1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
31 CinderEnableRbdBackend:
33 description: Whether to enable or not the Rbd backend for Cinder
37 description: The iSCSI helper to use with cinder.
39 CinderLVMLoopDeviceSize:
41 description: The size of the loopback file used by the cinder LVM driver.
45 description: The password for the cinder service account, used by cinder-api.
50 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
52 ControllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
58 ControlVirtualInterface:
60 description: Interface where virtual ip will be assigned.
63 description: Auth encryption key for corosync
67 description: Set to True to enable debugging on all services.
71 description: Whether to use Galera instead of regular MariaDB.
76 Additional configuration to inject into the cluster. The JSON should have
77 the following structure:
80 [{"section": "SECTIONNAME",
82 [{"option": "OPTIONNAME",
93 [{"section": "default",
95 [{"option": "compute_manager",
96 "value": "ironic.nova.compute.manager.ClusterComputeManager"
102 [{"option": "driver",
103 "value": "nova.cells.rpc_driver.CellsRPCDriver"
112 description: Flavor for control nodes to request when deploying.
115 - custom_constraint: nova.flavor
116 GlanceNotifierStrategy:
117 description: Strategy to use for Glance notification queue
121 description: The filepath of the file to use for logging messages from Glance.
126 description: The password for the glance service account, used by the glance services.
131 description: Glance port.
135 description: Protocol to use when connecting to glance, set to https for SSL.
139 description: The password for the Heat service account, used by the Heat services.
142 HeatStackDomainAdminPassword:
143 description: Password for heat_domain_admin user.
147 HeatAuthEncryptionKey:
148 description: Auth encryption key for heat-engine
152 default: overcloud-control
154 - custom_constraint: glance.image
156 default: 'REBUILD_PRESERVE_EPHEMERAL'
157 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
161 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
164 - custom_constraint: nova.keypair
165 KeystoneCACertificate:
167 description: Keystone self-signed certificate authority certificate.
169 KeystoneSigningCertificate:
171 description: Keystone certificate for verifying token validity.
175 description: Keystone key for signing tokens.
178 KeystoneSSLCertificate:
180 description: Keystone certificate for verifying token validity.
182 KeystoneSSLCertificateKey:
184 description: Keystone key for signing tokens.
187 MysqlClusterUniquePart:
188 description: A unique identifier of the MySQL cluster the controller is in.
190 default: 'unset' # Has to be here because of the ignored empty value bug
191 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
193 # - length: {min: 4, max: 10}
194 MysqlInnodbBufferPoolSize:
196 Specifies the size of the buffer pool in megabytes. Setting to
197 zero should be interpreted as "no value" and will defer to the
204 default: '' # Has to be here because of the ignored empty value bug
205 NeutronBridgeMappings:
207 The OVS logical->physical bridge mappings to use. See the Neutron
208 documentation for details. Defaults to mapping br-ex - the external
209 bridge on hosts - to a physical name 'datacentre' which can be used
210 to create provider networks (and we use this for the default floating
211 network) - if changing this either use different post-install network
212 scripts or be sure to keep 'datacentre' as a mapping network name.
215 NeutronDnsmasqOptions:
216 default: 'dhcp-option-force=26,1400'
217 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
221 description: Agent mode for the neutron-l3-agent on the controller hosts
225 description: Whether to configure Neutron Distributed Virtual Routers
227 NeutronMetadataProxySharedSecret:
229 description: Shared secret to prevent spoofing
231 NeutronMechanismDrivers:
232 default: 'openvswitch'
234 The mechanism drivers for the Neutron tenant network. To specify multiple
235 values, use a comma separated string, like so: 'openvswitch,l2_population'
237 NeutronAllowL3AgentFailover:
239 description: Allow automatic l3-agent failover
243 description: Whether to enable l3-agent HA
245 NeutronEnableTunnelling:
251 description: If set, flat networks to configure in neutron plugins.
254 description: The tenant network type for Neutron, either gre or vxlan.
256 NeutronNetworkVLANRanges:
257 default: 'datacentre'
259 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
260 Neutron documentation for permitted values. Defaults to permitting any
261 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
265 description: The password for the neutron service account, used by neutron agents.
