1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
101 - custom_constraint: nova.flavor
102 GlanceNotifierStrategy:
103 description: Strategy to use for Glance notification queue
107 description: The filepath of the file to use for logging messages from Glance.
112 description: The password for the glance service account, used by the glance services.
117 description: Glance port.
121 description: Protocol to use when connecting to glance, set to https for SSL.
125 description: The password for the Heat service account, used by the Heat services.
128 HeatStackDomainAdminPassword:
129 description: Password for heat_domain_admin user.
135 default: overcloud-control
137 - custom_constraint: glance.image
139 default: 'REBUILD_PRESERVE_EPHEMERAL'
140 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
144 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
147 - custom_constraint: nova.keypair
148 KeystoneCACertificate:
150 description: Keystone self-signed certificate authority certificate.
152 KeystoneSigningCertificate:
154 description: Keystone certificate for verifying token validity.
158 description: Keystone key for signing tokens.
161 MysqlClusterUniquePart:
162 description: A unique identifier of the MySQL cluster the controller is in.
164 default: 'unset' # Has to be here because of the ignored empty value bug
166 - length: {min: 4, max: 10}
167 MysqlInnodbBufferPoolSize:
169 Specifies the size of the buffer pool in megabytes. Setting to
170 zero should be interpreted as "no value" and will defer to the
177 default: '' # Has to be here because of the ignored empty value bug
178 NeutronBridgeMappings:
180 The OVS logical->physical bridge mappings to use. See the Neutron
181 documentation for details. Defaults to mapping br-ex - the external
182 bridge on hosts - to a physical name 'datacentre' which can be used
183 to create provider networks (and we use this for the default floating
184 network) - if changing this either use different post-install network
185 scripts or be sure to keep 'datacentre' as a mapping network name.
188 NeutronDnsmasqOptions:
189 default: 'dhcp-option-force=26,1400'
190 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
192 NeutronEnableTunnelling:
198 description: If set, flat networks to configure in neutron plugins.
201 description: The tenant network type for Neutron, either gre or vxlan.
203 NeutronNetworkVLANRanges:
204 default: 'datacentre'
206 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
207 Neutron documentation for permitted values. Defaults to permitting any
208 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
212 description: The password for the neutron service account, used by neutron agents.
215 NeutronPublicInterface:
217 description: What interface to bridge onto br-ex for network nodes.
219 NeutronPublicInterfaceTag:
222 VLAN tag for creating a public VLAN. The tag will be used to
223 create an access port on the exterior bridge for each control plane node,
224 and that port will be given the IP address returned by neutron from the
225 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
226 overcloud.yaml to include the deployment of VLAN ports to the control
229 NeutronPublicInterfaceDefaultRoute:
231 description: A custom default route for the NeutronPublicInterface.
233 NeutronPublicInterfaceIP:
235 description: A custom IP address to put onto the NeutronPublicInterface.
237 NeutronPublicInterfaceRawDevice:
239 description: If set, the public interface is a vlan with this device as the raw device.
244 The tunnel types for the Neutron tenant network. To specify multiple
245 values, use a comma separated string, like so: 'gre,vxlan'
249 description: The password for the nova service account, used by nova-api.
255 PublicVirtualInterface:
258 Specifies the interface where the public-facing virtual ip will be assigned.
259 This should be int_public when a VLAN is being used.
263 default: '' # Has to be here because of the ignored empty value bug
266 default: '' # Has to be here because of the ignored empty value bug
270 description: The password for RabbitMQ
275 description: The username for RabbitMQ
277 SnmpdReadonlyUserName:
278 default: ro_snmp_user
279 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
281 SnmpdReadonlyUserPassword:
283 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
288 description: If set, the contents of an SSL certificate authority file.
292 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
297 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
302 description: A random string to be used as a salt when hashing to determine mappings
308 description: Partition Power to use when building Swift rings
312 description: The password for the swift service account, used by the swift proxy
319 description: How many replicas to use in the swift rings.
