1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
31 CinderEnableIscsiBackend:
33 description: Whether to enable or not the Iscsi backend for Cinder
35 CinderEnableRbdBackend:
37 description: Whether to enable or not the Rbd backend for Cinder
41 description: The iSCSI helper to use with cinder.
43 CinderLVMLoopDeviceSize:
45 description: The size of the loopback file used by the cinder LVM driver.
49 description: The password for the cinder service account, used by cinder-api.
54 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
56 ControllerExtraConfig:
59 Controller specific configuration to inject into the cluster. Same
60 structure as ExtraConfig.
62 ControlVirtualInterface:
64 description: Interface where virtual ip will be assigned.
68 description: Set to True to enable debugging on all services.
72 description: Whether to use Galera instead of regular MariaDB.
76 description: If enabled services will be monitored by Pacemaker; it
77 will manage VIPs as well, in place of Keepalived.
81 description: Whether to deploy Ceph Storage (OSD) on the Controller
85 description: Whether to enable Swift Storage on the Controller
90 Additional configuration to inject into the cluster. The JSON should have
91 the following structure:
94 [{"section": "SECTIONNAME",
96 [{"option": "OPTIONNAME",
107 [{"section": "default",
109 [{"option": "compute_manager",
110 "value": "ironic.nova.compute.manager.ClusterComputeManager"
116 [{"option": "driver",
117 "value": "nova.cells.rpc_driver.CellsRPCDriver"
126 description: Flavor for control nodes to request when deploying.
129 - custom_constraint: nova.flavor
130 GlanceNotifierStrategy:
131 description: Strategy to use for Glance notification queue
135 description: The filepath of the file to use for logging messages from Glance.
140 description: The password for the glance service account, used by the glance services.
145 description: Glance port.
149 description: Protocol to use when connecting to glance, set to https for SSL.
153 description: The password for the Heat service account, used by the Heat services.
156 HeatStackDomainAdminPassword:
157 description: Password for heat_domain_admin user.
161 HeatAuthEncryptionKey:
162 description: Auth encryption key for heat-engine
166 default: overcloud-control
168 - custom_constraint: glance.image
170 default: 'REBUILD_PRESERVE_EPHEMERAL'
171 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
175 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
178 - custom_constraint: nova.keypair
179 KeystoneCACertificate:
181 description: Keystone self-signed certificate authority certificate.
183 KeystoneSigningCertificate:
185 description: Keystone certificate for verifying token validity.
189 description: Keystone key for signing tokens.
192 KeystoneSSLCertificate:
194 description: Keystone certificate for verifying token validity.
196 KeystoneSSLCertificateKey:
198 description: Keystone key for signing tokens.
201 MysqlClusterUniquePart:
202 description: A unique identifier of the MySQL cluster the controller is in.
204 default: 'unset' # Has to be here because of the ignored empty value bug
205 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
207 # - length: {min: 4, max: 10}
208 MysqlInnodbBufferPoolSize:
210 Specifies the size of the buffer pool in megabytes. Setting to
211 zero should be interpreted as "no value" and will defer to the
218 default: '' # Has to be here because of the ignored empty value bug
219 NeutronBridgeMappings:
221 The OVS logical->physical bridge mappings to use. See the Neutron
222 documentation for details. Defaults to mapping br-ex - the external
223 bridge on hosts - to a physical name 'datacentre' which can be used
224 to create provider networks (and we use this for the default floating
225 network) - if changing this either use different post-install network
226 scripts or be sure to keep 'datacentre' as a mapping network name.
228 default: "datacentre:br-ex"
229 NeutronDnsmasqOptions:
230 default: 'dhcp-option-force=26,1400'
231 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
235 description: Agent mode for the neutron-l3-agent on the controller hosts
239 description: Whether to configure Neutron Distributed Virtual Routers
241 NeutronMetadataProxySharedSecret:
243 description: Shared secret to prevent spoofing
245 NeutronMechanismDrivers:
246 default: 'openvswitch'
248 The mechanism drivers for the Neutron tenant network. To specify multiple
249 values, use a comma separated string, like so: 'openvswitch,l2_population'
251 NeutronAllowL3AgentFailover:
253 description: Allow automatic l3-agent failover
257 description: Whether to enable l3-agent HA
259 NeutronEnableTunnelling:
264 default: 'datacentre'
265 description: If set, flat networks to configure in neutron plugins.
