1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
207 description: Whether to configure Neutron Distributed Virtual Routers
209 NeutronMetadataProxySharedSecret:
211 description: Shared secret to prevent spoofing
213 NeutronMechanismDrivers:
214 default: 'openvswitch'
216 The mechanism drivers for the Neutron tenant network. To specify multiple
217 values, use a comma separated string, like so: 'openvswitch,l2_population'
219 NeutronAllowL3AgentFailover:
221 description: Allow automatic l3-agent failover
223 NeutronEnableTunnelling:
229 description: If set, flat networks to configure in neutron plugins.
232 description: The tenant network type for Neutron, either gre or vxlan.
234 NeutronNetworkVLANRanges:
235 default: 'datacentre'
237 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
238 Neutron documentation for permitted values. Defaults to permitting any
239 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
243 description: The password for the neutron service account, used by neutron agents.
246 NeutronPublicInterface:
248 description: What interface to bridge onto br-ex for network nodes.
250 NeutronPublicInterfaceTag:
253 VLAN tag for creating a public VLAN. The tag will be used to
254 create an access port on the exterior bridge for each control plane node,
255 and that port will be given the IP address returned by neutron from the
256 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
257 overcloud.yaml to include the deployment of VLAN ports to the control
260 NeutronPublicInterfaceDefaultRoute:
262 description: A custom default route for the NeutronPublicInterface.
264 NeutronPublicInterfaceIP:
266 description: A custom IP address to put onto the NeutronPublicInterface.
268 NeutronPublicInterfaceRawDevice:
270 description: If set, the public interface is a vlan with this device as the raw device.
275 The tunnel types for the Neutron tenant network. To specify multiple
276 values, use a comma separated string, like so: 'gre,vxlan'
280 description: The password for the nova service account, used by nova-api.
286 PublicVirtualInterface:
289 Specifies the interface where the public-facing virtual ip will be assigned.
290 This should be int_public when a VLAN is being used.
294 default: '' # Has to be here because of the ignored empty value bug
297 default: '' # Has to be here because of the ignored empty value bug
301 description: The password for RabbitMQ
306 description: The username for RabbitMQ
311 Rabbit client subscriber parameter to specify
312 an SSL connection to the RabbitMQ host.
316 description: Set rabbit subscriber port, change this if using SSL
318 SnmpdReadonlyUserName:
319 default: ro_snmp_user
320 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
322 SnmpdReadonlyUserPassword:
324 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
329 description: If set, the contents of an SSL certificate authority file.
333 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
338 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
343 description: A random string to be used as a salt when hashing to determine mappings
349 description: Value of mount_check in Swift account/container/object -server.conf
354 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
357 description: Partition Power to use when building Swift rings
361 description: The password for the swift service account, used by the swift proxy
368 description: How many replicas to use in the swift rings.
371 default: '' # Has to be here because of the ignored empty value bug
377 type: OS::Nova::Server
379 image: {get_param: Image}
380 image_update_policy: {get_param: ImageUpdatePolicy}
381 flavor: {get_param: Flavor}
382 key_name: {get_param: KeyName}
385 user_data_format: SOFTWARE_CONFIG
388 type: OS::TripleO::Net::SoftwareConfig
391 type: OS::TripleO::SoftwareDeployment
393 signal_transport: NO_SIGNAL
394 config: {get_attr: [NetworkConfig, config_id]}
395 server: {get_resource: Controller}
398 interface_name: {get_param: NeutronPublicInterface}
401 type: OS::TripleO::Controller::SoftwareConfig
403 # allow configs to create sub-resources attached to the controller
404 controller_id: {get_resource: Controller}
406 ControllerPassthroughConfig:
407 type: OS::Heat::StructuredConfig
409 group: os-apply-config
410 config: {get_input: passthrough_config}
412 ControllerPassthroughConfigSpecific:
413 type: OS::Heat::StructuredConfig
415 group: os-apply-config
416 config: {get_input: passthrough_config_specific}
418 ControllerDeployment:
419 type: OS::TripleO::SoftwareDeployment
421 signal_transport: NO_SIGNAL
422 config: {get_attr: [ControllerConfig, config_id]}
423 server: {get_resource: Controller}
425 bootstack_nodeid: {get_attr: [Controller, name]}
426 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
427 controller_virtual_ip: {get_param: VirtualIP}
428 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
429 heat.watch_server_url:
433 - {get_param: VirtualIP}
435 heat.metadata_server_url:
439 - {get_param: VirtualIP}
441 heat.waitcondition_server_url:
445 - {get_param: VirtualIP}
446 - ':8000/v1/waitcondition'
447 admin_password: {get_param: AdminPassword}
448 admin_token: {get_param: AdminToken}
449 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
450 debug: {get_param: Debug}
451 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
452 cinder_password: {get_param: CinderPassword}
453 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
457 - - 'mysql://cinder:unset@'
458 - {get_param: VirtualIP}
460 glance_port: {get_param: GlancePort}
461 glance_protocol: {get_param: GlanceProtocol}
462 glance_password: {get_param: GlancePassword}
463 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
464 glance_log_file: {get_param: GlanceLogFile}
468 - - 'mysql://glance:unset@'
469 - {get_param: VirtualIP}
471 heat_password: {get_param: HeatPassword}
472 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
476 - - 'mysql://heat:unset@'
