1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
31 CinderEnableRbdBackend:
33 description: Whether to enable or not the Rbd backend for Cinder
37 description: The iSCSI helper to use with cinder.
39 CinderLVMLoopDeviceSize:
41 description: The size of the loopback file used by the cinder LVM driver.
45 description: The password for the cinder service account, used by cinder-api.
50 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
52 ControllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
58 ControlVirtualInterface:
60 description: Interface where virtual ip will be assigned.
64 description: Set to True to enable debugging on all services.
68 description: Whether to use Galera instead of regular MariaDB.
72 description: If enabled services will be monitored by Pacemaker; it
73 will manage VIPs as well, in place of Keepalived.
77 description: Whether to deploy Ceph Storage (OSD) on the Controller
81 description: Whether to enable Swift Storage on the Controller
86 Additional configuration to inject into the cluster. The JSON should have
87 the following structure:
90 [{"section": "SECTIONNAME",
92 [{"option": "OPTIONNAME",
103 [{"section": "default",
105 [{"option": "compute_manager",
106 "value": "ironic.nova.compute.manager.ClusterComputeManager"
112 [{"option": "driver",
113 "value": "nova.cells.rpc_driver.CellsRPCDriver"
122 description: Flavor for control nodes to request when deploying.
125 - custom_constraint: nova.flavor
126 GlanceNotifierStrategy:
127 description: Strategy to use for Glance notification queue
131 description: The filepath of the file to use for logging messages from Glance.
136 description: The password for the glance service account, used by the glance services.
141 description: Glance port.
145 description: Protocol to use when connecting to glance, set to https for SSL.
149 description: The password for the Heat service account, used by the Heat services.
152 HeatStackDomainAdminPassword:
153 description: Password for heat_domain_admin user.
157 HeatAuthEncryptionKey:
158 description: Auth encryption key for heat-engine
162 default: overcloud-control
164 - custom_constraint: glance.image
166 default: 'REBUILD_PRESERVE_EPHEMERAL'
167 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
171 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
174 - custom_constraint: nova.keypair
175 KeystoneCACertificate:
177 description: Keystone self-signed certificate authority certificate.
179 KeystoneSigningCertificate:
181 description: Keystone certificate for verifying token validity.
185 description: Keystone key for signing tokens.
188 KeystoneSSLCertificate:
190 description: Keystone certificate for verifying token validity.
192 KeystoneSSLCertificateKey:
194 description: Keystone key for signing tokens.
197 MysqlClusterUniquePart:
198 description: A unique identifier of the MySQL cluster the controller is in.
200 default: 'unset' # Has to be here because of the ignored empty value bug
201 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
203 # - length: {min: 4, max: 10}
204 MysqlInnodbBufferPoolSize:
206 Specifies the size of the buffer pool in megabytes. Setting to
207 zero should be interpreted as "no value" and will defer to the
214 default: '' # Has to be here because of the ignored empty value bug
215 NeutronBridgeMappings:
217 The OVS logical->physical bridge mappings to use. See the Neutron
218 documentation for details. Defaults to mapping br-ex - the external
219 bridge on hosts - to a physical name 'datacentre' which can be used
220 to create provider networks (and we use this for the default floating
221 network) - if changing this either use different post-install network
222 scripts or be sure to keep 'datacentre' as a mapping network name.
225 NeutronDnsmasqOptions:
226 default: 'dhcp-option-force=26,1400'
227 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
231 description: Agent mode for the neutron-l3-agent on the controller hosts
235 description: Whether to configure Neutron Distributed Virtual Routers
237 NeutronMetadataProxySharedSecret:
239 description: Shared secret to prevent spoofing
241 NeutronMechanismDrivers:
242 default: 'openvswitch'
244 The mechanism drivers for the Neutron tenant network. To specify multiple
245 values, use a comma separated string, like so: 'openvswitch,l2_population'
247 NeutronAllowL3AgentFailover:
249 description: Allow automatic l3-agent failover
253 description: Whether to enable l3-agent HA
255 NeutronEnableTunnelling:
261 description: If set, flat networks to configure in neutron plugins.
264 description: The tenant network type for Neutron, either gre or vxlan.
