1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
31 CinderEnableIscsiBackend:
33 description: Whether to enable or not the Iscsi backend for Cinder
35 CinderEnableRbdBackend:
37 description: Whether to enable or not the Rbd backend for Cinder
41 description: The iSCSI helper to use with cinder.
43 CinderLVMLoopDeviceSize:
45 description: The size of the loopback file used by the cinder LVM driver.
49 description: The password for the cinder service account, used by cinder-api.
54 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
56 ControllerExtraConfig:
59 Controller specific configuration to inject into the cluster. Same
60 structure as ExtraConfig.
62 ControlVirtualInterface:
64 description: Interface where virtual ip will be assigned.
68 description: Set to True to enable debugging on all services.
72 description: Whether to use Galera instead of regular MariaDB.
76 description: If enabled services will be monitored by Pacemaker; it
77 will manage VIPs as well, in place of Keepalived.
81 description: Whether to deploy Ceph Storage (OSD) on the Controller
85 description: Whether to enable Swift Storage on the Controller
90 Additional configuration to inject into the cluster. The JSON should have
91 the following structure:
94 [{"section": "SECTIONNAME",
96 [{"option": "OPTIONNAME",
107 [{"section": "default",
109 [{"option": "compute_manager",
110 "value": "ironic.nova.compute.manager.ClusterComputeManager"
116 [{"option": "driver",
117 "value": "nova.cells.rpc_driver.CellsRPCDriver"
126 description: Flavor for control nodes to request when deploying.
129 - custom_constraint: nova.flavor
130 GlanceNotifierStrategy:
131 description: Strategy to use for Glance notification queue
135 description: The filepath of the file to use for logging messages from Glance.
140 description: The password for the glance service account, used by the glance services.
145 description: Glance port.
149 description: Protocol to use when connecting to glance, set to https for SSL.
153 description: The short name of the Glance backend to use. Should be one
154 of swift, rbd, or file
157 - allowed_values: ['swift', 'file', 'rbd']
160 description: The password for the Heat service account, used by the Heat services.
163 HeatStackDomainAdminPassword:
164 description: Password for heat_domain_admin user.
168 HeatAuthEncryptionKey:
169 description: Auth encryption key for heat-engine
173 default: overcloud-control
175 - custom_constraint: glance.image
177 default: 'REBUILD_PRESERVE_EPHEMERAL'
178 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
182 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
185 - custom_constraint: nova.keypair
186 KeystoneCACertificate:
188 description: Keystone self-signed certificate authority certificate.
190 KeystoneSigningCertificate:
192 description: Keystone certificate for verifying token validity.
196 description: Keystone key for signing tokens.
199 KeystoneSSLCertificate:
201 description: Keystone certificate for verifying token validity.
203 KeystoneSSLCertificateKey:
205 description: Keystone key for signing tokens.
208 MysqlClusterUniquePart:
209 description: A unique identifier of the MySQL cluster the controller is in.
211 default: 'unset' # Has to be here because of the ignored empty value bug
212 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
214 # - length: {min: 4, max: 10}
215 MysqlInnodbBufferPoolSize:
217 Specifies the size of the buffer pool in megabytes. Setting to
218 zero should be interpreted as "no value" and will defer to the
225 default: '' # Has to be here because of the ignored empty value bug
226 NeutronBridgeMappings:
228 The OVS logical->physical bridge mappings to use. See the Neutron
229 documentation for details. Defaults to mapping br-ex - the external
230 bridge on hosts - to a physical name 'datacentre' which can be used
231 to create provider networks (and we use this for the default floating
232 network) - if changing this either use different post-install network
233 scripts or be sure to keep 'datacentre' as a mapping network name.
235 default: "datacentre:br-ex"
236 NeutronDnsmasqOptions:
237 default: 'dhcp-option-force=26,1400'
238 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
242 description: Agent mode for the neutron-l3-agent on the controller hosts
246 description: Whether to configure Neutron Distributed Virtual Routers
248 NeutronMetadataProxySharedSecret:
250 description: Shared secret to prevent spoofing
252 NeutronMechanismDrivers:
253 default: 'openvswitch'
255 The mechanism drivers for the Neutron tenant network. To specify multiple
256 values, use a comma separated string, like so: 'openvswitch,l2_population'
258 NeutronAllowL3AgentFailover:
260 description: Allow automatic l3-agent failover
264 description: Whether to enable l3-agent HA
266 NeutronEnableTunnelling:
271 default: 'datacentre'
272 description: If set, flat networks to configure in neutron plugins.