477 - {get_param: VirtualIP}
479 keystone_ca_certificate: {get_param: KeystoneCACertificate}
480 keystone_signing_key: {get_param: KeystoneSigningKey}
481 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
482 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
483 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
487 - - 'mysql://keystone:unset@'
488 - {get_param: VirtualIP}
490 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
491 mysql_root_password: {get_param: MysqlRootPassword}
494 template: tripleo-CLUSTER
496 CLUSTER: {get_param: MysqlClusterUniquePart}
497 neutron_flat_networks: {get_param: NeutronFlatNetworks}
498 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
499 neutron_agent_mode: {get_param: NeutronAgentMode}
500 neutron_router_distributed: {get_param: NeutronDVR}
501 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
502 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
503 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
504 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
505 neutron_public_interface: {get_param: NeutronPublicInterface}
506 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
507 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
508 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
509 neutron_tenant_network_type: {get_param: NeutronNetworkType}
510 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
511 neutron_password: {get_param: NeutronPassword}
512 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
516 - - 'mysql://neutron:unset@'
517 - {get_param: VirtualIP}
518 - '/ovs_neutron?charset=utf8'
519 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
520 ceilometer_password: {get_param: CeilometerPassword}
524 - - 'mysql://ceilometer:unset@'
525 - {get_param: VirtualIP}
527 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
528 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
529 nova_password: {get_param: NovaPassword}
533 - - 'mysql://nova:unset@'
534 - {get_param: VirtualIP}
536 rabbit_username: {get_param: RabbitUserName}
537 rabbit_password: {get_param: RabbitPassword}
538 rabbit_cookie: {get_param: RabbitCookie}
539 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
540 rabbit_client_port: {get_param: RabbitClientPort}
541 ntp_server: {get_param: NtpServer}
542 control_virtual_interface: {get_param: ControlVirtualInterface}
543 public_virtual_interface: {get_param: PublicVirtualInterface}
544 public_virtual_ip: {get_param: PublicVirtualIP}
547 type: OS::Heat::StructuredConfig
549 group: os-apply-config
552 ca_certificate: {get_input: ssl_ca_certificate}
554 cert: {get_input: ssl_certificate}
555 key: {get_input: ssl_key}
556 cacert: {get_input: ssl_ca_certificate}
561 connect_host: {get_input: controller_host}
565 connect_host: {get_input: controller_host}
569 connect_host: {get_input: controller_host}
573 connect_host: {get_input: controller_host}
577 connect_host: {get_input: controller_host}
578 - name: 'swift-proxy'
581 connect_host: {get_input: controller_host}
585 connect_host: {get_input: controller_host}
589 connect_host: {get_input: controller_host}
591 ControllerSSLDeployment:
592 type: OS::Heat::StructuredDeployment
594 config: {get_resource: SSLConfig}
595 server: {get_resource: Controller}
596 signal_transport: NO_SIGNAL
598 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
599 ssl_certificate: {get_param: SSLCertificate}
600 ssl_key: {get_param: SSLKey}
601 ssl_ca_certificate: {get_param: SSLCACertificate}
603 ControllerPassthroughDeployment:
604 type: OS::Heat::StructuredDeployment
606 config: {get_resource: ControllerPassthroughConfig}
607 server: {get_resource: Controller}
608 signal_transport: NO_SIGNAL
610 passthrough_config: {get_param: ExtraConfig}
612 ControllerPassthroughSpecificDeployment:
613 depends_on: [ControllerPassthroughDeployment]
614 type: OS::Heat::StructuredDeployment
616 config: {get_resource: ControllerPassthroughConfigSpecific}
617 server: {get_resource: Controller}
618 signal_transport: NO_SIGNAL
620 passthrough_config_specific: {get_param: ControllerExtraConfig}
623 type: OS::Heat::StructuredConfig
625 group: os-apply-config
628 hash: { get_input: swift_hash_suffix }
629 part-power: { get_input: swift_part_power }
630 mount-check: { get_input: swift_mount_check }
631 min-part-hours: { get_input: swift_min_part_hours }
632 replicas: {get_input: swift_replicas }
633 service-password: { get_input: swift_password }
636 type: OS::Heat::StructuredDeployment
638 server: {get_resource: Controller}
639 config: {get_resource: SwiftConfig}
640 signal_transport: NO_SIGNAL
642 swift_hash_suffix: {get_param: SwiftHashSuffix}
643 swift_mount_check: {get_param: SwiftMountCheck}
644 swift_password: {get_param: SwiftPassword}
645 swift_min_part_hours: {get_param: SwiftMinPartHours}
646 swift_part_power: {get_param: SwiftPartPower}
647 swift_replicas: { get_param: SwiftReplicas}
651 description: IP address of the server in the ctlplane network
652 value: {get_attr: [Controller, networks, ctlplane, 0]}
654 description: Hostname of the server
655 value: {get_attr: [Controller, name]}
658 Node object in the format {ip: ..., name: ...} format that the corosync
661 ip: {get_attr: [Controller, networks, ctlplane, 0]}
662 name: {get_attr: [Controller, name]}
665 Server's IP address and hostname in the /etc/hosts format
668 template: IP HOST HOST.novalocal CLOUDNAME
670 IP: {get_attr: [Controller, networks, ctlplane, 0]}
671 HOST: {get_attr: [Controller, name]}
672 CLOUDNAME: {get_param: CloudName}
673 nova_server_resource:
674 description: Heat resource handle for the Nova compute server
676 {get_resource: Controller}
678 description: Swift device formatted for swift-ring-builder
681 template: 'r1z1-IP:%PORT%/d1'
683 IP: {get_attr: [Controller, networks, ctlplane, 0]}
684 swift_proxy_memcache:
685 description: Swift proxy-memcache value
690 IP: {get_attr: [Controller, networks, ctlplane, 0]}