1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
31 CinderEnableRbdBackend:
33 description: Whether to enable or not the Rbd backend for Cinder
37 description: The iSCSI helper to use with cinder.
39 CinderLVMLoopDeviceSize:
41 description: The size of the loopback file used by the cinder LVM driver.
45 description: The password for the cinder service account, used by cinder-api.
50 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
52 ControllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
58 ControlVirtualInterface:
60 description: Interface where virtual ip will be assigned.
64 description: Set to True to enable debugging on all services.
69 Additional configuration to inject into the cluster. The JSON should have
70 the following structure:
73 [{"section": "SECTIONNAME",
75 [{"option": "OPTIONNAME",
86 [{"section": "default",
88 [{"option": "compute_manager",
89 "value": "ironic.nova.compute.manager.ClusterComputeManager"
96 "value": "nova.cells.rpc_driver.CellsRPCDriver"
105 description: Flavor for control nodes to request when deploying.
108 - custom_constraint: nova.flavor
109 GlanceNotifierStrategy:
110 description: Strategy to use for Glance notification queue
114 description: The filepath of the file to use for logging messages from Glance.
119 description: The password for the glance service account, used by the glance services.
124 description: Glance port.
128 description: Protocol to use when connecting to glance, set to https for SSL.
132 description: The password for the Heat service account, used by the Heat services.
135 HeatStackDomainAdminPassword:
136 description: Password for heat_domain_admin user.
140 HeatAuthEncryptionKey:
141 description: Auth encryption key for heat-engine
145 default: overcloud-control
147 - custom_constraint: glance.image
149 default: 'REBUILD_PRESERVE_EPHEMERAL'
150 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
154 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
157 - custom_constraint: nova.keypair
158 KeystoneCACertificate:
160 description: Keystone self-signed certificate authority certificate.
162 KeystoneSigningCertificate:
164 description: Keystone certificate for verifying token validity.
168 description: Keystone key for signing tokens.
171 KeystoneSSLCertificate:
173 description: Keystone certificate for verifying token validity.
175 KeystoneSSLCertificateKey:
177 description: Keystone key for signing tokens.
180 MysqlClusterUniquePart:
181 description: A unique identifier of the MySQL cluster the controller is in.
183 default: 'unset' # Has to be here because of the ignored empty value bug
184 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
186 # - length: {min: 4, max: 10}
187 MysqlInnodbBufferPoolSize:
189 Specifies the size of the buffer pool in megabytes. Setting to
190 zero should be interpreted as "no value" and will defer to the
197 default: '' # Has to be here because of the ignored empty value bug
198 NeutronBridgeMappings:
200 The OVS logical->physical bridge mappings to use. See the Neutron
201 documentation for details. Defaults to mapping br-ex - the external
202 bridge on hosts - to a physical name 'datacentre' which can be used
203 to create provider networks (and we use this for the default floating
204 network) - if changing this either use different post-install network
205 scripts or be sure to keep 'datacentre' as a mapping network name.
208 NeutronDnsmasqOptions:
209 default: 'dhcp-option-force=26,1400'
210 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
214 description: Agent mode for the neutron-l3-agent on the controller hosts
218 description: Whether to configure Neutron Distributed Virtual Routers
220 NeutronMetadataProxySharedSecret:
222 description: Shared secret to prevent spoofing
224 NeutronMechanismDrivers:
225 default: 'openvswitch'
227 The mechanism drivers for the Neutron tenant network. To specify multiple
228 values, use a comma separated string, like so: 'openvswitch,l2_population'
230 NeutronAllowL3AgentFailover:
232 description: Allow automatic l3-agent failover
236 description: Whether to enable l3-agent HA
238 NeutronEnableTunnelling:
244 description: If set, flat networks to configure in neutron plugins.
247 description: The tenant network type for Neutron, either gre or vxlan.
249 NeutronNetworkVLANRanges:
250 default: 'datacentre'
252 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
253 Neutron documentation for permitted values. Defaults to permitting any
254 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
258 description: The password for the neutron service account, used by neutron agents.