268 NeutronPublicInterface:
270 description: What interface to bridge onto br-ex for network nodes.
272 NeutronPublicInterfaceTag:
275 VLAN tag for creating a public VLAN. The tag will be used to
276 create an access port on the exterior bridge for each control plane node,
277 and that port will be given the IP address returned by neutron from the
278 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
279 overcloud.yaml to include the deployment of VLAN ports to the control
282 NeutronPublicInterfaceDefaultRoute:
284 description: A custom default route for the NeutronPublicInterface.
286 NeutronPublicInterfaceIP:
288 description: A custom IP address to put onto the NeutronPublicInterface.
290 NeutronPublicInterfaceRawDevice:
292 description: If set, the public interface is a vlan with this device as the raw device.
297 The tunnel types for the Neutron tenant network. To specify multiple
298 values, use a comma separated string, like so: 'gre,vxlan'
302 description: The password for the nova service account, used by nova-api.
308 PublicVirtualInterface:
311 Specifies the interface where the public-facing virtual ip will be assigned.
312 This should be int_public when a VLAN is being used.
316 default: '' # Has to be here because of the ignored empty value bug
319 default: '' # Has to be here because of the ignored empty value bug
323 description: The password for RabbitMQ
328 description: The username for RabbitMQ
333 Rabbit client subscriber parameter to specify
334 an SSL connection to the RabbitMQ host.
338 description: Set rabbit subscriber port, change this if using SSL
340 SnmpdReadonlyUserName:
341 default: ro_snmp_user
342 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
344 SnmpdReadonlyUserPassword:
346 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
351 description: If set, the contents of an SSL certificate authority file.
355 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
360 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
365 description: A random string to be used as a salt when hashing to determine mappings
371 description: Value of mount_check in Swift account/container/object -server.conf
376 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
379 description: Partition Power to use when building Swift rings
383 description: The password for the swift service account, used by the swift proxy
390 description: How many replicas to use in the swift rings.
393 default: '' # Has to be here because of the ignored empty value bug
399 type: OS::Nova::Server
401 image: {get_param: Image}
402 image_update_policy: {get_param: ImageUpdatePolicy}
403 flavor: {get_param: Flavor}
404 key_name: {get_param: KeyName}
407 user_data_format: SOFTWARE_CONFIG
410 type: OS::TripleO::Net::SoftwareConfig
413 type: OS::TripleO::SoftwareDeployment
415 signal_transport: NO_SIGNAL
416 config: {get_attr: [NetworkConfig, config_id]}
417 server: {get_resource: Controller}
420 interface_name: {get_param: NeutronPublicInterface}
422 ControllerPassthroughConfig:
423 type: OS::Heat::StructuredConfig
425 group: os-apply-config
426 config: {get_input: passthrough_config}
428 ControllerPassthroughConfigSpecific:
429 type: OS::Heat::StructuredConfig
431 group: os-apply-config
432 config: {get_input: passthrough_config_specific}
435 type: OS::Heat::StructuredConfig
437 group: os-apply-config
439 admin-password: {get_input: admin_password}
440 admin-token: {get_input: admin_token}
442 public_interface_ip: {get_input: neutron_public_interface_ip}
444 nodeid: {get_input: bootstack_nodeid}
446 db: {get_input: cinder_dsn}
447 debug: {get_input: debug}
448 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
449 service-password: {get_input: cinder_password}
450 iscsi-helper: {get_input: CinderISCSIHelper}
451 controller-address: {get_input: controller_host}
453 bindnetaddr: {get_input: controller_host}
456 stonith_enabled : false
458 quorum_policy : ignore
462 host: {get_input: controller_virtual_ip}
464 db: {get_input: glance_dsn}
465 debug: {get_input: debug}
466 host: {get_input: controller_virtual_ip}
467 port: {get_input: glance_port}
468 protocol: {get_input: glance_protocol}
