1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
207 description: Whether to configure Neutron Distributed Virtual Routers
209 NeutronMetadataProxySharedSecret:
211 description: Shared secret to prevent spoofing
213 NeutronMechanismDrivers:
214 default: 'openvswitch'
216 The mechanism drivers for the Neutron tenant network. To specify multiple
217 values, use a comma separated string, like so: 'openvswitch,l2_population'
219 NeutronAllowL3AgentFailover:
221 description: Allow automatic l3-agent failover
225 description: Whether to enable l3-agent HA
227 NeutronEnableTunnelling:
233 description: If set, flat networks to configure in neutron plugins.
236 description: The tenant network type for Neutron, either gre or vxlan.
238 NeutronNetworkVLANRanges:
239 default: 'datacentre'
241 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
242 Neutron documentation for permitted values. Defaults to permitting any
243 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
247 description: The password for the neutron service account, used by neutron agents.
250 NeutronPublicInterface:
252 description: What interface to bridge onto br-ex for network nodes.
254 NeutronPublicInterfaceTag:
257 VLAN tag for creating a public VLAN. The tag will be used to
258 create an access port on the exterior bridge for each control plane node,
259 and that port will be given the IP address returned by neutron from the
260 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
261 overcloud.yaml to include the deployment of VLAN ports to the control
264 NeutronPublicInterfaceDefaultRoute:
266 description: A custom default route for the NeutronPublicInterface.
268 NeutronPublicInterfaceIP:
270 description: A custom IP address to put onto the NeutronPublicInterface.
272 NeutronPublicInterfaceRawDevice:
274 description: If set, the public interface is a vlan with this device as the raw device.
279 The tunnel types for the Neutron tenant network. To specify multiple
280 values, use a comma separated string, like so: 'gre,vxlan'
284 description: The password for the nova service account, used by nova-api.
290 PublicVirtualInterface:
293 Specifies the interface where the public-facing virtual ip will be assigned.
294 This should be int_public when a VLAN is being used.
298 default: '' # Has to be here because of the ignored empty value bug
301 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
322 SnmpdReadonlyUserName:
323 default: ro_snmp_user
324 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
326 SnmpdReadonlyUserPassword:
328 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
333 description: If set, the contents of an SSL certificate authority file.
337 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
342 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
347 description: A random string to be used as a salt when hashing to determine mappings
353 description: Value of mount_check in Swift account/container/object -server.conf
358 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
361 description: Partition Power to use when building Swift rings
365 description: The password for the swift service account, used by the swift proxy
372 description: How many replicas to use in the swift rings.
375 default: '' # Has to be here because of the ignored empty value bug
381 type: OS::Nova::Server
383 image: {get_param: Image}
384 image_update_policy: {get_param: ImageUpdatePolicy}
385 flavor: {get_param: Flavor}
386 key_name: {get_param: KeyName}
389 user_data_format: SOFTWARE_CONFIG
392 type: OS::TripleO::Net::SoftwareConfig
395 type: OS::TripleO::SoftwareDeployment
397 signal_transport: NO_SIGNAL
398 config: {get_attr: [NetworkConfig, config_id]}
399 server: {get_resource: Controller}
402 interface_name: {get_param: NeutronPublicInterface}
404 ControllerPassthroughConfig:
405 type: OS::Heat::StructuredConfig
407 group: os-apply-config
408 config: {get_input: passthrough_config}
410 ControllerPassthroughConfigSpecific:
411 type: OS::Heat::StructuredConfig
413 group: os-apply-config
414 config: {get_input: passthrough_config_specific}
417 type: OS::Heat::StructuredConfig
419 group: os-apply-config
421 admin-password: {get_input: admin_password}
422 admin-token: {get_input: admin_token}
424 public_interface_ip: {get_input: neutron_public_interface_ip}