268 description: The tenant network type for Neutron, either gre or vxlan.
270 NeutronNetworkVLANRanges:
271 default: 'datacentre'
273 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
274 Neutron documentation for permitted values. Defaults to permitting any
275 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
279 description: The password for the neutron service account, used by neutron agents.
282 NeutronPublicInterface:
284 description: What interface to bridge onto br-ex for network nodes.
286 NeutronPublicInterfaceTag:
289 VLAN tag for creating a public VLAN. The tag will be used to
290 create an access port on the exterior bridge for each control plane node,
291 and that port will be given the IP address returned by neutron from the
292 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
293 overcloud.yaml to include the deployment of VLAN ports to the control
296 NeutronPublicInterfaceDefaultRoute:
298 description: A custom default route for the NeutronPublicInterface.
300 NeutronPublicInterfaceIP:
302 description: A custom IP address to put onto the NeutronPublicInterface.
304 NeutronPublicInterfaceRawDevice:
306 description: If set, the public interface is a vlan with this device as the raw device.
311 The tunnel types for the Neutron tenant network. To specify multiple
312 values, use a comma separated string, like so: 'gre,vxlan'
316 description: The password for the nova service account, used by nova-api.
324 description: The password for the 'pcsd' user.
325 PublicVirtualInterface:
328 Specifies the interface where the public-facing virtual ip will be assigned.
329 This should be int_public when a VLAN is being used.
333 default: '' # Has to be here because of the ignored empty value bug
336 default: '' # Has to be here because of the ignored empty value bug
340 description: The password for RabbitMQ
345 description: The username for RabbitMQ
350 Rabbit client subscriber parameter to specify
351 an SSL connection to the RabbitMQ host.
355 description: Set rabbit subscriber port, change this if using SSL
357 SnmpdReadonlyUserName:
358 default: ro_snmp_user
359 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
361 SnmpdReadonlyUserPassword:
363 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
368 description: If set, the contents of an SSL certificate authority file.
372 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
377 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
382 description: A random string to be used as a salt when hashing to determine mappings
388 description: Value of mount_check in Swift account/container/object -server.conf
393 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
396 description: Partition Power to use when building Swift rings
400 description: The password for the swift service account, used by the swift proxy
407 description: How many replicas to use in the swift rings.
410 default: '' # Has to be here because of the ignored empty value bug
416 type: OS::Nova::Server
418 image: {get_param: Image}
419 image_update_policy: {get_param: ImageUpdatePolicy}
420 flavor: {get_param: Flavor}
421 key_name: {get_param: KeyName}
424 user_data_format: SOFTWARE_CONFIG
425 user_data: {get_resource: NodeUserData}
428 type: OS::TripleO::NodeUserData
431 type: OS::TripleO::Controller::Net::SoftwareConfig
434 type: OS::TripleO::SoftwareDeployment
436 signal_transport: NO_SIGNAL
437 config: {get_attr: [NetworkConfig, config_id]}
438 server: {get_resource: Controller}
441 interface_name: {get_param: NeutronPublicInterface}
443 ControllerPassthroughConfig:
444 type: OS::Heat::StructuredConfig
446 group: os-apply-config
447 config: {get_input: passthrough_config}
449 ControllerPassthroughConfigSpecific:
450 type: OS::Heat::StructuredConfig
452 group: os-apply-config
453 config: {get_input: passthrough_config_specific}
456 type: OS::Heat::StructuredConfig
458 group: os-apply-config
460 admin-password: {get_input: admin_password}
461 admin-token: {get_input: admin_token}
463 public_interface_ip: {get_input: neutron_public_interface_ip}
465 nodeid: {get_input: bootstack_nodeid}
467 db: {get_input: cinder_dsn}
468 debug: {get_input: debug}
469 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
470 service-password: {get_input: cinder_password}