275 description: The tenant network type for Neutron, either gre or vxlan.
277 NeutronNetworkVLANRanges:
278 default: 'datacentre'
280 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
281 Neutron documentation for permitted values. Defaults to permitting any
282 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
286 description: The password for the neutron service account, used by neutron agents.
289 NeutronPublicInterface:
291 description: What interface to bridge onto br-ex for network nodes.
293 NeutronPublicInterfaceTag:
296 VLAN tag for creating a public VLAN. The tag will be used to
297 create an access port on the exterior bridge for each control plane node,
298 and that port will be given the IP address returned by neutron from the
299 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
300 overcloud.yaml to include the deployment of VLAN ports to the control
303 NeutronPublicInterfaceDefaultRoute:
305 description: A custom default route for the NeutronPublicInterface.
307 NeutronPublicInterfaceIP:
309 description: A custom IP address to put onto the NeutronPublicInterface.
311 NeutronPublicInterfaceRawDevice:
313 description: If set, the public interface is a vlan with this device as the raw device.
318 The tunnel types for the Neutron tenant network. To specify multiple
319 values, use a comma separated string, like so: 'gre,vxlan'
323 description: The password for the nova service account, used by nova-api.
331 description: The password for the 'pcsd' user.
332 PublicVirtualInterface:
335 Specifies the interface where the public-facing virtual ip will be assigned.
336 This should be int_public when a VLAN is being used.
340 default: '' # Has to be here because of the ignored empty value bug
343 default: '' # Has to be here because of the ignored empty value bug
347 description: The password for RabbitMQ
352 description: The username for RabbitMQ
357 Rabbit client subscriber parameter to specify
358 an SSL connection to the RabbitMQ host.
362 description: Set rabbit subscriber port, change this if using SSL
364 SnmpdReadonlyUserName:
365 default: ro_snmp_user
366 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
368 SnmpdReadonlyUserPassword:
370 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
375 description: If set, the contents of an SSL certificate authority file.
379 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
384 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
389 description: A random string to be used as a salt when hashing to determine mappings
395 description: Value of mount_check in Swift account/container/object -server.conf
400 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
403 description: Partition Power to use when building Swift rings
407 description: The password for the swift service account, used by the swift proxy
414 description: How many replicas to use in the swift rings.
417 default: '' # Has to be here because of the ignored empty value bug
423 type: OS::Nova::Server
425 image: {get_param: Image}
426 image_update_policy: {get_param: ImageUpdatePolicy}
427 flavor: {get_param: Flavor}
428 key_name: {get_param: KeyName}
431 user_data_format: SOFTWARE_CONFIG
432 user_data: {get_resource: NodeUserData}
435 type: OS::TripleO::NodeUserData
438 type: OS::TripleO::Controller::Net::SoftwareConfig
441 type: OS::TripleO::SoftwareDeployment
443 signal_transport: NO_SIGNAL
444 config: {get_attr: [NetworkConfig, config_id]}
445 server: {get_resource: Controller}
448 interface_name: {get_param: NeutronPublicInterface}
450 ControllerPassthroughConfig:
451 type: OS::Heat::StructuredConfig
453 group: os-apply-config
454 config: {get_input: passthrough_config}
456 ControllerPassthroughConfigSpecific:
457 type: OS::Heat::StructuredConfig
459 group: os-apply-config
460 config: {get_input: passthrough_config_specific}
463 type: OS::Heat::StructuredConfig
465 group: os-apply-config
467 admin-password: {get_input: admin_password}
468 admin-token: {get_input: admin_token}
470 public_interface_ip: {get_input: neutron_public_interface_ip}
472 nodeid: {get_input: bootstack_nodeid}
474 db: {get_input: cinder_dsn}
475 debug: {get_input: debug}
476 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
477 service-password: {get_input: cinder_password}