426 nodeid: {get_input: bootstack_nodeid}
428 db: {get_input: cinder_dsn}
429 debug: {get_input: debug}
430 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
431 service-password: {get_input: cinder_password}
432 iscsi-helper: {get_input: CinderISCSIHelper}
433 controller-address: {get_input: controller_host}
435 bindnetaddr: {get_input: controller_host}
438 stonith_enabled : false
440 quorum_policy : ignore
444 host: {get_input: controller_virtual_ip}
446 db: {get_input: glance_dsn}
447 debug: {get_input: debug}
448 host: {get_input: controller_virtual_ip}
449 port: {get_input: glance_port}
450 protocol: {get_input: glance_protocol}
451 service-password: {get_input: glance_password}
452 swift-store-user: service:glance
453 swift-store-key: {get_input: glance_password}
454 notifier-strategy: {get_input: glance_notifier_strategy}
455 log-file: {get_input: glance_log_file}
457 admin_password: {get_input: heat_password}
458 admin_tenant_name: service
460 auth_encryption_key: unset___________
461 db: {get_input: heat_dsn}
462 debug: {get_input: debug}
463 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
464 watch_server_url: {get_input: heat.watch_server_url}
465 metadata_server_url: {get_input: heat.metadata_server_url}
466 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
468 db: {get_input: keystone_dsn}
469 debug: {get_input: debug}
470 host: {get_input: controller_virtual_ip}
471 ca_certificate: {get_input: keystone_ca_certificate}
472 signing_key: {get_input: keystone_signing_key}
473 signing_certificate: {get_input: keystone_signing_certificate}
475 certificate: {get_input: keystone_ssl_certificate}
476 certificate_key: {get_input: keystone_ssl_certificate_key}
478 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
480 root-password: {get_input: mysql_root_password}
481 cluster_name: {get_input: mysql_cluster_name}
483 debug: {get_input: debug}
484 flat-networks: {get_input: neutron_flat_networks}
485 host: {get_input: controller_virtual_ip}
486 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
487 agent_mode: {get_input: neutron_agent_mode}
488 router_distributed: {get_input: neutron_router_distributed}
489 mechanism_drivers: {get_input: neutron_mechanism_drivers}
490 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
491 l3_ha: {get_input: neutron_l3_ha}
493 enable_tunneling: {get_input: neutron_enable_tunneling}
494 local_ip: {get_input: controller_host}
495 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
496 bridge_mappings: {get_input: neutron_bridge_mappings}
497 public_interface: {get_input: neutron_public_interface}
498 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
499 public_interface_route: {get_input: neutron_public_interface_default_route}
500 public_interface_tag: {get_input: neutron_public_interface_tag}
501 physical_bridge: br-ex
502 tenant_network_type: {get_input: neutron_tenant_network_type}
503 tunnel_types: {get_input: neutron_tunnel_types}
504 ovs_db: {get_input: neutron_dsn}
505 service-password: {get_input: neutron_password}
506 dnsmasq-options: {get_input: neutron_dnsmasq_options}
508 db: {get_input: ceilometer_dsn}
509 debug: {get_input: debug}
510 metering_secret: {get_input: ceilometer_metering_secret}
511 service-password: {get_input: ceilometer_password}
513 export_MIB: UCD-SNMP-MIB
514 readonly_user_name: {get_input: snmpd_readonly_user_name}
515 readonly_user_password: {get_input: snmpd_readonly_user_password}
517 compute_driver: libvirt.LibvirtDriver
518 db: {get_input: nova_dsn}
519 default_floating_pool:
521 host: {get_input: controller_virtual_ip}
523 service-password: {get_input: nova_password}
525 host: {get_input: controller_virtual_ip}
526 username: {get_input: rabbit_username}
527 password: {get_input: rabbit_password}
528 cookie: {get_input: rabbit_cookie}
529 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
530 rabbit_port: {get_input: rabbit_client_port}
533 - {server: {get_input: ntp_server}}
536 - vrrp_instance_name: VI_CONTROL
537 virtual_router_id: 51
538 keepalive_interface: {get_input: control_virtual_interface}
541 - ip: {get_input: controller_virtual_ip}
542 interface: {get_input: control_virtual_interface}
543 - vrrp_instance_name: VI_PUBLIC
544 virtual_router_id: 52
545 keepalive_interface: {get_input: public_virtual_interface}
548 - ip: {get_input: public_virtual_ip}
