1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
101 - custom_constraint: nova.flavor
102 GlanceNotifierStrategy:
103 description: Strategy to use for Glance notification queue
107 description: The filepath of the file to use for logging messages from Glance.
112 description: The password for the glance service account, used by the glance services.
117 description: Glance port.
121 description: Protocol to use when connecting to glance, set to https for SSL.
125 description: The password for the Heat service account, used by the Heat services.
128 HeatStackDomainAdminPassword:
129 description: Password for heat_domain_admin user.
135 default: overcloud-control
137 - custom_constraint: glance.image
139 default: 'REBUILD_PRESERVE_EPHEMERAL'
140 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
144 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
147 - custom_constraint: nova.keypair
148 KeystoneCACertificate:
150 description: Keystone self-signed certificate authority certificate.
152 KeystoneSigningCertificate:
154 description: Keystone certificate for verifying token validity.
158 description: Keystone key for signing tokens.
161 KeystoneSSLCertificate:
163 description: Keystone certificate for verifying token validity.
165 KeystoneSSLCertificateKey:
167 description: Keystone key for signing tokens.
170 MysqlClusterUniquePart:
171 description: A unique identifier of the MySQL cluster the controller is in.
173 default: 'unset' # Has to be here because of the ignored empty value bug
175 - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
207 description: Whether to configure Neutron Distributed Virtual Routers
209 NeutronMetadataProxySharedSecret:
211 description: Shared secret to prevent spoofing
213 NeutronMechanismDrivers:
214 default: 'openvswitch'
216 The mechanism drivers for the Neutron tenant network. To specify multiple
217 values, use a comma separated string, like so: 'openvswitch,l2_population'
219 NeutronAllowL3AgentFailover:
221 description: Allow automatic l3-agent failover
223 NeutronEnableTunnelling:
229 description: If set, flat networks to configure in neutron plugins.
232 description: The tenant network type for Neutron, either gre or vxlan.
234 NeutronNetworkVLANRanges:
235 default: 'datacentre'
237 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
238 Neutron documentation for permitted values. Defaults to permitting any
239 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
243 description: The password for the neutron service account, used by neutron agents.
246 NeutronPublicInterface:
248 description: What interface to bridge onto br-ex for network nodes.
250 NeutronPublicInterfaceTag:
253 VLAN tag for creating a public VLAN. The tag will be used to
254 create an access port on the exterior bridge for each control plane node,
255 and that port will be given the IP address returned by neutron from the
256 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
257 overcloud.yaml to include the deployment of VLAN ports to the control
260 NeutronPublicInterfaceDefaultRoute:
262 description: A custom default route for the NeutronPublicInterface.
264 NeutronPublicInterfaceIP:
266 description: A custom IP address to put onto the NeutronPublicInterface.
268 NeutronPublicInterfaceRawDevice:
270 description: If set, the public interface is a vlan with this device as the raw device.
275 The tunnel types for the Neutron tenant network. To specify multiple
276 values, use a comma separated string, like so: 'gre,vxlan'
280 description: The password for the nova service account, used by nova-api.
286 PublicVirtualInterface:
289 Specifies the interface where the public-facing virtual ip will be assigned.
290 This should be int_public when a VLAN is being used.
294 default: '' # Has to be here because of the ignored empty value bug
297 default: '' # Has to be here because of the ignored empty value bug
301 description: The password for RabbitMQ
306 description: The username for RabbitMQ
311 Rabbit client subscriber parameter to specify
312 an SSL connection to the RabbitMQ host.
316 description: Set rabbit subscriber port, change this if using SSL
318 SnmpdReadonlyUserName:
319 default: ro_snmp_user
320 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
322 SnmpdReadonlyUserPassword:
324 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
329 description: If set, the contents of an SSL certificate authority file.
333 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
338 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
343 description: A random string to be used as a salt when hashing to determine mappings
349 description: Partition Power to use when building Swift rings
353 description: The password for the swift service account, used by the swift proxy
360 description: How many replicas to use in the swift rings.
