1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
207 description: Whether to configure Neutron Distributed Virtual Routers
209 NeutronMetadataProxySharedSecret:
211 description: Shared secret to prevent spoofing
213 NeutronMechanismDrivers:
214 default: 'openvswitch'
216 The mechanism drivers for the Neutron tenant network. To specify multiple
217 values, use a comma separated string, like so: 'openvswitch,l2_population'
219 NeutronAllowL3AgentFailover:
221 description: Allow automatic l3-agent failover
225 description: Whether to enable l3-agent HA
227 NeutronEnableTunnelling:
233 description: If set, flat networks to configure in neutron plugins.
236 description: The tenant network type for Neutron, either gre or vxlan.
238 NeutronNetworkVLANRanges:
239 default: 'datacentre'
241 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
242 Neutron documentation for permitted values. Defaults to permitting any
243 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
247 description: The password for the neutron service account, used by neutron agents.
250 NeutronPublicInterface:
252 description: What interface to bridge onto br-ex for network nodes.
254 NeutronPublicInterfaceTag:
257 VLAN tag for creating a public VLAN. The tag will be used to
258 create an access port on the exterior bridge for each control plane node,
259 and that port will be given the IP address returned by neutron from the
260 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
261 overcloud.yaml to include the deployment of VLAN ports to the control
264 NeutronPublicInterfaceDefaultRoute:
266 description: A custom default route for the NeutronPublicInterface.
268 NeutronPublicInterfaceIP:
270 description: A custom IP address to put onto the NeutronPublicInterface.
272 NeutronPublicInterfaceRawDevice:
274 description: If set, the public interface is a vlan with this device as the raw device.
279 The tunnel types for the Neutron tenant network. To specify multiple
280 values, use a comma separated string, like so: 'gre,vxlan'
284 description: The password for the nova service account, used by nova-api.
290 PublicVirtualInterface:
293 Specifies the interface where the public-facing virtual ip will be assigned.
294 This should be int_public when a VLAN is being used.
298 default: '' # Has to be here because of the ignored empty value bug
301 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
322 SnmpdReadonlyUserName:
323 default: ro_snmp_user
324 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
326 SnmpdReadonlyUserPassword:
328 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
333 description: If set, the contents of an SSL certificate authority file.
337 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
342 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
347 description: A random string to be used as a salt when hashing to determine mappings
353 description: Partition Power to use when building Swift rings
357 description: The password for the swift service account, used by the swift proxy
364 description: How many replicas to use in the swift rings.
367 default: '' # Has to be here because of the ignored empty value bug
373 type: OS::Nova::Server
375 image: {get_param: Image}
376 image_update_policy: {get_param: ImageUpdatePolicy}
377 flavor: {get_param: Flavor}
378 key_name: {get_param: KeyName}
381 user_data_format: SOFTWARE_CONFIG
384 type: OS::TripleO::Net::SoftwareConfig
387 type: OS::TripleO::SoftwareDeployment
389 signal_transport: NO_SIGNAL
390 config: {get_attr: [NetworkConfig, config_id]}
391 server: {get_resource: Controller}
394 interface_name: {get_param: NeutronPublicInterface}
397 type: OS::TripleO::Controller::SoftwareConfig
399 # allow configs to create sub-resources attached to the controller
400 controller_id: {get_resource: Controller}
402 ControllerPassthroughConfig:
403 type: OS::Heat::StructuredConfig
405 group: os-apply-config
406 config: {get_input: passthrough_config}
408 ControllerPassthroughConfigSpecific:
409 type: OS::Heat::StructuredConfig
411 group: os-apply-config
412 config: {get_input: passthrough_config_specific}
414 ControllerDeployment:
415 type: OS::TripleO::SoftwareDeployment
417 signal_transport: NO_SIGNAL
418 config: {get_attr: [ControllerConfig, config_id]}
419 server: {get_resource: Controller}
421 bootstack_nodeid: {get_attr: [Controller, name]}
422 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
423 controller_virtual_ip: {get_param: VirtualIP}
424 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
425 heat.watch_server_url:
429 - {get_param: VirtualIP}
431 heat.metadata_server_url:
435 - {get_param: VirtualIP}
437 heat.waitcondition_server_url:
441 - {get_param: VirtualIP}
442 - ':8000/v1/waitcondition'
443 admin_password: {get_param: AdminPassword}
444 admin_token: {get_param: AdminToken}
445 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
446 debug: {get_param: Debug}
447 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
448 cinder_password: {get_param: CinderPassword}
449 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
453 - - 'mysql://cinder:unset@'
454 - {get_param: VirtualIP}
456 glance_port: {get_param: GlancePort}
457 glance_protocol: {get_param: GlanceProtocol}
458 glance_password: {get_param: GlancePassword}
459 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
460 glance_log_file: {get_param: GlanceLogFile}
464 - - 'mysql://glance:unset@'
465 - {get_param: VirtualIP}
467 heat_password: {get_param: HeatPassword}
468 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
472 - - 'mysql://heat:unset@'
473 - {get_param: VirtualIP}