261 NeutronPublicInterface:
263 description: What interface to bridge onto br-ex for network nodes.
265 NeutronPublicInterfaceTag:
268 VLAN tag for creating a public VLAN. The tag will be used to
269 create an access port on the exterior bridge for each control plane node,
270 and that port will be given the IP address returned by neutron from the
271 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
272 overcloud.yaml to include the deployment of VLAN ports to the control
275 NeutronPublicInterfaceDefaultRoute:
277 description: A custom default route for the NeutronPublicInterface.
279 NeutronPublicInterfaceIP:
281 description: A custom IP address to put onto the NeutronPublicInterface.
283 NeutronPublicInterfaceRawDevice:
285 description: If set, the public interface is a vlan with this device as the raw device.
290 The tunnel types for the Neutron tenant network. To specify multiple
291 values, use a comma separated string, like so: 'gre,vxlan'
295 description: The password for the nova service account, used by nova-api.
301 PublicVirtualInterface:
304 Specifies the interface where the public-facing virtual ip will be assigned.
305 This should be int_public when a VLAN is being used.
309 default: '' # Has to be here because of the ignored empty value bug
312 default: '' # Has to be here because of the ignored empty value bug
316 description: The password for RabbitMQ
321 description: The username for RabbitMQ
326 Rabbit client subscriber parameter to specify
327 an SSL connection to the RabbitMQ host.
331 description: Set rabbit subscriber port, change this if using SSL
333 SnmpdReadonlyUserName:
334 default: ro_snmp_user
335 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
337 SnmpdReadonlyUserPassword:
339 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
344 description: If set, the contents of an SSL certificate authority file.
348 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
353 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
358 description: A random string to be used as a salt when hashing to determine mappings
364 description: Value of mount_check in Swift account/container/object -server.conf
369 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
372 description: Partition Power to use when building Swift rings
376 description: The password for the swift service account, used by the swift proxy
383 description: How many replicas to use in the swift rings.
386 default: '' # Has to be here because of the ignored empty value bug
392 type: OS::Nova::Server
394 image: {get_param: Image}
395 image_update_policy: {get_param: ImageUpdatePolicy}
396 flavor: {get_param: Flavor}
397 key_name: {get_param: KeyName}
400 user_data_format: SOFTWARE_CONFIG
403 type: OS::TripleO::Net::SoftwareConfig
406 type: OS::TripleO::SoftwareDeployment
408 signal_transport: NO_SIGNAL
409 config: {get_attr: [NetworkConfig, config_id]}
410 server: {get_resource: Controller}
413 interface_name: {get_param: NeutronPublicInterface}
415 ControllerPassthroughConfig:
416 type: OS::Heat::StructuredConfig
418 group: os-apply-config
419 config: {get_input: passthrough_config}
421 ControllerPassthroughConfigSpecific:
422 type: OS::Heat::StructuredConfig
424 group: os-apply-config
425 config: {get_input: passthrough_config_specific}
428 type: OS::Heat::StructuredConfig
430 group: os-apply-config
432 admin-password: {get_input: admin_password}
433 admin-token: {get_input: admin_token}
435 public_interface_ip: {get_input: neutron_public_interface_ip}
437 nodeid: {get_input: bootstack_nodeid}
439 db: {get_input: cinder_dsn}
440 debug: {get_input: debug}
441 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
442 service-password: {get_input: cinder_password}
443 iscsi-helper: {get_input: CinderISCSIHelper}
444 controller-address: {get_input: controller_host}
446 bindnetaddr: {get_input: controller_host}
449 stonith_enabled : false
451 quorum_policy : ignore
455 host: {get_input: controller_virtual_ip}
457 db: {get_input: glance_dsn}
458 debug: {get_input: debug}
459 host: {get_input: controller_virtual_ip}
460 port: {get_input: glance_port}
461 protocol: {get_input: glance_protocol}