549 interface: {get_input: public_virtual_interface}
556 keepalive_interface: {get_input: public_virtual_interface}
560 ip: {get_input: controller_virtual_ip}
561 interface: {get_input: control_virtual_interface}
563 ip: {get_input: public_virtual_ip}
564 interface: {get_input: public_virtual_interface}
567 - ip: {get_input: controller_virtual_ip}
569 - option httpchk GET /
571 - name: keystone_admin
573 net_binds: &public_binds
574 - ip: {get_input: controller_virtual_ip}
575 - ip: {get_input: public_virtual_ip}
576 - name: keystone_public
578 net_binds: *public_binds
581 net_binds: *public_binds
584 net_binds: *public_binds
587 net_binds: *public_binds
590 net_binds: *public_binds
591 - name: glance_registry
593 net_binds: *public_binds
594 options: # overwrite options as glace_reg needs auth for http req
597 net_binds: *public_binds
598 - name: heat_cloudwatch
600 net_binds: *public_binds
603 net_binds: *public_binds
615 net_binds: *public_binds
616 - name: nova_metadata
618 net_binds: *public_binds
619 - name: nova_novncproxy
621 net_binds: *public_binds
624 net_binds: *public_binds
625 options: # overwrite options as ceil needs auth for http req
626 - name: swift_proxy_server
628 net_binds: *public_binds
630 - option httpchk GET /info
638 ControllerDeployment:
639 type: OS::TripleO::SoftwareDeployment
641 signal_transport: NO_SIGNAL
642 config: {get_resource: ControllerConfig}
643 server: {get_resource: Controller}
645 bootstack_nodeid: {get_attr: [Controller, name]}
646 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
647 controller_virtual_ip: {get_param: VirtualIP}
648 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
649 heat.watch_server_url:
653 - {get_param: VirtualIP}
655 heat.metadata_server_url:
659 - {get_param: VirtualIP}
661 heat.waitcondition_server_url:
665 - {get_param: VirtualIP}
666 - ':8000/v1/waitcondition'
667 admin_password: {get_param: AdminPassword}
668 admin_token: {get_param: AdminToken}
669 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
670 debug: {get_param: Debug}
671 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
672 cinder_password: {get_param: CinderPassword}
673 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
677 - - 'mysql://cinder:unset@'
678 - {get_param: VirtualIP}
680 glance_port: {get_param: GlancePort}
681 glance_protocol: {get_param: GlanceProtocol}
682 glance_password: {get_param: GlancePassword}
683 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
684 glance_log_file: {get_param: GlanceLogFile}
688 - - 'mysql://glance:unset@'
689 - {get_param: VirtualIP}
691 heat_password: {get_param: HeatPassword}
692 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
696 - - 'mysql://heat:unset@'
697 - {get_param: VirtualIP}
699 keystone_ca_certificate: {get_param: KeystoneCACertificate}
700 keystone_signing_key: {get_param: KeystoneSigningKey}
701 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
702 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
703 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
707 - - 'mysql://keystone:unset@'
708 - {get_param: VirtualIP}
710 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
711 mysql_root_password: {get_param: MysqlRootPassword}
714 template: tripleo-CLUSTER
716 CLUSTER: {get_param: MysqlClusterUniquePart}
717 neutron_flat_networks: {get_param: NeutronFlatNetworks}
718 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
719 neutron_agent_mode: {get_param: NeutronAgentMode}
720 neutron_router_distributed: {get_param: NeutronDVR}
721 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
722 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
723 neutron_l3_ha: {get_param: NeutronL3HA}
724 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
725 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
726 neutron_public_interface: {get_param: NeutronPublicInterface}
727 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
728 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
729 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
730 neutron_tenant_network_type: {get_param: NeutronNetworkType}
731 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
732 neutron_password: {get_param: NeutronPassword}
733 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
737 - - 'mysql://neutron:unset@'
738 - {get_param: VirtualIP}
