1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
31 CinderEnableRbdBackend:
33 description: Whether to enable or not the Rbd backend for Cinder
37 description: The iSCSI helper to use with cinder.
39 CinderLVMLoopDeviceSize:
41 description: The size of the loopback file used by the cinder LVM driver.
45 description: The password for the cinder service account, used by cinder-api.
50 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
52 ControllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
58 ControlVirtualInterface:
60 description: Interface where virtual ip will be assigned.
64 description: Set to True to enable debugging on all services.
68 description: Whether to use Galera instead of regular MariaDB.
72 description: If enabled services will be monitored by Pacemaker; it
73 will manage VIPs as well, in place of Keepalived.
77 description: Whether to deploy Ceph Storage (OSD) on the Controller
81 description: Whether to enable Swift Storage on the Controller
86 Additional configuration to inject into the cluster. The JSON should have
87 the following structure:
90 [{"section": "SECTIONNAME",
92 [{"option": "OPTIONNAME",
103 [{"section": "default",
105 [{"option": "compute_manager",
106 "value": "ironic.nova.compute.manager.ClusterComputeManager"
112 [{"option": "driver",
113 "value": "nova.cells.rpc_driver.CellsRPCDriver"
122 description: Flavor for control nodes to request when deploying.
125 - custom_constraint: nova.flavor
126 GlanceNotifierStrategy:
127 description: Strategy to use for Glance notification queue
131 description: The filepath of the file to use for logging messages from Glance.
136 description: The password for the glance service account, used by the glance services.
141 description: Glance port.
145 description: Protocol to use when connecting to glance, set to https for SSL.
149 description: The password for the Heat service account, used by the Heat services.
152 HeatStackDomainAdminPassword:
153 description: Password for heat_domain_admin user.
157 HeatAuthEncryptionKey:
158 description: Auth encryption key for heat-engine
161 description: Secret key for Django
165 default: overcloud-control
167 - custom_constraint: glance.image
169 default: 'REBUILD_PRESERVE_EPHEMERAL'
170 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
174 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
177 - custom_constraint: nova.keypair
178 KeystoneCACertificate:
180 description: Keystone self-signed certificate authority certificate.
182 KeystoneSigningCertificate:
184 description: Keystone certificate for verifying token validity.
188 description: Keystone key for signing tokens.
191 KeystoneSSLCertificate:
193 description: Keystone certificate for verifying token validity.
195 KeystoneSSLCertificateKey:
197 description: Keystone key for signing tokens.
200 MysqlClusterUniquePart:
201 description: A unique identifier of the MySQL cluster the controller is in.
203 default: 'unset' # Has to be here because of the ignored empty value bug
204 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
206 # - length: {min: 4, max: 10}
207 MysqlInnodbBufferPoolSize:
209 Specifies the size of the buffer pool in megabytes. Setting to
210 zero should be interpreted as "no value" and will defer to the
217 default: '' # Has to be here because of the ignored empty value bug
218 NeutronBridgeMappings:
220 The OVS logical->physical bridge mappings to use. See the Neutron
221 documentation for details. Defaults to mapping br-ex - the external
222 bridge on hosts - to a physical name 'datacentre' which can be used
223 to create provider networks (and we use this for the default floating
224 network) - if changing this either use different post-install network
225 scripts or be sure to keep 'datacentre' as a mapping network name.
228 NeutronDnsmasqOptions:
229 default: 'dhcp-option-force=26,1400'
230 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
234 description: Agent mode for the neutron-l3-agent on the controller hosts
238 description: Whether to configure Neutron Distributed Virtual Routers
240 NeutronMetadataProxySharedSecret:
242 description: Shared secret to prevent spoofing
244 NeutronMechanismDrivers:
245 default: 'openvswitch'
247 The mechanism drivers for the Neutron tenant network. To specify multiple
248 values, use a comma separated string, like so: 'openvswitch,l2_population'
250 NeutronAllowL3AgentFailover:
252 description: Allow automatic l3-agent failover
256 description: Whether to enable l3-agent HA
258 NeutronEnableTunnelling:
264 description: If set, flat networks to configure in neutron plugins.