471 iscsi-helper: {get_input: CinderISCSIHelper}
472 controller-address: {get_input: controller_host}
474 bindnetaddr: {get_input: controller_host}
477 stonith_enabled : false
479 quorum_policy : ignore
483 host: {get_input: controller_virtual_ip}
485 db: {get_input: glance_dsn}
486 debug: {get_input: debug}
487 host: {get_input: controller_virtual_ip}
488 port: {get_input: glance_port}
489 protocol: {get_input: glance_protocol}
490 service-password: {get_input: glance_password}
491 swift-store-user: service:glance
492 swift-store-key: {get_input: glance_password}
493 notifier-strategy: {get_input: glance_notifier_strategy}
494 log-file: {get_input: glance_log_file}
496 admin_password: {get_input: heat_password}
497 admin_tenant_name: service
499 auth_encryption_key: {get_input: heat_auth_encryption_key}
500 db: {get_input: heat_dsn}
501 debug: {get_input: debug}
502 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
503 watch_server_url: {get_input: heat.watch_server_url}
504 metadata_server_url: {get_input: heat.metadata_server_url}
505 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
507 db: {get_input: keystone_dsn}
508 debug: {get_input: debug}
509 host: {get_input: controller_virtual_ip}
510 ca_certificate: {get_input: keystone_ca_certificate}
511 signing_key: {get_input: keystone_signing_key}
512 signing_certificate: {get_input: keystone_signing_certificate}
514 certificate: {get_input: keystone_ssl_certificate}
515 certificate_key: {get_input: keystone_ssl_certificate_key}
517 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
519 root-password: {get_input: mysql_root_password}
520 cluster_name: {get_input: mysql_cluster_name}
522 debug: {get_input: debug}
523 flat-networks: {get_input: neutron_flat_networks}
524 host: {get_input: controller_virtual_ip}
525 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
526 agent_mode: {get_input: neutron_agent_mode}
527 router_distributed: {get_input: neutron_router_distributed}
528 mechanism_drivers: {get_input: neutron_mechanism_drivers}
529 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
530 l3_ha: {get_input: neutron_l3_ha}
532 enable_tunneling: {get_input: neutron_enable_tunneling}
533 local_ip: {get_input: controller_host}
534 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
535 bridge_mappings: {get_input: neutron_bridge_mappings}
536 public_interface: {get_input: neutron_public_interface}
537 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
538 public_interface_route: {get_input: neutron_public_interface_default_route}
539 public_interface_tag: {get_input: neutron_public_interface_tag}
540 physical_bridge: br-ex
541 tenant_network_type: {get_input: neutron_tenant_network_type}
542 tunnel_types: {get_input: neutron_tunnel_types}
543 ovs_db: {get_input: neutron_dsn}
544 service-password: {get_input: neutron_password}
545 dnsmasq-options: {get_input: neutron_dnsmasq_options}
547 db: {get_input: ceilometer_dsn}
548 debug: {get_input: debug}
549 metering_secret: {get_input: ceilometer_metering_secret}
550 service-password: {get_input: ceilometer_password}
552 export_MIB: UCD-SNMP-MIB
553 readonly_user_name: {get_input: snmpd_readonly_user_name}
554 readonly_user_password: {get_input: snmpd_readonly_user_password}
556 compute_driver: libvirt.LibvirtDriver
557 db: {get_input: nova_dsn}
558 default_floating_pool:
560 host: {get_input: controller_virtual_ip}
562 service-password: {get_input: nova_password}
564 host: {get_input: controller_virtual_ip}
565 username: {get_input: rabbit_username}
566 password: {get_input: rabbit_password}
567 cookie: {get_input: rabbit_cookie}
568 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
569 rabbit_port: {get_input: rabbit_client_port}
572 - {server: {get_input: ntp_server}}
575 - vrrp_instance_name: VI_CONTROL
576 virtual_router_id: 51
577 keepalive_interface: {get_input: control_virtual_interface}
580 - ip: {get_input: controller_virtual_ip}
581 interface: {get_input: control_virtual_interface}
582 - vrrp_instance_name: VI_PUBLIC
583 virtual_router_id: 52
584 keepalive_interface: {get_input: public_virtual_interface}
587 - ip: {get_input: public_virtual_ip}
588 interface: {get_input: public_virtual_interface}
595 keepalive_interface: {get_input: public_virtual_interface}
599 ip: {get_input: controller_virtual_ip}