475 keystone_ca_certificate: {get_param: KeystoneCACertificate}
476 keystone_signing_key: {get_param: KeystoneSigningKey}
477 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
478 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
479 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
483 - - 'mysql://keystone:unset@'
484 - {get_param: VirtualIP}
486 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
487 mysql_root_password: {get_param: MysqlRootPassword}
490 template: tripleo-CLUSTER
492 CLUSTER: {get_param: MysqlClusterUniquePart}
493 neutron_flat_networks: {get_param: NeutronFlatNetworks}
494 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
495 neutron_agent_mode: {get_param: NeutronAgentMode}
496 neutron_router_distributed: {get_param: NeutronDVR}
497 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
498 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
499 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
500 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
501 neutron_public_interface: {get_param: NeutronPublicInterface}
502 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
503 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
504 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
505 neutron_tenant_network_type: {get_param: NeutronNetworkType}
506 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
507 neutron_password: {get_param: NeutronPassword}
508 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
512 - - 'mysql://neutron:unset@'
513 - {get_param: VirtualIP}
514 - '/ovs_neutron?charset=utf8'
515 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
516 ceilometer_password: {get_param: CeilometerPassword}
520 - - 'mysql://ceilometer:unset@'
521 - {get_param: VirtualIP}
523 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
524 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
525 nova_password: {get_param: NovaPassword}
529 - - 'mysql://nova:unset@'
530 - {get_param: VirtualIP}
532 rabbit_username: {get_param: RabbitUserName}
533 rabbit_password: {get_param: RabbitPassword}
534 rabbit_cookie: {get_param: RabbitCookie}
535 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
536 rabbit_client_port: {get_param: RabbitClientPort}
537 ntp_server: {get_param: NtpServer}
538 control_virtual_interface: {get_param: ControlVirtualInterface}
539 public_virtual_interface: {get_param: PublicVirtualInterface}
540 public_virtual_ip: {get_param: PublicVirtualIP}
543 type: OS::Heat::StructuredConfig
545 group: os-apply-config
548 ca_certificate: {get_input: ssl_ca_certificate}
550 cert: {get_input: ssl_certificate}
551 key: {get_input: ssl_key}
552 cacert: {get_input: ssl_ca_certificate}
557 connect_host: {get_input: controller_host}
561 connect_host: {get_input: controller_host}
565 connect_host: {get_input: controller_host}
569 connect_host: {get_input: controller_host}
573 connect_host: {get_input: controller_host}
574 - name: 'swift-proxy'
577 connect_host: {get_input: controller_host}
581 connect_host: {get_input: controller_host}
585 connect_host: {get_input: controller_host}
587 ControllerSSLDeployment:
588 type: OS::Heat::StructuredDeployment
590 config: {get_resource: SSLConfig}
591 server: {get_resource: Controller}
592 signal_transport: NO_SIGNAL
594 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
595 ssl_certificate: {get_param: SSLCertificate}
596 ssl_key: {get_param: SSLKey}
597 ssl_ca_certificate: {get_param: SSLCACertificate}
599 ControllerPassthroughDeployment:
600 type: OS::Heat::StructuredDeployment
602 config: {get_resource: ControllerPassthroughConfig}
603 server: {get_resource: Controller}
604 signal_transport: NO_SIGNAL
606 passthrough_config: {get_param: ExtraConfig}
608 ControllerPassthroughSpecificDeployment:
609 depends_on: [ControllerPassthroughDeployment]
610 type: OS::Heat::StructuredDeployment
612 config: {get_resource: ControllerPassthroughConfigSpecific}
613 server: {get_resource: Controller}
614 signal_transport: NO_SIGNAL
616 passthrough_config_specific: {get_param: ControllerExtraConfig}
619 type: OS::Heat::StructuredConfig
621 group: os-apply-config
624 hash: { get_input: swift_hash_suffix }
625 part-power: { get_input: swift_part_power }
626 replicas: {get_input: swift_replicas }
627 service-password: { get_input: swift_password }
630 type: OS::Heat::StructuredDeployment
632 server: {get_resource: Controller}
633 config: {get_resource: SwiftConfig}
634 signal_transport: NO_SIGNAL
636 swift_hash_suffix: {get_param: SwiftHashSuffix}
637 swift_password: {get_param: SwiftPassword}
638 swift_part_power: {get_param: SwiftPartPower}
639 swift_replicas: { get_param: SwiftReplicas}
643 description: IP address of the server in the ctlplane network
644 value: {get_attr: [Controller, networks, ctlplane, 0]}
646 description: Hostname of the server
647 value: {get_attr: [Controller, name]}
650 Node object in the format {ip: ..., name: ...} format that the corosync
653 ip: {get_attr: [Controller, networks, ctlplane, 0]}
654 name: {get_attr: [Controller, name]}
657 Server's IP address and hostname in the /etc/hosts format
660 template: IP HOST HOST.novalocal CLOUDNAME
662 IP: {get_attr: [Controller, networks, ctlplane, 0]}
663 HOST: {get_attr: [Controller, name]}
664 CLOUDNAME: {get_param: CloudName}
665 nova_server_resource:
666 description: Heat resource handle for the Nova compute server
668 {get_resource: Controller}
670 description: Swift device formatted for swift-ring-builder
673 template: 'r1z1-IP:%PORT%/d1'
675 IP: {get_attr: [Controller, networks, ctlplane, 0]}
676 swift_proxy_memcache:
677 description: Swift proxy-memcache value
682 IP: {get_attr: [Controller, networks, ctlplane, 0]}