267 description: The tenant network type for Neutron, either gre or vxlan.
269 NeutronNetworkVLANRanges:
270 default: 'datacentre'
272 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
273 Neutron documentation for permitted values. Defaults to permitting any
274 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
278 description: The password for the neutron service account, used by neutron agents.
281 NeutronPublicInterface:
283 description: What interface to bridge onto br-ex for network nodes.
285 NeutronPublicInterfaceTag:
288 VLAN tag for creating a public VLAN. The tag will be used to
289 create an access port on the exterior bridge for each control plane node,
290 and that port will be given the IP address returned by neutron from the
291 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
292 overcloud.yaml to include the deployment of VLAN ports to the control
295 NeutronPublicInterfaceDefaultRoute:
297 description: A custom default route for the NeutronPublicInterface.
299 NeutronPublicInterfaceIP:
301 description: A custom IP address to put onto the NeutronPublicInterface.
303 NeutronPublicInterfaceRawDevice:
305 description: If set, the public interface is a vlan with this device as the raw device.
310 The tunnel types for the Neutron tenant network. To specify multiple
311 values, use a comma separated string, like so: 'gre,vxlan'
315 description: The password for the nova service account, used by nova-api.
323 description: The password for the 'pcsd' user.
324 PublicVirtualInterface:
327 Specifies the interface where the public-facing virtual ip will be assigned.
328 This should be int_public when a VLAN is being used.
332 default: '' # Has to be here because of the ignored empty value bug
335 default: '' # Has to be here because of the ignored empty value bug
339 description: The password for RabbitMQ
344 description: The username for RabbitMQ
349 Rabbit client subscriber parameter to specify
350 an SSL connection to the RabbitMQ host.
354 description: Set rabbit subscriber port, change this if using SSL
356 SnmpdReadonlyUserName:
357 default: ro_snmp_user
358 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
360 SnmpdReadonlyUserPassword:
362 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
367 description: If set, the contents of an SSL certificate authority file.
371 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
376 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
381 description: A random string to be used as a salt when hashing to determine mappings
387 description: Value of mount_check in Swift account/container/object -server.conf
392 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
395 description: Partition Power to use when building Swift rings
399 description: The password for the swift service account, used by the swift proxy
406 description: How many replicas to use in the swift rings.
409 default: '' # Has to be here because of the ignored empty value bug
415 type: OS::Nova::Server
417 image: {get_param: Image}
418 image_update_policy: {get_param: ImageUpdatePolicy}
419 flavor: {get_param: Flavor}
420 key_name: {get_param: KeyName}
423 user_data_format: SOFTWARE_CONFIG
426 type: OS::TripleO::Net::SoftwareConfig
429 type: OS::TripleO::SoftwareDeployment
431 signal_transport: NO_SIGNAL
432 config: {get_attr: [NetworkConfig, config_id]}
433 server: {get_resource: Controller}
436 interface_name: {get_param: NeutronPublicInterface}
438 ControllerPassthroughConfig:
439 type: OS::Heat::StructuredConfig
441 group: os-apply-config
442 config: {get_input: passthrough_config}
444 ControllerPassthroughConfigSpecific:
445 type: OS::Heat::StructuredConfig
447 group: os-apply-config
448 config: {get_input: passthrough_config_specific}
451 type: OS::Heat::StructuredConfig
453 group: os-apply-config
455 admin-password: {get_input: admin_password}
456 admin-token: {get_input: admin_token}
458 public_interface_ip: {get_input: neutron_public_interface_ip}
460 nodeid: {get_input: bootstack_nodeid}
462 db: {get_input: cinder_dsn}
463 debug: {get_input: debug}
464 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
465 service-password: {get_input: cinder_password}
466 iscsi-helper: {get_input: CinderISCSIHelper}
467 controller-address: {get_input: controller_host}