462 service-password: {get_input: glance_password}
463 swift-store-user: service:glance
464 swift-store-key: {get_input: glance_password}
465 notifier-strategy: {get_input: glance_notifier_strategy}
466 log-file: {get_input: glance_log_file}
468 admin_password: {get_input: heat_password}
469 admin_tenant_name: service
471 auth_encryption_key: {get_input: heat_auth_encryption_key}
472 db: {get_input: heat_dsn}
473 debug: {get_input: debug}
474 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
475 watch_server_url: {get_input: heat.watch_server_url}
476 metadata_server_url: {get_input: heat.metadata_server_url}
477 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
479 db: {get_input: keystone_dsn}
480 debug: {get_input: debug}
481 host: {get_input: controller_virtual_ip}
482 ca_certificate: {get_input: keystone_ca_certificate}
483 signing_key: {get_input: keystone_signing_key}
484 signing_certificate: {get_input: keystone_signing_certificate}
486 certificate: {get_input: keystone_ssl_certificate}
487 certificate_key: {get_input: keystone_ssl_certificate_key}
489 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
491 root-password: {get_input: mysql_root_password}
492 cluster_name: {get_input: mysql_cluster_name}
494 debug: {get_input: debug}
495 flat-networks: {get_input: neutron_flat_networks}
496 host: {get_input: controller_virtual_ip}
497 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
498 agent_mode: {get_input: neutron_agent_mode}
499 router_distributed: {get_input: neutron_router_distributed}
500 mechanism_drivers: {get_input: neutron_mechanism_drivers}
501 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
502 l3_ha: {get_input: neutron_l3_ha}
504 enable_tunneling: {get_input: neutron_enable_tunneling}
505 local_ip: {get_input: controller_host}
506 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
507 bridge_mappings: {get_input: neutron_bridge_mappings}
508 public_interface: {get_input: neutron_public_interface}
509 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
510 public_interface_route: {get_input: neutron_public_interface_default_route}
511 public_interface_tag: {get_input: neutron_public_interface_tag}
512 physical_bridge: br-ex
513 tenant_network_type: {get_input: neutron_tenant_network_type}
514 tunnel_types: {get_input: neutron_tunnel_types}
515 ovs_db: {get_input: neutron_dsn}
516 service-password: {get_input: neutron_password}
517 dnsmasq-options: {get_input: neutron_dnsmasq_options}
519 db: {get_input: ceilometer_dsn}
520 debug: {get_input: debug}
521 metering_secret: {get_input: ceilometer_metering_secret}
522 service-password: {get_input: ceilometer_password}
524 export_MIB: UCD-SNMP-MIB
525 readonly_user_name: {get_input: snmpd_readonly_user_name}
526 readonly_user_password: {get_input: snmpd_readonly_user_password}
528 compute_driver: libvirt.LibvirtDriver
529 db: {get_input: nova_dsn}
530 default_floating_pool:
532 host: {get_input: controller_virtual_ip}
534 service-password: {get_input: nova_password}
536 host: {get_input: controller_virtual_ip}
537 username: {get_input: rabbit_username}
538 password: {get_input: rabbit_password}
539 cookie: {get_input: rabbit_cookie}
540 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
541 rabbit_port: {get_input: rabbit_client_port}
544 - {server: {get_input: ntp_server}}
547 - vrrp_instance_name: VI_CONTROL
548 virtual_router_id: 51
549 keepalive_interface: {get_input: control_virtual_interface}
552 - ip: {get_input: controller_virtual_ip}
553 interface: {get_input: control_virtual_interface}
554 - vrrp_instance_name: VI_PUBLIC
555 virtual_router_id: 52
556 keepalive_interface: {get_input: public_virtual_interface}
559 - ip: {get_input: public_virtual_ip}
560 interface: {get_input: public_virtual_interface}
567 keepalive_interface: {get_input: public_virtual_interface}
571 ip: {get_input: controller_virtual_ip}
572 interface: {get_input: control_virtual_interface}
574 ip: {get_input: public_virtual_ip}
575 interface: {get_input: public_virtual_interface}
578 - ip: {get_input: controller_virtual_ip}
580 - option httpchk GET /
582 - name: keystone_admin
584 net_binds: &public_binds