266 NeutronNetworkVLANRanges:
267 default: 'datacentre'
269 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
270 Neutron documentation for permitted values. Defaults to permitting any
271 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
275 description: The password for the neutron service account, used by neutron agents.
278 NeutronPublicInterface:
280 description: What interface to bridge onto br-ex for network nodes.
282 NeutronPublicInterfaceTag:
285 VLAN tag for creating a public VLAN. The tag will be used to
286 create an access port on the exterior bridge for each control plane node,
287 and that port will be given the IP address returned by neutron from the
288 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
289 overcloud.yaml to include the deployment of VLAN ports to the control
292 NeutronPublicInterfaceDefaultRoute:
294 description: A custom default route for the NeutronPublicInterface.
296 NeutronPublicInterfaceIP:
298 description: A custom IP address to put onto the NeutronPublicInterface.
300 NeutronPublicInterfaceRawDevice:
302 description: If set, the public interface is a vlan with this device as the raw device.
307 The tunnel types for the Neutron tenant network. To specify multiple
308 values, use a comma separated string, like so: 'gre,vxlan'
312 description: The password for the nova service account, used by nova-api.
320 description: The password for the 'pcsd' user.
321 PublicVirtualInterface:
324 Specifies the interface where the public-facing virtual ip will be assigned.
325 This should be int_public when a VLAN is being used.
329 default: '' # Has to be here because of the ignored empty value bug
332 default: '' # Has to be here because of the ignored empty value bug
336 description: The password for RabbitMQ
341 description: The username for RabbitMQ
346 Rabbit client subscriber parameter to specify
347 an SSL connection to the RabbitMQ host.
351 description: Set rabbit subscriber port, change this if using SSL
353 SnmpdReadonlyUserName:
354 default: ro_snmp_user
355 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
357 SnmpdReadonlyUserPassword:
359 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
364 description: If set, the contents of an SSL certificate authority file.
368 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
373 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
378 description: A random string to be used as a salt when hashing to determine mappings
384 description: Value of mount_check in Swift account/container/object -server.conf
389 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
392 description: Partition Power to use when building Swift rings
396 description: The password for the swift service account, used by the swift proxy
403 description: How many replicas to use in the swift rings.
406 default: '' # Has to be here because of the ignored empty value bug
412 type: OS::Nova::Server
414 image: {get_param: Image}
415 image_update_policy: {get_param: ImageUpdatePolicy}
416 flavor: {get_param: Flavor}
417 key_name: {get_param: KeyName}
420 user_data_format: SOFTWARE_CONFIG
423 type: OS::TripleO::Net::SoftwareConfig
426 type: OS::TripleO::SoftwareDeployment
428 signal_transport: NO_SIGNAL
429 config: {get_attr: [NetworkConfig, config_id]}
430 server: {get_resource: Controller}
433 interface_name: {get_param: NeutronPublicInterface}
435 ControllerPassthroughConfig:
436 type: OS::Heat::StructuredConfig
438 group: os-apply-config
439 config: {get_input: passthrough_config}
441 ControllerPassthroughConfigSpecific:
442 type: OS::Heat::StructuredConfig
444 group: os-apply-config
445 config: {get_input: passthrough_config_specific}
448 type: OS::Heat::StructuredConfig
450 group: os-apply-config
452 admin-password: {get_input: admin_password}
453 admin-token: {get_input: admin_token}
455 public_interface_ip: {get_input: neutron_public_interface_ip}
457 nodeid: {get_input: bootstack_nodeid}
459 db: {get_input: cinder_dsn}
460 debug: {get_input: debug}
461 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
462 service-password: {get_input: cinder_password}
463 iscsi-helper: {get_input: CinderISCSIHelper}
464 controller-address: {get_input: controller_host}
466 bindnetaddr: {get_input: controller_host}