363 default: '' # Has to be here because of the ignored empty value bug
369 type: OS::Nova::Server
371 image: {get_param: Image}
372 image_update_policy: {get_param: ImageUpdatePolicy}
373 flavor: {get_param: Flavor}
374 key_name: {get_param: KeyName}
377 user_data_format: SOFTWARE_CONFIG
380 type: OS::Heat::StructuredConfig
382 group: os-apply-config
384 admin-password: {get_param: AdminPassword}
385 admin-token: {get_param: AdminToken}
387 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
389 nodeid: {get_input: bootstack_nodeid}
392 {get_param: VirtualIP}
397 - - mysql://cinder:unset@
400 debug: {get_param: Debug}
401 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
402 service-password: {get_param: CinderPassword}
403 iscsi-helper: {get_param: CinderISCSIHelper}
404 controller-address: {get_input: controller_host}
406 bindnetaddr: {get_input: controller_host}
409 stonith_enabled : false
411 quorum_policy : ignore
415 host: {get_input: controller_virtual_ip}
420 - - mysql://glance:unset@
423 debug: {get_param: Debug}
424 host: {get_input: controller_virtual_ip}
425 port: {get_param: GlancePort}
426 protocol: {get_param: GlanceProtocol}
427 service-password: {get_param: GlancePassword}
428 swift-store-user: service:glance
429 swift-store-key: {get_param: GlancePassword}
430 notifier-strategy: {get_param: GlanceNotifierStrategy}
431 log-file: {get_param: GlanceLogFile}
433 admin_password: {get_param: HeatPassword}
434 admin_tenant_name: service
436 auth_encryption_key: unset___________
440 - - mysql://heat:unset@
443 debug: {get_param: Debug}
444 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
445 watch_server_url: {get_input: heat.watch_server_url}
446 metadata_server_url: {get_input: heat.metadata_server_url}
447 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
452 - - mysql://keystone:unset@
455 debug: {get_param: Debug}
456 host: {get_input: controller_virtual_ip}
457 ca_certificate: {get_param: KeystoneCACertificate}
458 signing_key: {get_param: KeystoneSigningKey}
459 signing_certificate: {get_param: KeystoneSigningCertificate}
461 certificate: {get_param: KeystoneSSLCertificate}
462 certificate_key: {get_param: KeystoneSSLCertificateKey}
464 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
466 root-password: {get_param: MysqlRootPassword}
469 template: tripleo-CLUSTER
471 CLUSTER: {get_param: MysqlClusterUniquePart}
473 debug: {get_param: Debug}
474 flat-networks: {get_param: NeutronFlatNetworks}
475 host: {get_input: controller_virtual_ip}
476 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
477 agent_mode: {get_param: NeutronAgentMode}
478 router_distributed: {get_param: NeutronDVR}
479 mechanism_drivers: {get_param: NeutronMechanismDrivers}
480 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
482 enable_tunneling: {get_input: neutron_enable_tunneling}
483 local_ip: {get_input: controller_host}
484 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
485 bridge_mappings: {get_param: NeutronBridgeMappings}
486 public_interface: {get_param: NeutronPublicInterface}
487 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
488 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
489 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
490 physical_bridge: br-ex
491 tenant_network_type: {get_param: NeutronNetworkType}
492 tunnel_types: {get_param: NeutronTunnelTypes}
496 - - mysql://neutron:unset@
498 - /ovs_neutron?charset=utf8
499 service-password: {get_param: NeutronPassword}
500 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
505 - - mysql://ceilometer:unset@
508 debug: {get_param: Debug}
509 metering_secret: {get_param: CeilometerMeteringSecret}
510 service-password: {get_param: CeilometerPassword}
512 export_MIB: UCD-SNMP-MIB
513 readonly_user_name: {get_param: SnmpdReadonlyUserName}
514 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
516 compute_driver: libvirt.LibvirtDriver
520 - - mysql://nova:unset@
523 default_floating_pool:
525 host: {get_input: controller_virtual_ip}
527 service-password: {get_param: NovaPassword}
529 host: {get_input: controller_virtual_ip}
530 username: {get_param: RabbitUserName}
531 password: {get_param: RabbitPassword}
532 cookie: {get_param: RabbitCookie}
533 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
534 rabbit_port: {get_param: RabbitClientPort}
537 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
540 - vrrp_instance_name: VI_CONTROL
541 virtual_router_id: 51
542 keepalive_interface: {get_param: ControlVirtualInterface}
545 - ip: {get_param: VirtualIP}
546 interface: {get_param: ControlVirtualInterface}
547 - vrrp_instance_name: VI_PUBLIC
548 virtual_router_id: 52
549 keepalive_interface: {get_param: PublicVirtualInterface}
552 - ip: {get_param: PublicVirtualIP}
553 interface: {get_param: PublicVirtualInterface}
560 keepalive_interface: {get_param: PublicVirtualInterface}
564 ip: {get_param: VirtualIP}
565 interface: {get_param: ControlVirtualInterface}
567 ip: {get_param: PublicVirtualIP}
568 interface: {get_param: PublicVirtualInterface}