469 service-password: {get_input: glance_password}
470 swift-store-user: service:glance
471 swift-store-key: {get_input: glance_password}
472 notifier-strategy: {get_input: glance_notifier_strategy}
473 log-file: {get_input: glance_log_file}
475 admin_password: {get_input: heat_password}
476 admin_tenant_name: service
478 auth_encryption_key: {get_input: heat_auth_encryption_key}
479 db: {get_input: heat_dsn}
480 debug: {get_input: debug}
481 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
482 watch_server_url: {get_input: heat.watch_server_url}
483 metadata_server_url: {get_input: heat.metadata_server_url}
484 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
486 db: {get_input: keystone_dsn}
487 debug: {get_input: debug}
488 host: {get_input: controller_virtual_ip}
489 ca_certificate: {get_input: keystone_ca_certificate}
490 signing_key: {get_input: keystone_signing_key}
491 signing_certificate: {get_input: keystone_signing_certificate}
493 certificate: {get_input: keystone_ssl_certificate}
494 certificate_key: {get_input: keystone_ssl_certificate_key}
496 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
498 root-password: {get_input: mysql_root_password}
499 cluster_name: {get_input: mysql_cluster_name}
501 debug: {get_input: debug}
502 flat-networks: {get_input: neutron_flat_networks}
503 host: {get_input: controller_virtual_ip}
504 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
505 agent_mode: {get_input: neutron_agent_mode}
506 router_distributed: {get_input: neutron_router_distributed}
507 mechanism_drivers: {get_input: neutron_mechanism_drivers}
508 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
509 l3_ha: {get_input: neutron_l3_ha}
511 enable_tunneling: {get_input: neutron_enable_tunneling}
512 local_ip: {get_input: controller_host}
513 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
514 bridge_mappings: {get_input: neutron_bridge_mappings}
515 public_interface: {get_input: neutron_public_interface}
516 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
517 public_interface_route: {get_input: neutron_public_interface_default_route}
518 public_interface_tag: {get_input: neutron_public_interface_tag}
519 physical_bridge: br-ex
520 tenant_network_type: {get_input: neutron_tenant_network_type}
521 tunnel_types: {get_input: neutron_tunnel_types}
522 ovs_db: {get_input: neutron_dsn}
523 service-password: {get_input: neutron_password}
524 dnsmasq-options: {get_input: neutron_dnsmasq_options}
526 db: {get_input: ceilometer_dsn}
527 debug: {get_input: debug}
528 metering_secret: {get_input: ceilometer_metering_secret}
529 service-password: {get_input: ceilometer_password}
531 export_MIB: UCD-SNMP-MIB
532 readonly_user_name: {get_input: snmpd_readonly_user_name}
533 readonly_user_password: {get_input: snmpd_readonly_user_password}
535 compute_driver: libvirt.LibvirtDriver
536 db: {get_input: nova_dsn}
537 default_floating_pool:
539 host: {get_input: controller_virtual_ip}
541 service-password: {get_input: nova_password}
543 host: {get_input: controller_virtual_ip}
544 username: {get_input: rabbit_username}
545 password: {get_input: rabbit_password}
546 cookie: {get_input: rabbit_cookie}
547 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
548 rabbit_port: {get_input: rabbit_client_port}
551 - {server: {get_input: ntp_server}}
554 - vrrp_instance_name: VI_CONTROL
555 virtual_router_id: 51
556 keepalive_interface: {get_input: control_virtual_interface}
559 - ip: {get_input: controller_virtual_ip}
560 interface: {get_input: control_virtual_interface}
561 - vrrp_instance_name: VI_PUBLIC
562 virtual_router_id: 52
563 keepalive_interface: {get_input: public_virtual_interface}
566 - ip: {get_input: public_virtual_ip}
567 interface: {get_input: public_virtual_interface}
574 keepalive_interface: {get_input: public_virtual_interface}
578 ip: {get_input: controller_virtual_ip}
579 interface: {get_input: control_virtual_interface}
581 ip: {get_input: public_virtual_ip}
582 interface: {get_input: public_virtual_interface}
585 - ip: {get_input: controller_virtual_ip}
587 - option httpchk GET /
589 - name: keystone_admin
591 net_binds: &public_binds