469 stonith_enabled : false
471 quorum_policy : ignore
475 host: {get_input: controller_virtual_ip}
477 db: {get_input: glance_dsn}
478 debug: {get_input: debug}
479 host: {get_input: controller_virtual_ip}
480 port: {get_input: glance_port}
481 protocol: {get_input: glance_protocol}
482 service-password: {get_input: glance_password}
483 swift-store-user: service:glance
484 swift-store-key: {get_input: glance_password}
485 notifier-strategy: {get_input: glance_notifier_strategy}
486 log-file: {get_input: glance_log_file}
488 admin_password: {get_input: heat_password}
489 admin_tenant_name: service
491 auth_encryption_key: {get_input: heat_auth_encryption_key}
492 db: {get_input: heat_dsn}
493 debug: {get_input: debug}
494 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
495 watch_server_url: {get_input: heat.watch_server_url}
496 metadata_server_url: {get_input: heat.metadata_server_url}
497 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
499 db: {get_input: keystone_dsn}
500 debug: {get_input: debug}
501 host: {get_input: controller_virtual_ip}
502 ca_certificate: {get_input: keystone_ca_certificate}
503 signing_key: {get_input: keystone_signing_key}
504 signing_certificate: {get_input: keystone_signing_certificate}
506 certificate: {get_input: keystone_ssl_certificate}
507 certificate_key: {get_input: keystone_ssl_certificate_key}
509 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
511 root-password: {get_input: mysql_root_password}
512 cluster_name: {get_input: mysql_cluster_name}
514 debug: {get_input: debug}
515 flat-networks: {get_input: neutron_flat_networks}
516 host: {get_input: controller_virtual_ip}
517 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
518 agent_mode: {get_input: neutron_agent_mode}
519 router_distributed: {get_input: neutron_router_distributed}
520 mechanism_drivers: {get_input: neutron_mechanism_drivers}
521 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
522 l3_ha: {get_input: neutron_l3_ha}
524 enable_tunneling: {get_input: neutron_enable_tunneling}
525 local_ip: {get_input: controller_host}
526 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
527 bridge_mappings: {get_input: neutron_bridge_mappings}
528 public_interface: {get_input: neutron_public_interface}
529 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
530 public_interface_route: {get_input: neutron_public_interface_default_route}
531 public_interface_tag: {get_input: neutron_public_interface_tag}
532 physical_bridge: br-ex
533 tenant_network_type: {get_input: neutron_tenant_network_type}
534 tunnel_types: {get_input: neutron_tunnel_types}
535 ovs_db: {get_input: neutron_dsn}
536 service-password: {get_input: neutron_password}
537 dnsmasq-options: {get_input: neutron_dnsmasq_options}
539 db: {get_input: ceilometer_dsn}
540 debug: {get_input: debug}
541 metering_secret: {get_input: ceilometer_metering_secret}
542 service-password: {get_input: ceilometer_password}
544 export_MIB: UCD-SNMP-MIB
545 readonly_user_name: {get_input: snmpd_readonly_user_name}
546 readonly_user_password: {get_input: snmpd_readonly_user_password}
548 compute_driver: libvirt.LibvirtDriver
549 db: {get_input: nova_dsn}
550 default_floating_pool:
552 host: {get_input: controller_virtual_ip}
554 service-password: {get_input: nova_password}
556 host: {get_input: controller_virtual_ip}
557 username: {get_input: rabbit_username}
558 password: {get_input: rabbit_password}
559 cookie: {get_input: rabbit_cookie}
560 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
561 rabbit_port: {get_input: rabbit_client_port}
564 - {server: {get_input: ntp_server}}
567 - vrrp_instance_name: VI_CONTROL
568 virtual_router_id: 51
569 keepalive_interface: {get_input: control_virtual_interface}
572 - ip: {get_input: controller_virtual_ip}
573 interface: {get_input: control_virtual_interface}
574 - vrrp_instance_name: VI_PUBLIC
575 virtual_router_id: 52
576 keepalive_interface: {get_input: public_virtual_interface}
579 - ip: {get_input: public_virtual_ip}
580 interface: {get_input: public_virtual_interface}
587 keepalive_interface: {get_input: public_virtual_interface}
591 ip: {get_input: controller_virtual_ip}
592 interface: {get_input: control_virtual_interface}
594 ip: {get_input: public_virtual_ip}
