swift_proxy_server
631 net_binds: *public_binds
633 - option httpchk GET /info
641 ControllerPassthroughConfig:
642 type: OS::Heat::StructuredConfig
644 group: os-apply-config
645 config: {get_input: passthrough_config}
647 ControllerPassthroughConfigSpecific:
648 type: OS::Heat::StructuredConfig
650 group: os-apply-config
651 config: {get_input: passthrough_config_specific}
653 ControllerDeployment:
654 type: OS::Heat::StructuredDeployment
656 signal_transport: NO_SIGNAL
657 config: {get_resource: ControllerConfig}
658 server: {get_resource: Controller}
660 bootstack_nodeid: {get_attr: [Controller, name]}
661 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
662 controller_virtual_ip: {get_param: VirtualIP}
663 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
664 heat.watch_server_url:
668 - {get_param: VirtualIP}
670 heat.metadata_server_url:
674 - {get_param: VirtualIP}
676 heat.waitcondition_server_url:
680 - {get_param: VirtualIP}
681 - ':8000/v1/waitcondition'
684 type: OS::Heat::StructuredConfig
686 group: os-apply-config
689 ca_certificate: {get_input: ssl_ca_certificate}
691 cert: {get_input: ssl_certificate}
692 key: {get_input: ssl_key}
693 cacert: {get_input: ssl_ca_certificate}
698 connect_host: {get_input: controller_host}
702 connect_host: {get_input: controller_host}
706 connect_host: {get_input: controller_host}
710 connect_host: {get_input: controller_host}
714 connect_host: {get_input: controller_host}
715 - name: 'swift-proxy'
718 connect_host: {get_input: controller_host}
722 connect_host: {get_input: controller_host}
726 connect_host: {get_input: controller_host}
728 ControllerSSLDeployment:
729 type: OS::Heat::StructuredDeployment
731 config: {get_resource: SSLConfig}
732 server: {get_resource: Controller}
733 signal_transport: NO_SIGNAL
735 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
736 ssl_certificate: {get_param: SSLCertificate}
737 ssl_key: {get_param: SSLKey}
738 ssl_ca_certificate: {get_param: SSLCACertificate}
740 ControllerPassthroughDeployment:
741 type: OS::Heat::StructuredDeployment
743 config: {get_resource: ControllerPassthroughConfig}
744 server: {get_resource: Controller}
745 signal_transport: NO_SIGNAL
747 passthrough_config: {get_param: ExtraConfig}
749 ControllerPassthroughSpecificDeployment:
750 depends_on: [ControllerPassthroughDeployment]
751 type: OS::Heat::StructuredDeployment
753 config: {get_resource: ControllerPassthroughConfigSpecific}
754 server: {get_resource: Controller}
755 signal_transport: NO_SIGNAL
757 passthrough_config_specific: {get_param: ControllerExtraConfig}
760 type: OS::Heat::StructuredConfig
762 group: os-apply-config
765 hash: { get_input: swift_hash_suffix }
766 part-power: { get_input: swift_part_power }
767 replicas: {get_input: swift_replicas }
768 service-password: { get_input: swift_password }
771 type: OS::Heat::StructuredDeployment
773 server: {get_resource: Controller}
774 config: {get_resource: SwiftConfig}
775 signal_transport: NO_SIGNAL
777 swift_hash_suffix: {get_param: SwiftHashSuffix}
778 swift_password: {get_param: SwiftPassword}
779 swift_part_power: {get_param: SwiftPartPower}
780 swift_replicas: { get_param: SwiftReplicas}
784 description: IP address of the server in the ctlplane network
785 value: {get_attr: [Controller, networks, ctlplane, 0]}
787 description: Hostname of the server
788 value: {get_attr: [Controller, name]}
791 Node object in the format {ip: ..., name: ...} format that the corosync
794 ip: {get_attr: [Controller, networks, ctlplane, 0]}
795 name: {get_attr: [Controller, name]}
798 Server's IP address and hostname in the /etc/hosts format
801 template: IP HOST HOST.novalocal CLOUDNAME
803 IP: {get_attr: [Controller, networks, ctlplane, 0]}
804 HOST: {get_attr: [Controller, name]}
805 CLOUDNAME: {get_param: CloudName}
806 nova_server_resource:
807 description: Heat resource handle for the Nova compute server
809 {get_resource: Controller}
811 description: Swift device formatted for swift-ring-builder
814 template: 'r1z1-IP:%PORT%/d1'
816 IP: {get_attr: [Controller, networks, ctlplane, 0]}
817 swift_proxy_memcache:
818 description: Swift proxy-memcache value
823 IP: {get_attr: [Controller, networks, ctlplane, 0]}