469 bindnetaddr: {get_input: controller_host}
472 stonith_enabled : false
474 quorum_policy : ignore
478 host: {get_input: controller_virtual_ip}
480 db: {get_input: glance_dsn}
481 debug: {get_input: debug}
482 host: {get_input: controller_virtual_ip}
483 port: {get_input: glance_port}
484 protocol: {get_input: glance_protocol}
485 service-password: {get_input: glance_password}
486 swift-store-user: service:glance
487 swift-store-key: {get_input: glance_password}
488 notifier-strategy: {get_input: glance_notifier_strategy}
489 log-file: {get_input: glance_log_file}
491 admin_password: {get_input: heat_password}
492 admin_tenant_name: service
494 auth_encryption_key: {get_input: heat_auth_encryption_key}
495 db: {get_input: heat_dsn}
496 debug: {get_input: debug}
497 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
498 watch_server_url: {get_input: heat.watch_server_url}
499 metadata_server_url: {get_input: heat.metadata_server_url}
500 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
502 db: {get_input: keystone_dsn}
503 debug: {get_input: debug}
504 host: {get_input: controller_virtual_ip}
505 ca_certificate: {get_input: keystone_ca_certificate}
506 signing_key: {get_input: keystone_signing_key}
507 signing_certificate: {get_input: keystone_signing_certificate}
509 certificate: {get_input: keystone_ssl_certificate}
510 certificate_key: {get_input: keystone_ssl_certificate_key}
512 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
514 root-password: {get_input: mysql_root_password}
515 cluster_name: {get_input: mysql_cluster_name}
517 debug: {get_input: debug}
518 flat-networks: {get_input: neutron_flat_networks}
519 host: {get_input: controller_virtual_ip}
520 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
521 agent_mode: {get_input: neutron_agent_mode}
522 router_distributed: {get_input: neutron_router_distributed}
523 mechanism_drivers: {get_input: neutron_mechanism_drivers}
524 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
525 l3_ha: {get_input: neutron_l3_ha}
527 enable_tunneling: {get_input: neutron_enable_tunneling}
528 local_ip: {get_input: controller_host}
529 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
530 bridge_mappings: {get_input: neutron_bridge_mappings}
531 public_interface: {get_input: neutron_public_interface}
532 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
533 public_interface_route: {get_input: neutron_public_interface_default_route}
534 public_interface_tag: {get_input: neutron_public_interface_tag}
535 physical_bridge: br-ex
536 tenant_network_type: {get_input: neutron_tenant_network_type}
537 tunnel_types: {get_input: neutron_tunnel_types}
538 ovs_db: {get_input: neutron_dsn}
539 service-password: {get_input: neutron_password}
540 dnsmasq-options: {get_input: neutron_dnsmasq_options}
542 db: {get_input: ceilometer_dsn}
543 debug: {get_input: debug}
544 metering_secret: {get_input: ceilometer_metering_secret}
545 service-password: {get_input: ceilometer_password}
547 export_MIB: UCD-SNMP-MIB
548 readonly_user_name: {get_input: snmpd_readonly_user_name}
549 readonly_user_password: {get_input: snmpd_readonly_user_password}
551 compute_driver: libvirt.LibvirtDriver
552 db: {get_input: nova_dsn}
553 default_floating_pool:
555 host: {get_input: controller_virtual_ip}
557 service-password: {get_input: nova_password}
559 host: {get_input: controller_virtual_ip}
560 username: {get_input: rabbit_username}
561 password: {get_input: rabbit_password}
562 cookie: {get_input: rabbit_cookie}
563 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
564 rabbit_port: {get_input: rabbit_client_port}
567 - {server: {get_input: ntp_server}}
570 - vrrp_instance_name: VI_CONTROL
571 virtual_router_id: 51
572 keepalive_interface: {get_input: control_virtual_interface}
575 - ip: {get_input: controller_virtual_ip}
576 interface: {get_input: control_virtual_interface}
577 - vrrp_instance_name: VI_PUBLIC
578 virtual_router_id: 52
579 keepalive_interface: {get_input: public_virtual_interface}
582 - ip: {get_input: public_virtual_ip}
583 interface: {get_input: public_virtual_interface}
590 keepalive_interface: {get_input: public_virtual_interface}
594 ip: {get_input: controller_virtual_ip}
595 interface: {get_input: control_virtual_interface}