600 interface: {get_input: control_virtual_interface}
602 ip: {get_input: public_virtual_ip}
603 interface: {get_input: public_virtual_interface}
606 - ip: {get_input: controller_virtual_ip}
608 - option httpchk GET /
610 - name: keystone_admin
612 net_binds: &public_binds
613 - ip: {get_input: controller_virtual_ip}
614 - ip: {get_input: public_virtual_ip}
615 - name: keystone_public
617 net_binds: *public_binds
620 net_binds: *public_binds
623 net_binds: *public_binds
626 net_binds: *public_binds
629 net_binds: *public_binds
630 - name: glance_registry
632 net_binds: *public_binds
633 options: # overwrite options as glace_reg needs auth for http req
636 net_binds: *public_binds
637 - name: heat_cloudwatch
639 net_binds: *public_binds
642 net_binds: *public_binds
654 net_binds: *public_binds
655 - name: nova_metadata
657 net_binds: *public_binds
658 - name: nova_novncproxy
660 net_binds: *public_binds
663 net_binds: *public_binds
664 options: # overwrite options as ceil needs auth for http req
665 - name: swift_proxy_server
667 net_binds: *public_binds
669 - option httpchk GET /info
677 ControllerDeployment:
678 type: OS::TripleO::SoftwareDeployment
680 signal_transport: NO_SIGNAL
681 config: {get_resource: ControllerConfig}
682 server: {get_resource: Controller}
684 bootstack_nodeid: {get_attr: [Controller, name]}
685 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
686 controller_virtual_ip: {get_param: VirtualIP}
687 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
688 heat.watch_server_url:
692 - {get_param: VirtualIP}
694 heat.metadata_server_url:
698 - {get_param: VirtualIP}
700 heat.waitcondition_server_url:
704 - {get_param: VirtualIP}
705 - ':8000/v1/waitcondition'
706 admin_password: {get_param: AdminPassword}
707 admin_token: {get_param: AdminToken}
708 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
709 debug: {get_param: Debug}
710 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
711 cinder_password: {get_param: CinderPassword}
712 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
716 - - 'mysql://cinder:unset@'
717 - {get_param: VirtualIP}
719 glance_port: {get_param: GlancePort}
720 glance_protocol: {get_param: GlanceProtocol}
721 glance_password: {get_param: GlancePassword}
722 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
723 glance_log_file: {get_param: GlanceLogFile}
727 - - 'mysql://glance:unset@'
728 - {get_param: VirtualIP}
730 heat_password: {get_param: HeatPassword}
731 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
732 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
736 - - 'mysql://heat:unset@'
737 - {get_param: VirtualIP}
739 keystone_ca_certificate: {get_param: KeystoneCACertificate}
740 keystone_signing_key: {get_param: KeystoneSigningKey}
741 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
742 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
743 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
747 - - 'mysql://keystone:unset@'
748 - {get_param: VirtualIP}
750 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
751 mysql_root_password: {get_param: MysqlRootPassword}
754 template: tripleo-CLUSTER
756 CLUSTER: {get_param: MysqlClusterUniquePart}
757 neutron_flat_networks: {get_param: NeutronFlatNetworks}
758 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
759 neutron_agent_mode: {get_param: NeutronAgentMode}
760 neutron_router_distributed: {get_param: NeutronDVR}
761 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
762 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
763 neutron_l3_ha: {get_param: NeutronL3HA}
764 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
765 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
766 neutron_public_interface: {get_param: NeutronPublicInterface}
767 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
768 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
769 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
770 neutron_tenant_network_type: {get_param: NeutronNetworkType}
771 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
772 neutron_password: {get_param: NeutronPassword}
773 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
777 - - 'mysql://neutron:unset@'
778 - {get_param: VirtualIP}
779 - '/ovs_neutron?charset=utf8'