739 - '/ovs_neutron?charset=utf8'
740 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
741 ceilometer_password: {get_param: CeilometerPassword}
745 - - 'mysql://ceilometer:unset@'
746 - {get_param: VirtualIP}
748 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
749 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
750 nova_password: {get_param: NovaPassword}
754 - - 'mysql://nova:unset@'
755 - {get_param: VirtualIP}
757 rabbit_username: {get_param: RabbitUserName}
758 rabbit_password: {get_param: RabbitPassword}
759 rabbit_cookie: {get_param: RabbitCookie}
760 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
761 rabbit_client_port: {get_param: RabbitClientPort}
762 ntp_server: {get_param: NtpServer}
763 control_virtual_interface: {get_param: ControlVirtualInterface}
764 public_virtual_interface: {get_param: PublicVirtualInterface}
765 public_virtual_ip: {get_param: PublicVirtualIP}
768 type: OS::Heat::StructuredConfig
770 group: os-apply-config
773 ca_certificate: {get_input: ssl_ca_certificate}
775 cert: {get_input: ssl_certificate}
776 key: {get_input: ssl_key}
777 cacert: {get_input: ssl_ca_certificate}
782 connect_host: {get_input: controller_host}
786 connect_host: {get_input: controller_host}
790 connect_host: {get_input: controller_host}
794 connect_host: {get_input: controller_host}
798 connect_host: {get_input: controller_host}
799 - name: 'swift-proxy'
802 connect_host: {get_input: controller_host}
806 connect_host: {get_input: controller_host}
810 connect_host: {get_input: controller_host}
812 ControllerSSLDeployment:
813 type: OS::Heat::StructuredDeployment
815 config: {get_resource: SSLConfig}
816 server: {get_resource: Controller}
817 signal_transport: NO_SIGNAL
819 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
820 ssl_certificate: {get_param: SSLCertificate}
821 ssl_key: {get_param: SSLKey}
822 ssl_ca_certificate: {get_param: SSLCACertificate}
824 ControllerPassthroughDeployment:
825 type: OS::Heat::StructuredDeployment
827 config: {get_resource: ControllerPassthroughConfig}
828 server: {get_resource: Controller}
829 signal_transport: NO_SIGNAL
831 passthrough_config: {get_param: ExtraConfig}
833 ControllerPassthroughSpecificDeployment:
834 depends_on: [ControllerPassthroughDeployment]
835 type: OS::Heat::StructuredDeployment
837 config: {get_resource: ControllerPassthroughConfigSpecific}
838 server: {get_resource: Controller}
839 signal_transport: NO_SIGNAL
841 passthrough_config_specific: {get_param: ControllerExtraConfig}
844 type: OS::Heat::StructuredConfig
846 group: os-apply-config
849 hash: { get_input: swift_hash_suffix }
850 part-power: { get_input: swift_part_power }
851 mount-check: { get_input: swift_mount_check }
852 min-part-hours: { get_input: swift_min_part_hours }
853 replicas: {get_input: swift_replicas }
854 service-password: { get_input: swift_password }
857 type: OS::Heat::StructuredDeployment
859 server: {get_resource: Controller}
860 config: {get_resource: SwiftConfig}
861 signal_transport: NO_SIGNAL
863 swift_hash_suffix: {get_param: SwiftHashSuffix}
864 swift_mount_check: {get_param: SwiftMountCheck}
865 swift_password: {get_param: SwiftPassword}
866 swift_min_part_hours: {get_param: SwiftMinPartHours}
867 swift_part_power: {get_param: SwiftPartPower}
868 swift_replicas: { get_param: SwiftReplicas}
872 description: IP address of the server in the ctlplane network
873 value: {get_attr: [Controller, networks, ctlplane, 0]}
875 description: Hostname of the server
876 value: {get_attr: [Controller, name]}
879 Node object in the format {ip: ..., name: ...} format that the corosync
882 ip: {get_attr: [Controller, networks, ctlplane, 0]}
883 name: {get_attr: [Controller, name]}
886 Server's IP address and hostname in the /etc/hosts format
889 template: IP HOST HOST.novalocal CLOUDNAME
891 IP: {get_attr: [Controller, networks, ctlplane, 0]}
892 HOST: {get_attr: [Controller, name]}
893 CLOUDNAME: {get_param: CloudName}
894 nova_server_resource:
895 description: Heat resource handle for the Nova compute server
897 {get_resource: Controller}
899 description: Swift device formatted for swift-ring-builder
902 template: 'r1z1-IP:%PORT%/d1'
904 IP: {get_attr: [Controller, networks, ctlplane, 0]}
905 swift_proxy_memcache:
906 description: Swift proxy-memcache value
911 IP: {get_attr: [Controller, networks, ctlplane, 0]}