571 - ip: {get_param: VirtualIP}
573 - option httpchk GET /
575 - name: keystone_admin
577 net_binds: &public_binds
578 - ip: {get_param: VirtualIP}
579 - ip: {get_param: PublicVirtualIP}
580 - name: keystone_public
582 net_binds: *public_binds
585 net_binds: *public_binds
588 net_binds: *public_binds
591 net_binds: *public_binds
594 net_binds: *public_binds
595 - name: glance_registry
597 net_binds: *public_binds
598 options: # overwrite options as glace_reg needs auth for http req
601 net_binds: *public_binds
602 - name: heat_cloudwatch
604 net_binds: *public_binds
607 net_binds: *public_binds
619 net_binds: *public_binds
620 - name: nova_metadata
622 net_binds: *public_binds
625 net_binds: *public_binds
626 options: # overwrite options as ceil needs auth for http req
627 - name: swift_proxy_server
629 net_binds: *public_binds
631 - option httpchk GET /info
638 ControllerPassthroughConfig:
639 type: OS::Heat::StructuredConfig
641 group: os-apply-config
642 config: {get_input: passthrough_config}
644 ControllerPassthroughConfigSpecific:
645 type: OS::Heat::StructuredConfig
647 group: os-apply-config
648 config: {get_input: passthrough_config_specific}
650 ControllerDeployment:
651 type: OS::Heat::StructuredDeployment
653 signal_transport: NO_SIGNAL
654 config: {get_resource: ControllerConfig}
655 server: {get_resource: Controller}
657 bootstack_nodeid: {get_attr: [Controller, name]}
658 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
659 controller_virtual_ip: {get_param: VirtualIP}
660 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
661 heat.watch_server_url:
665 - {get_param: VirtualIP}
667 heat.metadata_server_url:
671 - {get_param: VirtualIP}
673 heat.waitcondition_server_url:
677 - {get_param: VirtualIP}
678 - ':8000/v1/waitcondition'
681 type: OS::Heat::StructuredConfig
683 group: os-apply-config
686 ca_certificate: {get_input: ssl_ca_certificate}
688 cert: {get_input: ssl_certificate}
689 key: {get_input: ssl_key}
690 cacert: {get_input: ssl_ca_certificate}
695 connect_host: {get_input: controller_host}
699 connect_host: {get_input: controller_host}
703 connect_host: {get_input: controller_host}
707 connect_host: {get_input: controller_host}
711 connect_host: {get_input: controller_host}
712 - name: 'swift-proxy'
715 connect_host: {get_input: controller_host}
719 connect_host: {get_input: controller_host}
723 connect_host: {get_input: controller_host}
725 ControllerSSLDeployment:
726 type: OS::Heat::StructuredDeployment
728 config: {get_resource: SSLConfig}
729 server: {get_resource: Controller}
730 signal_transport: NO_SIGNAL
732 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
733 ssl_certificate: {get_param: SSLCertificate}
734 ssl_key: {get_param: SSLKey}
735 ssl_ca_certificate: {get_param: SSLCACertificate}
737 ControllerPassthroughDeployment:
738 type: OS::Heat::StructuredDeployment
740 config: {get_resource: ControllerPassthroughConfig}
741 server: {get_resource: Controller}
742 signal_transport: NO_SIGNAL
744 passthrough_config: {get_param: ExtraConfig}
746 ControllerPassthroughSpecificDeployment:
747 depends_on: [ControllerPassthroughDeployment]
748 type: OS::Heat::StructuredDeployment
750 config: {get_resource: ControllerPassthroughConfigSpecific}
751 server: {get_resource: Controller}
752 signal_transport: NO_SIGNAL
754 passthrough_config_specific: {get_param: ControllerExtraConfig}
757 type: OS::Heat::StructuredConfig
759 group: os-apply-config
762 hash: { get_input: swift_hash_suffix }
763 part-power: { get_input: swift_part_power }
764 replicas: {get_input: swift_replicas }
765 service-password: { get_input: swift_password }
768 type: OS::Heat::StructuredDeployment
770 server: {get_resource: Controller}
771 config: {get_resource: SwiftConfig}
772 signal_transport: NO_SIGNAL
774 swift_hash_suffix: {get_param: SwiftHashSuffix}
775 swift_password: {get_param: SwiftPassword}
776 swift_part_power: {get_param: SwiftPartPower}
777 swift_replicas: { get_param: SwiftReplicas}
781 description: IP address of the server in the ctlplane network
782 value: {get_attr: [Controller, networks, ctlplane, 0]}
784 description: Hostname of the server
785 value: {get_attr: [Controller, name]}
788 Node object in the format {ip: ..., name: ...} format that the corosync
791 ip: {get_attr: [Controller, networks, ctlplane, 0]}
792 name: {get_attr: [Controller, name]}
795 Server's IP address and hostname in the /etc/hosts format
798 template: IP HOST HOST.novalocal CLOUDNAME
800 IP: {get_attr: [Controller, networks, ctlplane, 0]}
801 HOST: {get_attr: [Controller, name]}
802 CLOUDNAME: {get_param: CloudName}
803 nova_server_resource:
804 description: Heat resource handle for the Nova compute server
806 {get_resource: Controller}
808 description: Swift device formatted for swift-ring-builder
811 template: 'r1z1-IP:%PORT%/d1'
813 IP: {get_attr: [Controller, networks, ctlplane, 0]}
814 swift_proxy_memcache:
815 description: Swift proxy-memcache value
820 IP: {get_attr: [Controller, networks, ctlplane, 0]}