1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
101 - custom_constraint: nova.flavor
102 GlanceNotifierStrategy:
103 description: Strategy to use for Glance notification queue
107 description: The filepath of the file to use for logging messages from Glance.
112 description: The password for the glance service account, used by the glance services.
117 description: Glance port.
121 description: Protocol to use when connecting to glance, set to https for SSL.
125 description: The password for the Heat service account, used by the Heat services.
128 HeatStackDomainAdminPassword:
129 description: Password for heat_domain_admin user.
135 default: overcloud-control
137 - custom_constraint: glance.image
139 default: 'REBUILD_PRESERVE_EPHEMERAL'
140 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
144 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
147 - custom_constraint: nova.keypair
148 KeystoneCACertificate:
150 description: Keystone self-signed certificate authority certificate.
152 KeystoneSigningCertificate:
154 description: Keystone certificate for verifying token validity.
158 description: Keystone key for signing tokens.
161 KeystoneSSLCertificate:
163 description: Keystone certificate for verifying token validity.
165 KeystoneSSLCertificateKey:
167 description: Keystone key for signing tokens.
170 MysqlClusterUniquePart:
171 description: A unique identifier of the MySQL cluster the controller is in.
173 default: 'unset' # Has to be here because of the ignored empty value bug
175 - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
201 NeutronEnableTunnelling:
207 description: If set, flat networks to configure in neutron plugins.
210 description: The tenant network type for Neutron, either gre or vxlan.
212 NeutronNetworkVLANRanges:
213 default: 'datacentre'
215 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
216 Neutron documentation for permitted values. Defaults to permitting any
217 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
221 description: The password for the neutron service account, used by neutron agents.
224 NeutronPublicInterface:
226 description: What interface to bridge onto br-ex for network nodes.
228 NeutronPublicInterfaceTag:
231 VLAN tag for creating a public VLAN. The tag will be used to
232 create an access port on the exterior bridge for each control plane node,
233 and that port will be given the IP address returned by neutron from the
234 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
235 overcloud.yaml to include the deployment of VLAN ports to the control
238 NeutronPublicInterfaceDefaultRoute:
240 description: A custom default route for the NeutronPublicInterface.
242 NeutronPublicInterfaceIP:
244 description: A custom IP address to put onto the NeutronPublicInterface.
246 NeutronPublicInterfaceRawDevice:
248 description: If set, the public interface is a vlan with this device as the raw device.
253 The tunnel types for the Neutron tenant network. To specify multiple
254 values, use a comma separated string, like so: 'gre,vxlan'
258 description: The password for the nova service account, used by nova-api.
264 PublicVirtualInterface:
267 Specifies the interface where the public-facing virtual ip will be assigned.
268 This should be int_public when a VLAN is being used.
272 default: '' # Has to be here because of the ignored empty value bug
275 default: '' # Has to be here because of the ignored empty value bug
279 description: The password for RabbitMQ
284 description: The username for RabbitMQ
289 Rabbit client subscriber parameter to specify
290 an SSL connection to the RabbitMQ host.
294 description: Set rabbit subscriber port, change this if using SSL
296 SnmpdReadonlyUserName:
297 default: ro_snmp_user
298 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
300 SnmpdReadonlyUserPassword:
302 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
307 description: If set, the contents of an SSL certificate authority file.
311 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
316 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
321 description: A random string to be used as a salt when hashing to determine mappings
327 description: Partition Power to use when building Swift rings
331 description: The password for the swift service account, used by the swift proxy
338 description: How many replicas to use in the swift rings.