478 iscsi-helper: {get_input: CinderISCSIHelper}
479 controller-address: {get_input: controller_host}
481 bindnetaddr: {get_input: controller_host}
484 stonith_enabled : false
486 quorum_policy : ignore
490 host: {get_input: controller_virtual_ip}
492 db: {get_input: glance_dsn}
493 debug: {get_input: debug}
494 host: {get_input: controller_virtual_ip}
495 port: {get_input: glance_port}
496 protocol: {get_input: glance_protocol}
497 service-password: {get_input: glance_password}
498 swift-store-user: service:glance
499 swift-store-key: {get_input: glance_password}
500 notifier-strategy: {get_input: glance_notifier_strategy}
501 log-file: {get_input: glance_log_file}
503 admin_password: {get_input: heat_password}
504 admin_tenant_name: service
506 auth_encryption_key: {get_input: heat_auth_encryption_key}
507 db: {get_input: heat_dsn}
508 debug: {get_input: debug}
509 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
510 watch_server_url: {get_input: heat.watch_server_url}
511 metadata_server_url: {get_input: heat.metadata_server_url}
512 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
514 db: {get_input: keystone_dsn}
515 debug: {get_input: debug}
516 host: {get_input: controller_virtual_ip}
517 ca_certificate: {get_input: keystone_ca_certificate}
518 signing_key: {get_input: keystone_signing_key}
519 signing_certificate: {get_input: keystone_signing_certificate}
521 certificate: {get_input: keystone_ssl_certificate}
522 certificate_key: {get_input: keystone_ssl_certificate_key}
524 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
526 root-password: {get_input: mysql_root_password}
527 cluster_name: {get_input: mysql_cluster_name}
529 debug: {get_input: debug}
530 flat-networks: {get_input: neutron_flat_networks}
531 host: {get_input: controller_virtual_ip}
532 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
533 agent_mode: {get_input: neutron_agent_mode}
534 router_distributed: {get_input: neutron_router_distributed}
535 mechanism_drivers: {get_input: neutron_mechanism_drivers}
536 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
537 l3_ha: {get_input: neutron_l3_ha}
539 enable_tunneling: {get_input: neutron_enable_tunneling}
540 local_ip: {get_input: controller_host}
541 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
542 bridge_mappings: {get_input: neutron_bridge_mappings}
543 public_interface: {get_input: neutron_public_interface}
544 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
545 public_interface_route: {get_input: neutron_public_interface_default_route}
546 public_interface_tag: {get_input: neutron_public_interface_tag}
547 physical_bridge: br-ex
548 tenant_network_type: {get_input: neutron_tenant_network_type}
549 tunnel_types: {get_input: neutron_tunnel_types}
550 ovs_db: {get_input: neutron_dsn}
551 service-password: {get_input: neutron_password}
552 dnsmasq-options: {get_input: neutron_dnsmasq_options}
554 db: {get_input: ceilometer_dsn}
555 debug: {get_input: debug}
556 metering_secret: {get_input: ceilometer_metering_secret}
557 service-password: {get_input: ceilometer_password}
559 export_MIB: UCD-SNMP-MIB
560 readonly_user_name: {get_input: snmpd_readonly_user_name}
561 readonly_user_password: {get_input: snmpd_readonly_user_password}
563 compute_driver: libvirt.LibvirtDriver
564 db: {get_input: nova_dsn}
565 default_floating_pool:
567 host: {get_input: controller_virtual_ip}
569 service-password: {get_input: nova_password}
571 host: {get_input: controller_virtual_ip}
572 username: {get_input: rabbit_username}
573 password: {get_input: rabbit_password}
574 cookie: {get_input: rabbit_cookie}
575 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
576 rabbit_port: {get_input: rabbit_client_port}
579 - {server: {get_input: ntp_server}}
582 - vrrp_instance_name: VI_CONTROL
583 virtual_router_id: 51
584 keepalive_interface: {get_input: control_virtual_interface}
587 - ip: {get_input: controller_virtual_ip}
588 interface: {get_input: control_virtual_interface}
589 - vrrp_instance_name: VI_PUBLIC
590 virtual_router_id: 52
591 keepalive_interface: {get_input: public_virtual_interface}
594 - ip: {get_input: public_virtual_ip}
595 interface: {get_input: public_virtual_interface}
602 keepalive_interface: {get_input: public_virtual_interface}
606 ip: {get_input: controller_virtual_ip}