597 ip: {get_input: public_virtual_ip}
598 interface: {get_input: public_virtual_interface}
601 - ip: {get_input: controller_virtual_ip}
603 - option httpchk GET /
605 - name: keystone_admin
607 net_binds: &public_binds
608 - ip: {get_input: controller_virtual_ip}
609 - ip: {get_input: public_virtual_ip}
610 - name: keystone_public
612 net_binds: *public_binds
615 net_binds: *public_binds
618 net_binds: *public_binds
621 net_binds: *public_binds
624 net_binds: *public_binds
625 - name: glance_registry
627 net_binds: *public_binds
628 options: # overwrite options as glace_reg needs auth for http req
631 net_binds: *public_binds
632 - name: heat_cloudwatch
634 net_binds: *public_binds
637 net_binds: *public_binds
649 net_binds: *public_binds
650 - name: nova_metadata
652 net_binds: *public_binds
653 - name: nova_novncproxy
655 net_binds: *public_binds
658 net_binds: *public_binds
659 options: # overwrite options as ceil needs auth for http req
660 - name: swift_proxy_server
662 net_binds: *public_binds
664 - option httpchk GET /info
672 ControllerDeployment:
673 type: OS::TripleO::SoftwareDeployment
675 signal_transport: NO_SIGNAL
676 config: {get_resource: ControllerConfig}
677 server: {get_resource: Controller}
679 bootstack_nodeid: {get_attr: [Controller, name]}
680 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
681 controller_virtual_ip: {get_param: VirtualIP}
682 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
683 heat.watch_server_url:
687 - {get_param: VirtualIP}
689 heat.metadata_server_url:
693 - {get_param: VirtualIP}
695 heat.waitcondition_server_url:
699 - {get_param: VirtualIP}
700 - ':8000/v1/waitcondition'
701 admin_password: {get_param: AdminPassword}
702 admin_token: {get_param: AdminToken}
703 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
704 debug: {get_param: Debug}
705 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
706 cinder_password: {get_param: CinderPassword}
707 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
711 - - 'mysql://cinder:unset@'
712 - {get_param: VirtualIP}
714 glance_port: {get_param: GlancePort}
715 glance_protocol: {get_param: GlanceProtocol}
716 glance_password: {get_param: GlancePassword}
717 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
718 glance_log_file: {get_param: GlanceLogFile}
722 - - 'mysql://glance:unset@'
723 - {get_param: VirtualIP}
725 heat_password: {get_param: HeatPassword}
726 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
727 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
731 - - 'mysql://heat:unset@'
732 - {get_param: VirtualIP}
734 keystone_ca_certificate: {get_param: KeystoneCACertificate}
735 keystone_signing_key: {get_param: KeystoneSigningKey}
736 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
737 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
738 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
742 - - 'mysql://keystone:unset@'
743 - {get_param: VirtualIP}
745 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
746 mysql_root_password: {get_param: MysqlRootPassword}
749 template: tripleo-CLUSTER
751 CLUSTER: {get_param: MysqlClusterUniquePart}
752 neutron_flat_networks: {get_param: NeutronFlatNetworks}
753 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
754 neutron_agent_mode: {get_param: NeutronAgentMode}
755 neutron_router_distributed: {get_param: NeutronDVR}
756 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
757 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
758 neutron_l3_ha: {get_param: NeutronL3HA}
759 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
760 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
761 neutron_public_interface: {get_param: NeutronPublicInterface}
762 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
763 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
764 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
765 neutron_tenant_network_type: {get_param: NeutronNetworkType}
766 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
767 neutron_password: {get_param: NeutronPassword}
768 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
772 - - 'mysql://neutron:unset@'
773 - {get_param: VirtualIP}
774 - '/ovs_neutron?charset=utf8'
775 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