341 default: '' # Has to be here because of the ignored empty value bug
347 type: OS::Nova::Server
349 image: {get_param: Image}
350 image_update_policy: {get_param: ImageUpdatePolicy}
351 flavor: {get_param: Flavor}
352 key_name: {get_param: KeyName}
355 user_data_format: SOFTWARE_CONFIG
358 type: OS::Heat::StructuredConfig
360 group: os-apply-config
362 admin-password: {get_param: AdminPassword}
363 admin-token: {get_param: AdminToken}
365 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
367 nodeid: {get_input: bootstack_nodeid}
370 {get_param: VirtualIP}
375 - - mysql://cinder:unset@
378 debug: {get_param: Debug}
379 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
380 service-password: {get_param: CinderPassword}
381 iscsi-helper: {get_param: CinderISCSIHelper}
382 controller-address: {get_input: controller_host}
384 bindnetaddr: {get_input: controller_host}
387 stonith_enabled : false
389 quorum_policy : ignore
393 host: {get_input: controller_virtual_ip}
398 - - mysql://glance:unset@
401 debug: {get_param: Debug}
402 host: {get_input: controller_virtual_ip}
403 port: {get_param: GlancePort}
404 protocol: {get_param: GlanceProtocol}
405 service-password: {get_param: GlancePassword}
406 swift-store-user: service:glance
407 swift-store-key: {get_param: GlancePassword}
408 notifier-strategy: {get_param: GlanceNotifierStrategy}
409 log-file: {get_param: GlanceLogFile}
411 admin_password: {get_param: HeatPassword}
412 admin_tenant_name: service
414 auth_encryption_key: unset___________
418 - - mysql://heat:unset@
421 debug: {get_param: Debug}
422 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
423 watch_server_url: {get_input: heat.watch_server_url}
424 metadata_server_url: {get_input: heat.metadata_server_url}
425 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
430 - - mysql://keystone:unset@
433 debug: {get_param: Debug}
434 host: {get_input: controller_virtual_ip}
435 ca_certificate: {get_param: KeystoneCACertificate}
436 signing_key: {get_param: KeystoneSigningKey}
437 signing_certificate: {get_param: KeystoneSigningCertificate}
439 certificate: {get_param: KeystoneSSLCertificate}
440 certificate_key: {get_param: KeystoneSSLCertificateKey}
442 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
444 root-password: {get_param: MysqlRootPassword}
447 template: tripleo-CLUSTER
449 CLUSTER: {get_param: MysqlClusterUniquePart}
451 debug: {get_param: Debug}
452 flat-networks: {get_param: NeutronFlatNetworks}
453 host: {get_input: controller_virtual_ip}
454 metadata_proxy_shared_secret: unset
456 enable_tunneling: {get_input: neutron_enable_tunneling}
457 local_ip: {get_input: controller_host}
458 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
459 bridge_mappings: {get_param: NeutronBridgeMappings}
460 public_interface: {get_param: NeutronPublicInterface}
461 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
462 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
463 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
464 physical_bridge: br-ex
465 tenant_network_type: {get_param: NeutronNetworkType}
466 tunnel_types: {get_param: NeutronTunnelTypes}
470 - - mysql://neutron:unset@
472 - /ovs_neutron?charset=utf8
473 service-password: {get_param: NeutronPassword}
474 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
479 - - mysql://ceilometer:unset@
482 debug: {get_param: Debug}
483 metering_secret: {get_param: CeilometerMeteringSecret}
484 service-password: {get_param: CeilometerPassword}
486 export_MIB: UCD-SNMP-MIB
487 readonly_user_name: {get_param: SnmpdReadonlyUserName}
488 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
490 compute_driver: libvirt.LibvirtDriver
494 - - mysql://nova:unset@
497 default_floating_pool:
499 host: {get_input: controller_virtual_ip}
501 service-password: {get_param: NovaPassword}
503 host: {get_input: controller_virtual_ip}
504 username: {get_param: RabbitUserName}
505 password: {get_param: RabbitPassword}
506 cookie: {get_param: RabbitCookie}
507 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
508 rabbit_port: {get_param: RabbitClientPort}
511 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
514 - vrrp_instance_name: VI_CONTROL
515 virtual_router_id: 51
516 keepalive_interface: {get_param: ControlVirtualInterface}
519 - ip: {get_param: VirtualIP}
520 interface: {get_param: ControlVirtualInterface}
521 - vrrp_instance_name: VI_PUBLIC
522 virtual_router_id: 52
523 keepalive_interface: {get_param: PublicVirtualInterface}
526 - ip: {get_param: PublicVirtualIP}
527 interface: {get_param: PublicVirtualInterface}
534 keepalive_interface: {get_param: PublicVirtualInterface}
538 ip: {get_param: VirtualIP}
539 interface: {get_param: ControlVirtualInterface}
541 ip: {get_param: PublicVirtualIP}
542 interface: {get_param: PublicVirtualInterface}