585 - ip: {get_input: controller_virtual_ip}
586 - ip: {get_input: public_virtual_ip}
587 - name: keystone_public
589 net_binds: *public_binds
592 net_binds: *public_binds
595 net_binds: *public_binds
598 net_binds: *public_binds
601 net_binds: *public_binds
602 - name: glance_registry
604 net_binds: *public_binds
605 options: # overwrite options as glace_reg needs auth for http req
608 net_binds: *public_binds
609 - name: heat_cloudwatch
611 net_binds: *public_binds
614 net_binds: *public_binds
626 net_binds: *public_binds
627 - name: nova_metadata
629 net_binds: *public_binds
630 - name: nova_novncproxy
632 net_binds: *public_binds
635 net_binds: *public_binds
636 options: # overwrite options as ceil needs auth for http req
637 - name: swift_proxy_server
639 net_binds: *public_binds
641 - option httpchk GET /info
649 ControllerDeployment:
650 type: OS::TripleO::SoftwareDeployment
652 signal_transport: NO_SIGNAL
653 config: {get_resource: ControllerConfig}
654 server: {get_resource: Controller}
656 bootstack_nodeid: {get_attr: [Controller, name]}
657 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
658 controller_virtual_ip: {get_param: VirtualIP}
659 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
660 heat.watch_server_url:
664 - {get_param: VirtualIP}
666 heat.metadata_server_url:
670 - {get_param: VirtualIP}
672 heat.waitcondition_server_url:
676 - {get_param: VirtualIP}
677 - ':8000/v1/waitcondition'
678 admin_password: {get_param: AdminPassword}
679 admin_token: {get_param: AdminToken}
680 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
681 debug: {get_param: Debug}
682 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
683 cinder_password: {get_param: CinderPassword}
684 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
688 - - 'mysql://cinder:unset@'
689 - {get_param: VirtualIP}
691 glance_port: {get_param: GlancePort}
692 glance_protocol: {get_param: GlanceProtocol}
693 glance_password: {get_param: GlancePassword}
694 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
695 glance_log_file: {get_param: GlanceLogFile}
699 - - 'mysql://glance:unset@'
700 - {get_param: VirtualIP}
702 heat_password: {get_param: HeatPassword}
703 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
704 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
708 - - 'mysql://heat:unset@'
709 - {get_param: VirtualIP}
711 keystone_ca_certificate: {get_param: KeystoneCACertificate}
712 keystone_signing_key: {get_param: KeystoneSigningKey}
713 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
714 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
715 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
719 - - 'mysql://keystone:unset@'
720 - {get_param: VirtualIP}
722 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
723 mysql_root_password: {get_param: MysqlRootPassword}
726 template: tripleo-CLUSTER
728 CLUSTER: {get_param: MysqlClusterUniquePart}
729 neutron_flat_networks: {get_param: NeutronFlatNetworks}
730 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
731 neutron_agent_mode: {get_param: NeutronAgentMode}
732 neutron_router_distributed: {get_param: NeutronDVR}
733 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
734 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
735 neutron_l3_ha: {get_param: NeutronL3HA}
736 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
737 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
738 neutron_public_interface: {get_param: NeutronPublicInterface}
739 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
740 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
741 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
742 neutron_tenant_network_type: {get_param: NeutronNetworkType}
743 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
744 neutron_password: {get_param: NeutronPassword}
745 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
749 - - 'mysql://neutron:unset@'
750 - {get_param: VirtualIP}
751 - '/ovs_neutron?charset=utf8'
752 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
753 ceilometer_password: {get_param: CeilometerPassword}
757 - - 'mysql://ceilometer:unset@'