776 ceilometer_password: {get_param: CeilometerPassword}
780 - - 'mysql://ceilometer:unset@'
781 - {get_param: VirtualIP}
783 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
784 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
785 nova_password: {get_param: NovaPassword}
789 - - 'mysql://nova:unset@'
790 - {get_param: VirtualIP}
792 rabbit_username: {get_param: RabbitUserName}
793 rabbit_password: {get_param: RabbitPassword}
794 rabbit_cookie: {get_param: RabbitCookie}
795 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
796 rabbit_client_port: {get_param: RabbitClientPort}
797 ntp_server: {get_param: NtpServer}
798 control_virtual_interface: {get_param: ControlVirtualInterface}
799 public_virtual_interface: {get_param: PublicVirtualInterface}
800 public_virtual_ip: {get_param: PublicVirtualIP}
803 type: OS::Heat::StructuredConfig
805 group: os-apply-config
808 ca_certificate: {get_input: ssl_ca_certificate}
810 cert: {get_input: ssl_certificate}
811 key: {get_input: ssl_key}
812 cacert: {get_input: ssl_ca_certificate}
817 connect_host: {get_input: controller_host}
821 connect_host: {get_input: controller_host}
825 connect_host: {get_input: controller_host}
829 connect_host: {get_input: controller_host}
833 connect_host: {get_input: controller_host}
834 - name: 'swift-proxy'
837 connect_host: {get_input: controller_host}
841 connect_host: {get_input: controller_host}
845 connect_host: {get_input: controller_host}
847 ControllerSSLDeployment:
848 type: OS::Heat::StructuredDeployment
850 config: {get_resource: SSLConfig}
851 server: {get_resource: Controller}
852 signal_transport: NO_SIGNAL
854 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
855 ssl_certificate: {get_param: SSLCertificate}
856 ssl_key: {get_param: SSLKey}
857 ssl_ca_certificate: {get_param: SSLCACertificate}
859 ControllerPassthroughDeployment:
860 type: OS::Heat::StructuredDeployment
862 config: {get_resource: ControllerPassthroughConfig}
863 server: {get_resource: Controller}
864 signal_transport: NO_SIGNAL
866 passthrough_config: {get_param: ExtraConfig}
868 ControllerPassthroughSpecificDeployment:
869 depends_on: [ControllerPassthroughDeployment]
870 type: OS::Heat::StructuredDeployment
872 config: {get_resource: ControllerPassthroughConfigSpecific}
873 server: {get_resource: Controller}
874 signal_transport: NO_SIGNAL
876 passthrough_config_specific: {get_param: ControllerExtraConfig}
879 type: OS::Heat::StructuredConfig
881 group: os-apply-config
884 hash: { get_input: swift_hash_suffix }
885 part-power: { get_input: swift_part_power }
886 mount-check: { get_input: swift_mount_check }
887 min-part-hours: { get_input: swift_min_part_hours }
888 replicas: {get_input: swift_replicas }
889 service-password: { get_input: swift_password }
892 type: OS::Heat::StructuredDeployment
894 server: {get_resource: Controller}
895 config: {get_resource: SwiftConfig}
896 signal_transport: NO_SIGNAL
898 swift_hash_suffix: {get_param: SwiftHashSuffix}
899 swift_mount_check: {get_param: SwiftMountCheck}
900 swift_password: {get_param: SwiftPassword}
901 swift_min_part_hours: {get_param: SwiftMinPartHours}
902 swift_part_power: {get_param: SwiftPartPower}
903 swift_replicas: { get_param: SwiftReplicas}
907 description: IP address of the server in the ctlplane network
908 value: {get_attr: [Controller, networks, ctlplane, 0]}
910 description: Hostname of the server
911 value: {get_attr: [Controller, name]}
914 Node object in the format {ip: ..., name: ...} format that the corosync
917 ip: {get_attr: [Controller, networks, ctlplane, 0]}
918 name: {get_attr: [Controller, name]}
921 Server's IP address and hostname in the /etc/hosts format
924 template: IP HOST HOST.novalocal CLOUDNAME
926 IP: {get_attr: [Controller, networks, ctlplane, 0]}
927 HOST: {get_attr: [Controller, name]}
928 CLOUDNAME: {get_param: CloudName}
929 nova_server_resource:
930 description: Heat resource handle for the Nova compute server
932 {get_resource: Controller}
934 description: Swift device formatted for swift-ring-builder
937 template: 'r1z1-IP:%PORT%/d1'
939 IP: {get_attr: [Controller, networks, ctlplane, 0]}
940 swift_proxy_memcache:
941 description: Swift proxy-memcache value
946 IP: {get_attr: [Controller, networks, ctlplane, 0]}