545 - ip: {get_param: VirtualIP}
547 - name: keystone_admin
549 net_binds: &public_binds
550 - ip: {get_param: VirtualIP}
551 - ip: {get_param: PublicVirtualIP}
552 - name: keystone_public
554 net_binds: *public_binds
557 net_binds: *public_binds
560 net_binds: *public_binds
563 net_binds: *public_binds
566 net_binds: *public_binds
567 - name: glance_registry
569 net_binds: *public_binds
572 net_binds: *public_binds
573 - name: heat_cloudwatch
575 net_binds: *public_binds
578 net_binds: *public_binds
590 net_binds: *public_binds
591 - name: nova_metadata
593 net_binds: *public_binds
596 net_binds: *public_binds
597 - name: swift_proxy_server
599 net_binds: *public_binds
606 ControllerPassthroughConfig:
607 type: OS::Heat::StructuredConfig
609 group: os-apply-config
610 config: {get_input: passthrough_config}
612 ControllerPassthroughConfigSpecific:
613 type: OS::Heat::StructuredConfig
615 group: os-apply-config
616 config: {get_input: passthrough_config_specific}
618 ControllerDeployment:
619 type: OS::Heat::StructuredDeployment
621 signal_transport: NO_SIGNAL
622 config: {get_resource: ControllerConfig}
623 server: {get_resource: Controller}
625 bootstack_nodeid: {get_attr: [Controller, name]}
626 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
627 controller_virtual_ip: {get_param: VirtualIP}
628 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
629 heat.watch_server_url:
633 - {get_param: VirtualIP}
635 heat.metadata_server_url:
639 - {get_param: VirtualIP}
641 heat.waitcondition_server_url:
645 - {get_param: VirtualIP}
646 - ':8000/v1/waitcondition'
649 type: OS::Heat::StructuredConfig
651 group: os-apply-config
654 ca_certificate: {get_input: ssl_ca_certificate}
656 cert: {get_input: ssl_certificate}
657 key: {get_input: ssl_key}
658 cacert: {get_input: ssl_ca_certificate}
663 connect_host: {get_input: controller_host}
667 connect_host: {get_input: controller_host}
671 connect_host: {get_input: controller_host}
675 connect_host: {get_input: controller_host}
679 connect_host: {get_input: controller_host}
680 - name: 'swift-proxy'
683 connect_host: {get_input: controller_host}
687 connect_host: {get_input: controller_host}
691 connect_host: {get_input: controller_host}
693 ControllerSSLDeployment:
694 type: OS::Heat::StructuredDeployment
696 config: {get_resource: SSLConfig}
697 server: {get_resource: Controller}
698 signal_transport: NO_SIGNAL
700 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
701 ssl_certificate: {get_param: SSLCertificate}
702 ssl_key: {get_param: SSLKey}
703 ssl_ca_certificate: {get_param: SSLCACertificate}
705 ControllerPassthroughDeployment:
706 type: OS::Heat::StructuredDeployment
708 config: {get_resource: ControllerPassthroughConfig}
709 server: {get_resource: Controller}
710 signal_transport: NO_SIGNAL
712 passthrough_config: {get_param: ExtraConfig}
714 ControllerPassthroughSpecificDeployment:
715 depends_on: [ControllerPassthroughDeployment]
716 type: OS::Heat::StructuredDeployment
718 config: {get_resource: ControllerPassthroughConfigSpecific}
719 server: {get_resource: Controller}
720 signal_transport: NO_SIGNAL
722 passthrough_config_specific: {get_param: ControllerExtraConfig}
725 type: OS::Heat::StructuredConfig
727 group: os-apply-config
730 hash: { get_input: swift_hash_suffix }
731 part-power: { get_input: swift_part_power }
732 replicas: {get_input: swift_replicas }
733 service-password: { get_input: swift_password }
736 type: OS::Heat::StructuredDeployment
738 server: {get_resource: Controller}
739 config: {get_resource: SwiftConfig}
740 signal_transport: NO_SIGNAL
742 swift_hash_suffix: {get_param: SwiftHashSuffix}
743 swift_password: {get_param: SwiftPassword}
744 swift_part_power: {get_param: SwiftPartPower}
745 swift_replicas: { get_param: SwiftReplicas}
749 description: IP address of the server in the ctlplane network
750 value: {get_attr: [Controller, networks, ctlplane, 0]}
752 description: Hostname of the server
753 value: {get_attr: [Controller, name]}
756 Node object in the format {ip: ..., name: ...} format that the corosync
759 ip: {get_attr: [Controller, networks, ctlplane, 0]}
760 name: {get_attr: [Controller, name]}
763 Server's IP address and hostname in the /etc/hosts format
766 template: IP HOST HOST.novalocal CLOUDNAME
768 IP: {get_attr: [Controller, networks, ctlplane, 0]}
769 HOST: {get_attr: [Controller, name]}
770 CLOUDNAME: {get_param: CloudName}
771 nova_server_resource:
772 description: Heat resource handle for the Nova compute server
774 {get_resource: Controller}
776 description: Swift device formatted for swift-ring-builder
779 template: 'r1z1-IP:%PORT%/d1'
781 IP: {get_attr: [Controller, networks, ctlplane, 0]}
782 swift_proxy_memcache:
783 description: Swift proxy-memcache value
788 IP: {get_attr: [Controller, networks, ctlplane, 0]}