592 - ip: {get_input: controller_virtual_ip}
593 - ip: {get_input: public_virtual_ip}
594 - name: keystone_public
596 net_binds: *public_binds
599 net_binds: *public_binds
602 net_binds: *public_binds
605 net_binds: *public_binds
608 net_binds: *public_binds
609 - name: glance_registry
611 net_binds: *public_binds
612 options: # overwrite options as glace_reg needs auth for http req
615 net_binds: *public_binds
616 - name: heat_cloudwatch
618 net_binds: *public_binds
621 net_binds: *public_binds
633 net_binds: *public_binds
634 - name: nova_metadata
636 net_binds: *public_binds
637 - name: nova_novncproxy
639 net_binds: *public_binds
642 net_binds: *public_binds
643 options: # overwrite options as ceil needs auth for http req
644 - name: swift_proxy_server
646 net_binds: *public_binds
648 - option httpchk GET /info
656 ControllerDeployment:
657 type: OS::TripleO::SoftwareDeployment
659 signal_transport: NO_SIGNAL
660 config: {get_resource: ControllerConfig}
661 server: {get_resource: Controller}
663 bootstack_nodeid: {get_attr: [Controller, name]}
664 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
665 controller_virtual_ip: {get_param: VirtualIP}
666 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
667 heat.watch_server_url:
671 - {get_param: VirtualIP}
673 heat.metadata_server_url:
677 - {get_param: VirtualIP}
679 heat.waitcondition_server_url:
683 - {get_param: VirtualIP}
684 - ':8000/v1/waitcondition'
685 admin_password: {get_param: AdminPassword}
686 admin_token: {get_param: AdminToken}
687 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
688 debug: {get_param: Debug}
689 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
690 cinder_password: {get_param: CinderPassword}
691 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
695 - - 'mysql://cinder:unset@'
696 - {get_param: VirtualIP}
698 glance_port: {get_param: GlancePort}
699 glance_protocol: {get_param: GlanceProtocol}
700 glance_password: {get_param: GlancePassword}
701 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
702 glance_log_file: {get_param: GlanceLogFile}
706 - - 'mysql://glance:unset@'
707 - {get_param: VirtualIP}
709 heat_password: {get_param: HeatPassword}
710 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
711 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
715 - - 'mysql://heat:unset@'
716 - {get_param: VirtualIP}
718 keystone_ca_certificate: {get_param: KeystoneCACertificate}
719 keystone_signing_key: {get_param: KeystoneSigningKey}
720 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
721 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
722 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
726 - - 'mysql://keystone:unset@'
727 - {get_param: VirtualIP}
729 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
730 mysql_root_password: {get_param: MysqlRootPassword}
733 template: tripleo-CLUSTER
735 CLUSTER: {get_param: MysqlClusterUniquePart}
736 neutron_flat_networks: {get_param: NeutronFlatNetworks}
737 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
738 neutron_agent_mode: {get_param: NeutronAgentMode}
739 neutron_router_distributed: {get_param: NeutronDVR}
740 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
741 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
742 neutron_l3_ha: {get_param: NeutronL3HA}
743 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
744 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
745 neutron_public_interface: {get_param: NeutronPublicInterface}
746 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
747 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
748 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
749 neutron_tenant_network_type: {get_param: NeutronNetworkType}
750 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
751 neutron_password: {get_param: NeutronPassword}
752 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
756 - - 'mysql://neutron:unset@'
757 - {get_param: VirtualIP}
758 - '/ovs_neutron?charset=utf8'
759 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
760 ceilometer_password: {get_param: CeilometerPassword}
764 - - 'mysql://ceilometer:unset@'