758 - {get_param: VirtualIP}
760 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
761 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
762 nova_password: {get_param: NovaPassword}
766 - - 'mysql://nova:unset@'
767 - {get_param: VirtualIP}
769 rabbit_username: {get_param: RabbitUserName}
770 rabbit_password: {get_param: RabbitPassword}
771 rabbit_cookie: {get_param: RabbitCookie}
772 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
773 rabbit_client_port: {get_param: RabbitClientPort}
774 ntp_server: {get_param: NtpServer}
775 control_virtual_interface: {get_param: ControlVirtualInterface}
776 public_virtual_interface: {get_param: PublicVirtualInterface}
777 public_virtual_ip: {get_param: PublicVirtualIP}
780 type: OS::Heat::StructuredConfig
782 group: os-apply-config
785 ca_certificate: {get_input: ssl_ca_certificate}
787 cert: {get_input: ssl_certificate}
788 key: {get_input: ssl_key}
789 cacert: {get_input: ssl_ca_certificate}
794 connect_host: {get_input: controller_host}
798 connect_host: {get_input: controller_host}
802 connect_host: {get_input: controller_host}
806 connect_host: {get_input: controller_host}
810 connect_host: {get_input: controller_host}
811 - name: 'swift-proxy'
814 connect_host: {get_input: controller_host}
818 connect_host: {get_input: controller_host}
822 connect_host: {get_input: controller_host}
824 ControllerSSLDeployment:
825 type: OS::Heat::StructuredDeployment
827 config: {get_resource: SSLConfig}
828 server: {get_resource: Controller}
829 signal_transport: NO_SIGNAL
831 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
832 ssl_certificate: {get_param: SSLCertificate}
833 ssl_key: {get_param: SSLKey}
834 ssl_ca_certificate: {get_param: SSLCACertificate}
836 ControllerPassthroughDeployment:
837 type: OS::Heat::StructuredDeployment
839 config: {get_resource: ControllerPassthroughConfig}
840 server: {get_resource: Controller}
841 signal_transport: NO_SIGNAL
843 passthrough_config: {get_param: ExtraConfig}
845 ControllerPassthroughSpecificDeployment:
846 depends_on: [ControllerPassthroughDeployment]
847 type: OS::Heat::StructuredDeployment
849 config: {get_resource: ControllerPassthroughConfigSpecific}
850 server: {get_resource: Controller}
851 signal_transport: NO_SIGNAL
853 passthrough_config_specific: {get_param: ControllerExtraConfig}
856 type: OS::Heat::StructuredConfig
858 group: os-apply-config
861 hash: { get_input: swift_hash_suffix }
862 part-power: { get_input: swift_part_power }
863 mount-check: { get_input: swift_mount_check }
864 min-part-hours: { get_input: swift_min_part_hours }
865 replicas: {get_input: swift_replicas }
866 service-password: { get_input: swift_password }
869 type: OS::Heat::StructuredDeployment
871 server: {get_resource: Controller}
872 config: {get_resource: SwiftConfig}
873 signal_transport: NO_SIGNAL
875 swift_hash_suffix: {get_param: SwiftHashSuffix}
876 swift_mount_check: {get_param: SwiftMountCheck}
877 swift_password: {get_param: SwiftPassword}
878 swift_min_part_hours: {get_param: SwiftMinPartHours}
879 swift_part_power: {get_param: SwiftPartPower}
880 swift_replicas: { get_param: SwiftReplicas}
884 description: IP address of the server in the ctlplane network
885 value: {get_attr: [Controller, networks, ctlplane, 0]}
887 description: Hostname of the server
888 value: {get_attr: [Controller, name]}
891 Node object in the format {ip: ..., name: ...} format that the corosync
894 ip: {get_attr: [Controller, networks, ctlplane, 0]}
895 name: {get_attr: [Controller, name]}
898 Server's IP address and hostname in the /etc/hosts format
901 template: IP HOST HOST.novalocal CLOUDNAME
903 IP: {get_attr: [Controller, networks, ctlplane, 0]}
904 HOST: {get_attr: [Controller, name]}
905 CLOUDNAME: {get_param: CloudName}
906 nova_server_resource:
907 description: Heat resource handle for the Nova compute server
909 {get_resource: Controller}
911 description: Swift device formatted for swift-ring-builder
914 template: 'r1z1-IP:%PORT%/d1'
916 IP: {get_attr: [Controller, networks, ctlplane, 0]}
917 swift_proxy_memcache:
918 description: Swift proxy-memcache value
923 IP: {get_attr: [Controller, networks, ctlplane, 0]}