607 interface: {get_input: control_virtual_interface}
609 ip: {get_input: public_virtual_ip}
610 interface: {get_input: public_virtual_interface}
613 - ip: {get_input: controller_virtual_ip}
615 - option httpchk GET /
617 - name: keystone_admin
619 net_binds: &public_binds
620 - ip: {get_input: controller_virtual_ip}
621 - ip: {get_input: public_virtual_ip}
622 - name: keystone_public
624 net_binds: *public_binds
627 net_binds: *public_binds
630 net_binds: *public_binds
633 net_binds: *public_binds
636 net_binds: *public_binds
637 - name: glance_registry
639 net_binds: *public_binds
640 options: # overwrite options as glace_reg needs auth for http req
643 net_binds: *public_binds
644 - name: heat_cloudwatch
646 net_binds: *public_binds
649 net_binds: *public_binds
661 net_binds: *public_binds
662 - name: nova_metadata
664 net_binds: *public_binds
665 - name: nova_novncproxy
667 net_binds: *public_binds
670 net_binds: *public_binds
671 options: # overwrite options as ceil needs auth for http req
672 - name: swift_proxy_server
674 net_binds: *public_binds
676 - option httpchk GET /info
684 ControllerDeployment:
685 type: OS::TripleO::SoftwareDeployment
687 signal_transport: NO_SIGNAL
688 config: {get_resource: ControllerConfig}
689 server: {get_resource: Controller}
691 bootstack_nodeid: {get_attr: [Controller, name]}
692 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
693 controller_virtual_ip: {get_param: VirtualIP}
694 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
695 heat.watch_server_url:
699 - {get_param: VirtualIP}
701 heat.metadata_server_url:
705 - {get_param: VirtualIP}
707 heat.waitcondition_server_url:
711 - {get_param: VirtualIP}
712 - ':8000/v1/waitcondition'
713 admin_password: {get_param: AdminPassword}
714 admin_token: {get_param: AdminToken}
715 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
716 debug: {get_param: Debug}
717 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
718 cinder_password: {get_param: CinderPassword}
719 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
723 - - 'mysql://cinder:unset@'
724 - {get_param: VirtualIP}
726 glance_port: {get_param: GlancePort}
727 glance_protocol: {get_param: GlanceProtocol}
728 glance_password: {get_param: GlancePassword}
729 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
730 glance_log_file: {get_param: GlanceLogFile}
734 - - 'mysql://glance:unset@'
735 - {get_param: VirtualIP}
737 heat_password: {get_param: HeatPassword}
738 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
739 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
743 - - 'mysql://heat:unset@'
744 - {get_param: VirtualIP}
746 keystone_ca_certificate: {get_param: KeystoneCACertificate}
747 keystone_signing_key: {get_param: KeystoneSigningKey}
748 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
749 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
750 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
754 - - 'mysql://keystone:unset@'
755 - {get_param: VirtualIP}
757 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
758 mysql_root_password: {get_param: MysqlRootPassword}
761 template: tripleo-CLUSTER
763 CLUSTER: {get_param: MysqlClusterUniquePart}
764 neutron_flat_networks: {get_param: NeutronFlatNetworks}
765 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
766 neutron_agent_mode: {get_param: NeutronAgentMode}
767 neutron_router_distributed: {get_param: NeutronDVR}
768 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
769 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
770 neutron_l3_ha: {get_param: NeutronL3HA}
771 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
772 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
773 neutron_public_interface: {get_param: NeutronPublicInterface}
774 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
775 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
776 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
777 neutron_tenant_network_type: {get_param: NeutronNetworkType}
778 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
779 neutron_password: {get_param: NeutronPassword}
780 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
784 - - 'mysql://neutron:unset@'
785 - {get_param: VirtualIP}
786 - '/ovs_neutron?charset=utf8'