765 - {get_param: VirtualIP}
767 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
768 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
769 nova_password: {get_param: NovaPassword}
773 - - 'mysql://nova:unset@'
774 - {get_param: VirtualIP}
776 rabbit_username: {get_param: RabbitUserName}
777 rabbit_password: {get_param: RabbitPassword}
778 rabbit_cookie: {get_param: RabbitCookie}
779 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
780 rabbit_client_port: {get_param: RabbitClientPort}
781 ntp_server: {get_param: NtpServer}
782 control_virtual_interface: {get_param: ControlVirtualInterface}
783 public_virtual_interface: {get_param: PublicVirtualInterface}
784 public_virtual_ip: {get_param: PublicVirtualIP}
787 type: OS::Heat::StructuredConfig
789 group: os-apply-config
792 ca_certificate: {get_input: ssl_ca_certificate}
794 cert: {get_input: ssl_certificate}
795 key: {get_input: ssl_key}
796 cacert: {get_input: ssl_ca_certificate}
801 connect_host: {get_input: controller_host}
805 connect_host: {get_input: controller_host}
809 connect_host: {get_input: controller_host}
813 connect_host: {get_input: controller_host}
817 connect_host: {get_input: controller_host}
818 - name: 'swift-proxy'
821 connect_host: {get_input: controller_host}
825 connect_host: {get_input: controller_host}
829 connect_host: {get_input: controller_host}
831 ControllerSSLDeployment:
832 type: OS::Heat::StructuredDeployment
834 config: {get_resource: SSLConfig}
835 server: {get_resource: Controller}
836 signal_transport: NO_SIGNAL
838 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
839 ssl_certificate: {get_param: SSLCertificate}
840 ssl_key: {get_param: SSLKey}
841 ssl_ca_certificate: {get_param: SSLCACertificate}
843 ControllerPassthroughDeployment:
844 type: OS::Heat::StructuredDeployment
846 config: {get_resource: ControllerPassthroughConfig}
847 server: {get_resource: Controller}
848 signal_transport: NO_SIGNAL
850 passthrough_config: {get_param: ExtraConfig}
852 ControllerPassthroughSpecificDeployment:
853 depends_on: [ControllerPassthroughDeployment]
854 type: OS::Heat::StructuredDeployment
856 config: {get_resource: ControllerPassthroughConfigSpecific}
857 server: {get_resource: Controller}
858 signal_transport: NO_SIGNAL
860 passthrough_config_specific: {get_param: ControllerExtraConfig}
863 type: OS::Heat::StructuredConfig
865 group: os-apply-config
868 hash: { get_input: swift_hash_suffix }
869 part-power: { get_input: swift_part_power }
870 mount-check: { get_input: swift_mount_check }
871 min-part-hours: { get_input: swift_min_part_hours }
872 replicas: {get_input: swift_replicas }
873 service-password: { get_input: swift_password }
876 type: OS::Heat::StructuredDeployment
878 server: {get_resource: Controller}
879 config: {get_resource: SwiftConfig}
880 signal_transport: NO_SIGNAL
882 swift_hash_suffix: {get_param: SwiftHashSuffix}
883 swift_mount_check: {get_param: SwiftMountCheck}
884 swift_password: {get_param: SwiftPassword}
885 swift_min_part_hours: {get_param: SwiftMinPartHours}
886 swift_part_power: {get_param: SwiftPartPower}
887 swift_replicas: { get_param: SwiftReplicas}
891 description: IP address of the server in the ctlplane network
892 value: {get_attr: [Controller, networks, ctlplane, 0]}
894 description: Hostname of the server
895 value: {get_attr: [Controller, name]}
898 Node object in the format {ip: ..., name: ...} format that the corosync
901 ip: {get_attr: [Controller, networks, ctlplane, 0]}
902 name: {get_attr: [Controller, name]}
905 Server's IP address and hostname in the /etc/hosts format
908 template: IP HOST HOST.novalocal CLOUDNAME
910 IP: {get_attr: [Controller, networks, ctlplane, 0]}
911 HOST: {get_attr: [Controller, name]}
912 CLOUDNAME: {get_param: CloudName}
913 nova_server_resource:
914 description: Heat resource handle for the Nova compute server
916 {get_resource: Controller}
918 description: Swift device formatted for swift-ring-builder
921 template: 'r1z1-IP:%PORT%/d1'
923 IP: {get_attr: [Controller, networks, ctlplane, 0]}
924 swift_proxy_memcache:
925 description: Swift proxy-memcache value
930 IP: {get_attr: [Controller, networks, ctlplane, 0]}