595 interface: {get_input: public_virtual_interface}
598 - ip: {get_input: controller_virtual_ip}
600 - option httpchk GET /
602 - name: keystone_admin
604 net_binds: &public_binds
605 - ip: {get_input: controller_virtual_ip}
606 - ip: {get_input: public_virtual_ip}
607 - name: keystone_public
609 net_binds: *public_binds
612 net_binds: *public_binds
615 net_binds: *public_binds
618 net_binds: *public_binds
621 net_binds: *public_binds
622 - name: glance_registry
624 net_binds: *public_binds
625 options: # overwrite options as glace_reg needs auth for http req
628 net_binds: *public_binds
629 - name: heat_cloudwatch
631 net_binds: *public_binds
634 net_binds: *public_binds
646 net_binds: *public_binds
647 - name: nova_metadata
649 net_binds: *public_binds
650 - name: nova_novncproxy
652 net_binds: *public_binds
655 net_binds: *public_binds
656 options: # overwrite options as ceil needs auth for http req
657 - name: swift_proxy_server
659 net_binds: *public_binds
661 - option httpchk GET /info
669 ControllerDeployment:
670 type: OS::TripleO::SoftwareDeployment
672 signal_transport: NO_SIGNAL
673 config: {get_resource: ControllerConfig}
674 server: {get_resource: Controller}
676 bootstack_nodeid: {get_attr: [Controller, name]}
677 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
678 controller_virtual_ip: {get_param: VirtualIP}
679 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
680 heat.watch_server_url:
684 - {get_param: VirtualIP}
686 heat.metadata_server_url:
690 - {get_param: VirtualIP}
692 heat.waitcondition_server_url:
696 - {get_param: VirtualIP}
697 - ':8000/v1/waitcondition'
698 admin_password: {get_param: AdminPassword}
699 admin_token: {get_param: AdminToken}
700 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
701 debug: {get_param: Debug}
702 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
703 cinder_password: {get_param: CinderPassword}
704 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
708 - - 'mysql://cinder:unset@'
709 - {get_param: VirtualIP}
711 glance_port: {get_param: GlancePort}
712 glance_protocol: {get_param: GlanceProtocol}
713 glance_password: {get_param: GlancePassword}
714 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
715 glance_log_file: {get_param: GlanceLogFile}
719 - - 'mysql://glance:unset@'
720 - {get_param: VirtualIP}
722 heat_password: {get_param: HeatPassword}
723 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
724 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
728 - - 'mysql://heat:unset@'
729 - {get_param: VirtualIP}
731 keystone_ca_certificate: {get_param: KeystoneCACertificate}
732 keystone_signing_key: {get_param: KeystoneSigningKey}
733 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
734 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
735 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
739 - - 'mysql://keystone:unset@'
740 - {get_param: VirtualIP}
742 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
743 mysql_root_password: {get_param: MysqlRootPassword}
746 template: tripleo-CLUSTER
748 CLUSTER: {get_param: MysqlClusterUniquePart}
749 neutron_flat_networks: {get_param: NeutronFlatNetworks}
750 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
751 neutron_agent_mode: {get_param: NeutronAgentMode}
752 neutron_router_distributed: {get_param: NeutronDVR}
753 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
754 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
755 neutron_l3_ha: {get_param: NeutronL3HA}
756 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
757 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
758 neutron_public_interface: {get_param: NeutronPublicInterface}
759 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
760 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
761 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
762 neutron_tenant_network_type: {get_param: NeutronNetworkType}
763 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
764 neutron_password: {get_param: NeutronPassword}
765 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
769 - - 'mysql://neutron:unset@'
770 - {get_param: VirtualIP}
771 - '/ovs_neutron?charset=utf8'
772 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