780 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
781 ceilometer_password: {get_param: CeilometerPassword}
785 - - 'mysql://ceilometer:unset@'
786 - {get_param: VirtualIP}
788 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
789 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
790 nova_password: {get_param: NovaPassword}
794 - - 'mysql://nova:unset@'
795 - {get_param: VirtualIP}
797 rabbit_username: {get_param: RabbitUserName}
798 rabbit_password: {get_param: RabbitPassword}
799 rabbit_cookie: {get_param: RabbitCookie}
800 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
801 rabbit_client_port: {get_param: RabbitClientPort}
802 ntp_server: {get_param: NtpServer}
803 control_virtual_interface: {get_param: ControlVirtualInterface}
804 public_virtual_interface: {get_param: PublicVirtualInterface}
805 public_virtual_ip: {get_param: PublicVirtualIP}
808 type: OS::Heat::StructuredConfig
810 group: os-apply-config
813 ca_certificate: {get_input: ssl_ca_certificate}
815 cert: {get_input: ssl_certificate}
816 key: {get_input: ssl_key}
817 cacert: {get_input: ssl_ca_certificate}
822 connect_host: {get_input: controller_host}
826 connect_host: {get_input: controller_host}
830 connect_host: {get_input: controller_host}
834 connect_host: {get_input: controller_host}
838 connect_host: {get_input: controller_host}
839 - name: 'swift-proxy'
842 connect_host: {get_input: controller_host}
846 connect_host: {get_input: controller_host}
850 connect_host: {get_input: controller_host}
852 ControllerSSLDeployment:
853 type: OS::Heat::StructuredDeployment
855 config: {get_resource: SSLConfig}
856 server: {get_resource: Controller}
857 signal_transport: NO_SIGNAL
859 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
860 ssl_certificate: {get_param: SSLCertificate}
861 ssl_key: {get_param: SSLKey}
862 ssl_ca_certificate: {get_param: SSLCACertificate}
864 ControllerPassthroughDeployment:
865 type: OS::Heat::StructuredDeployment
867 config: {get_resource: ControllerPassthroughConfig}
868 server: {get_resource: Controller}
869 signal_transport: NO_SIGNAL
871 passthrough_config: {get_param: ExtraConfig}
873 ControllerPassthroughSpecificDeployment:
874 depends_on: [ControllerPassthroughDeployment]
875 type: OS::Heat::StructuredDeployment
877 config: {get_resource: ControllerPassthroughConfigSpecific}
878 server: {get_resource: Controller}
879 signal_transport: NO_SIGNAL
881 passthrough_config_specific: {get_param: ControllerExtraConfig}
884 type: OS::Heat::StructuredConfig
886 group: os-apply-config
889 hash: { get_input: swift_hash_suffix }
890 part-power: { get_input: swift_part_power }
891 mount-check: { get_input: swift_mount_check }
892 min-part-hours: { get_input: swift_min_part_hours }
893 replicas: {get_input: swift_replicas }
894 service-password: { get_input: swift_password }
897 type: OS::Heat::StructuredDeployment
899 server: {get_resource: Controller}
900 config: {get_resource: SwiftConfig}
901 signal_transport: NO_SIGNAL
903 swift_hash_suffix: {get_param: SwiftHashSuffix}
904 swift_mount_check: {get_param: SwiftMountCheck}
905 swift_password: {get_param: SwiftPassword}
906 swift_min_part_hours: {get_param: SwiftMinPartHours}
907 swift_part_power: {get_param: SwiftPartPower}
908 swift_replicas: { get_param: SwiftReplicas}
912 description: IP address of the server in the ctlplane network
913 value: {get_attr: [Controller, networks, ctlplane, 0]}
915 description: Hostname of the server
916 value: {get_attr: [Controller, name]}
919 Node object in the format {ip: ..., name: ...} format that the corosync
922 ip: {get_attr: [Controller, networks, ctlplane, 0]}
923 name: {get_attr: [Controller, name]}
926 Server's IP address and hostname in the /etc/hosts format
929 template: IP HOST HOST.novalocal CLOUDNAME
931 IP: {get_attr: [Controller, networks, ctlplane, 0]}
932 HOST: {get_attr: [Controller, name]}
933 CLOUDNAME: {get_param: CloudName}
934 nova_server_resource:
935 description: Heat resource handle for the Nova compute server
937 {get_resource: Controller}
939 description: Swift device formatted for swift-ring-builder
942 template: 'r1z1-IP:%PORT%/d1'
944 IP: {get_attr: [Controller, networks, ctlplane, 0]}
945 swift_proxy_memcache:
946 description: Swift proxy-memcache value
951 IP: {get_attr: [Controller, networks, ctlplane, 0]}