787 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
788 ceilometer_password: {get_param: CeilometerPassword}
792 - - 'mysql://ceilometer:unset@'
793 - {get_param: VirtualIP}
795 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
796 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
797 nova_password: {get_param: NovaPassword}
801 - - 'mysql://nova:unset@'
802 - {get_param: VirtualIP}
804 rabbit_username: {get_param: RabbitUserName}
805 rabbit_password: {get_param: RabbitPassword}
806 rabbit_cookie: {get_param: RabbitCookie}
807 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
808 rabbit_client_port: {get_param: RabbitClientPort}
809 ntp_server: {get_param: NtpServer}
810 control_virtual_interface: {get_param: ControlVirtualInterface}
811 public_virtual_interface: {get_param: PublicVirtualInterface}
812 public_virtual_ip: {get_param: PublicVirtualIP}
815 type: OS::Heat::StructuredConfig
817 group: os-apply-config
820 ca_certificate: {get_input: ssl_ca_certificate}
822 cert: {get_input: ssl_certificate}
823 key: {get_input: ssl_key}
824 cacert: {get_input: ssl_ca_certificate}
829 connect_host: {get_input: controller_host}
833 connect_host: {get_input: controller_host}
837 connect_host: {get_input: controller_host}
841 connect_host: {get_input: controller_host}
845 connect_host: {get_input: controller_host}
846 - name: 'swift-proxy'
849 connect_host: {get_input: controller_host}
853 connect_host: {get_input: controller_host}
857 connect_host: {get_input: controller_host}
859 ControllerSSLDeployment:
860 type: OS::Heat::StructuredDeployment
862 config: {get_resource: SSLConfig}
863 server: {get_resource: Controller}
864 signal_transport: NO_SIGNAL
866 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
867 ssl_certificate: {get_param: SSLCertificate}
868 ssl_key: {get_param: SSLKey}
869 ssl_ca_certificate: {get_param: SSLCACertificate}
871 ControllerPassthroughDeployment:
872 type: OS::Heat::StructuredDeployment
874 config: {get_resource: ControllerPassthroughConfig}
875 server: {get_resource: Controller}
876 signal_transport: NO_SIGNAL
878 passthrough_config: {get_param: ExtraConfig}
880 ControllerPassthroughSpecificDeployment:
881 depends_on: [ControllerPassthroughDeployment]
882 type: OS::Heat::StructuredDeployment
884 config: {get_resource: ControllerPassthroughConfigSpecific}
885 server: {get_resource: Controller}
886 signal_transport: NO_SIGNAL
888 passthrough_config_specific: {get_param: ControllerExtraConfig}
891 type: OS::Heat::StructuredConfig
893 group: os-apply-config
896 hash: { get_input: swift_hash_suffix }
897 part-power: { get_input: swift_part_power }
898 mount-check: { get_input: swift_mount_check }
899 min-part-hours: { get_input: swift_min_part_hours }
900 replicas: {get_input: swift_replicas }
901 service-password: { get_input: swift_password }
904 type: OS::Heat::StructuredDeployment
906 server: {get_resource: Controller}
907 config: {get_resource: SwiftConfig}
908 signal_transport: NO_SIGNAL
910 swift_hash_suffix: {get_param: SwiftHashSuffix}
911 swift_mount_check: {get_param: SwiftMountCheck}
912 swift_password: {get_param: SwiftPassword}
913 swift_min_part_hours: {get_param: SwiftMinPartHours}
914 swift_part_power: {get_param: SwiftPartPower}
915 swift_replicas: { get_param: SwiftReplicas}
919 description: IP address of the server in the ctlplane network
920 value: {get_attr: [Controller, networks, ctlplane, 0]}
922 description: Hostname of the server
923 value: {get_attr: [Controller, name]}
926 Node object in the format {ip: ..., name: ...} format that the corosync
929 ip: {get_attr: [Controller, networks, ctlplane, 0]}
930 name: {get_attr: [Controller, name]}
933 Server's IP address and hostname in the /etc/hosts format
936 template: IP HOST CLOUDNAME
938 IP: {get_attr: [Controller, networks, ctlplane, 0]}
939 HOST: {get_attr: [Controller, name]}
940 CLOUDNAME: {get_param: CloudName}
941 nova_server_resource:
942 description: Heat resource handle for the Nova compute server
944 {get_resource: Controller}
946 description: Swift device formatted for swift-ring-builder
949 template: 'r1z1-IP:%PORT%/d1'
951 IP: {get_attr: [Controller, networks, ctlplane, 0]}
952 swift_proxy_memcache:
953 description: Swift proxy-memcache value
958 IP: {get_attr: [Controller, networks, ctlplane, 0]}