773 ceilometer_password: {get_param: CeilometerPassword}
777 - - 'mysql://ceilometer:unset@'
778 - {get_param: VirtualIP}
780 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
781 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
782 nova_password: {get_param: NovaPassword}
786 - - 'mysql://nova:unset@'
787 - {get_param: VirtualIP}
789 rabbit_username: {get_param: RabbitUserName}
790 rabbit_password: {get_param: RabbitPassword}
791 rabbit_cookie: {get_param: RabbitCookie}
792 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
793 rabbit_client_port: {get_param: RabbitClientPort}
794 ntp_server: {get_param: NtpServer}
795 control_virtual_interface: {get_param: ControlVirtualInterface}
796 public_virtual_interface: {get_param: PublicVirtualInterface}
797 public_virtual_ip: {get_param: PublicVirtualIP}
800 type: OS::Heat::StructuredConfig
802 group: os-apply-config
805 ca_certificate: {get_input: ssl_ca_certificate}
807 cert: {get_input: ssl_certificate}
808 key: {get_input: ssl_key}
809 cacert: {get_input: ssl_ca_certificate}
814 connect_host: {get_input: controller_host}
818 connect_host: {get_input: controller_host}
822 connect_host: {get_input: controller_host}
826 connect_host: {get_input: controller_host}
830 connect_host: {get_input: controller_host}
831 - name: 'swift-proxy'
834 connect_host: {get_input: controller_host}
838 connect_host: {get_input: controller_host}
842 connect_host: {get_input: controller_host}
844 ControllerSSLDeployment:
845 type: OS::Heat::StructuredDeployment
847 config: {get_resource: SSLConfig}
848 server: {get_resource: Controller}
849 signal_transport: NO_SIGNAL
851 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
852 ssl_certificate: {get_param: SSLCertificate}
853 ssl_key: {get_param: SSLKey}
854 ssl_ca_certificate: {get_param: SSLCACertificate}
856 ControllerPassthroughDeployment:
857 type: OS::Heat::StructuredDeployment
859 config: {get_resource: ControllerPassthroughConfig}
860 server: {get_resource: Controller}
861 signal_transport: NO_SIGNAL
863 passthrough_config: {get_param: ExtraConfig}
865 ControllerPassthroughSpecificDeployment:
866 depends_on: [ControllerPassthroughDeployment]
867 type: OS::Heat::StructuredDeployment
869 config: {get_resource: ControllerPassthroughConfigSpecific}
870 server: {get_resource: Controller}
871 signal_transport: NO_SIGNAL
873 passthrough_config_specific: {get_param: ControllerExtraConfig}
876 type: OS::Heat::StructuredConfig
878 group: os-apply-config
881 hash: { get_input: swift_hash_suffix }
882 part-power: { get_input: swift_part_power }
883 mount-check: { get_input: swift_mount_check }
884 min-part-hours: { get_input: swift_min_part_hours }
885 replicas: {get_input: swift_replicas }
886 service-password: { get_input: swift_password }
889 type: OS::Heat::StructuredDeployment
891 server: {get_resource: Controller}
892 config: {get_resource: SwiftConfig}
893 signal_transport: NO_SIGNAL
895 swift_hash_suffix: {get_param: SwiftHashSuffix}
896 swift_mount_check: {get_param: SwiftMountCheck}
897 swift_password: {get_param: SwiftPassword}
898 swift_min_part_hours: {get_param: SwiftMinPartHours}
899 swift_part_power: {get_param: SwiftPartPower}
900 swift_replicas: { get_param: SwiftReplicas}
904 description: IP address of the server in the ctlplane network
905 value: {get_attr: [Controller, networks, ctlplane, 0]}
907 description: Hostname of the server
908 value: {get_attr: [Controller, name]}
911 Node object in the format {ip: ..., name: ...} format that the corosync
914 ip: {get_attr: [Controller, networks, ctlplane, 0]}
915 name: {get_attr: [Controller, name]}
918 Server's IP address and hostname in the /etc/hosts format
921 template: IP HOST HOST.novalocal CLOUDNAME
923 IP: {get_attr: [Controller, networks, ctlplane, 0]}
924 HOST: {get_attr: [Controller, name]}
925 CLOUDNAME: {get_param: CloudName}
926 nova_server_resource:
927 description: Heat resource handle for the Nova compute server
929 {get_resource: Controller}
931 description: Swift device formatted for swift-ring-builder
934 template: 'r1z1-IP:%PORT%/d1'
936 IP: {get_attr: [Controller, networks, ctlplane, 0]}
937 swift_proxy_memcache:
938 description: Swift proxy-memcache value
943 IP: {get_attr: [Controller, networks, ctlplane, 0]}