322 default: '' # Has to be here because of the ignored empty value bug
328 type: OS::Nova::Server
330 image: {get_param: Image}
331 image_update_policy: {get_param: ImageUpdatePolicy}
332 flavor: {get_param: Flavor}
333 key_name: {get_param: KeyName}
336 user_data_format: SOFTWARE_CONFIG
339 type: OS::Heat::StructuredConfig
341 group: os-apply-config
343 admin-password: {get_param: AdminPassword}
344 admin-token: {get_param: AdminToken}
346 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
348 nodeid: {get_input: bootstack_nodeid}
351 {get_param: VirtualIP}
356 - - mysql://cinder:unset@
359 debug: {get_param: Debug}
360 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
361 service-password: {get_param: CinderPassword}
362 iscsi-helper: {get_param: CinderISCSIHelper}
363 controller-address: {get_input: controller_host}
365 bindnetaddr: {get_input: controller_host}
368 stonith_enabled : false
370 quorum_policy : ignore
374 host: {get_input: controller_virtual_ip}
379 - - mysql://glance:unset@
382 debug: {get_param: Debug}
383 host: {get_input: controller_virtual_ip}
384 port: {get_param: GlancePort}
385 protocol: {get_param: GlanceProtocol}
386 service-password: {get_param: GlancePassword}
387 swift-store-user: service:glance
388 swift-store-key: {get_param: GlancePassword}
389 notifier-strategy: {get_param: GlanceNotifierStrategy}
390 log-file: {get_param: GlanceLogFile}
392 admin_password: {get_param: HeatPassword}
393 admin_tenant_name: service
395 auth_encryption_key: unset___________
399 - - mysql://heat:unset@
402 debug: {get_param: Debug}
403 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
404 watch_server_url: {get_input: heat.watch_server_url}
405 metadata_server_url: {get_input: heat.metadata_server_url}
406 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
411 - - mysql://keystone:unset@
414 debug: {get_param: Debug}
415 host: {get_input: controller_virtual_ip}
416 ca_certificate: {get_param: KeystoneCACertificate}
417 signing_key: {get_param: KeystoneSigningKey}
418 signing_certificate: {get_param: KeystoneSigningCertificate}
420 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
422 root-password: {get_param: MysqlRootPassword}
425 template: tripleo-CLUSTER
427 CLUSTER: {get_param: MysqlClusterUniquePart}
429 debug: {get_param: Debug}
430 flat-networks: {get_param: NeutronFlatNetworks}
431 host: {get_input: controller_virtual_ip}
432 metadata_proxy_shared_secret: unset
434 enable_tunneling: {get_input: neutron_enable_tunneling}
435 local_ip: {get_input: controller_host}
436 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
437 bridge_mappings: {get_param: NeutronBridgeMappings}
438 public_interface: {get_param: NeutronPublicInterface}
439 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
440 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
441 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
442 physical_bridge: br-ex
443 tenant_network_type: {get_param: NeutronNetworkType}
444 tunnel_types: {get_param: NeutronTunnelTypes}
448 - - mysql://neutron:unset@
450 - /ovs_neutron?charset=utf8
451 service-password: {get_param: NeutronPassword}
452 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
457 - - mysql://ceilometer:unset@
460 debug: {get_param: Debug}
461 metering_secret: {get_param: CeilometerMeteringSecret}
462 service-password: {get_param: CeilometerPassword}
464 export_MIB: UCD-SNMP-MIB
465 readonly_user_name: {get_param: SnmpdReadonlyUserName}
466 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
468 compute_driver: libvirt.LibvirtDriver
472 - - mysql://nova:unset@
475 default_floating_pool:
477 host: {get_input: controller_virtual_ip}
479 service-password: {get_param: NovaPassword}
481 host: {get_input: controller_virtual_ip}
482 username: {get_param: RabbitUserName}
483 password: {get_param: RabbitPassword}
484 cookie: {get_param: RabbitCookie}
487 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
490 - vrrp_instance_name: VI_CONTROL
491 virtual_router_id: 51
492 keepalive_interface: {get_param: ControlVirtualInterface}
495 - ip: {get_param: VirtualIP}
496 interface: {get_param: ControlVirtualInterface}
497 - vrrp_instance_name: VI_PUBLIC
498 virtual_router_id: 52
499 keepalive_interface: {get_param: PublicVirtualInterface}
502 - ip: {get_param: PublicVirtualIP}
503 interface: {get_param: PublicVirtualInterface}
510 keepalive_interface: {get_param: PublicVirtualInterface}
514 ip: {get_param: VirtualIP}
515 interface: {get_param: ControlVirtualInterface}
517 ip: {get_param: PublicVirtualIP}
518 interface: {get_param: PublicVirtualInterface}
521 - ip: {get_param: VirtualIP}
523 - name: keystone_admin
525 net_binds: &public_binds
526 - ip: {get_param: VirtualIP}
527 - ip: {get_param: PublicVirtualIP}
528 - name: keystone_public
530 net_binds: *public_binds
533 net_binds: *public_binds
536 net_binds: *public_binds
539 net_binds: *public_binds
542 net_binds: *public_binds
543 - name: glance_registry
545 net_binds: *public_binds
548 net_binds: *public_binds
549 - name: heat_cloudwatch
551 net_binds: *public_binds
554 net_binds: *public_binds
566 net_binds: *public_binds
567 - name: nova_metadata
569 net_binds: *public_binds
572 net_binds: *public_binds
573 - name: swift_proxy_server
575 net_binds: *public_binds
583 ControllerPassthroughConfig:
584 type: OS::Heat::StructuredConfig
586 group: os-apply-config
587 config: {get_input: passthrough_config}
589 ControllerPassthroughConfigSpecific:
590 type: OS::Heat::StructuredConfig
592 group: os-apply-config
593 config: {get_input: passthrough_config_specific}
595 ControllerDeployment:
596 type: OS::Heat::StructuredDeployment
598 signal_transport: NO_SIGNAL
599 config: {get_resource: ControllerConfig}
600 server: {get_resource: Controller}
602 bootstack_nodeid: {get_attr: [Controller, name]}
603 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
604 controller_virtual_ip: {get_param: VirtualIP}
605 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
606 heat.watch_server_url:
610 - {get_param: VirtualIP}
612 heat.metadata_server_url:
616 - {get_param: VirtualIP}
618 heat.waitcondition_server_url:
622 - {get_param: VirtualIP}
623 - ':8000/v1/waitcondition'
626 type: OS::Heat::StructuredConfig
628 group: os-apply-config
631 ca_certificate: {get_input: ssl_ca_certificate}
633 cert: {get_input: ssl_certificate}
634 key: {get_input: ssl_key}
635 cacert: {get_input: ssl_ca_certificate}
640 connect_host: {get_input: controller_host}
644 connect_host: {get_input: controller_host}
648 connect_host: {get_input: controller_host}
652 connect_host: {get_input: controller_host}
656 connect_host: {get_input: controller_host}
657 - name: 'swift-proxy'
660 connect_host: {get_input: controller_host}
664 connect_host: {get_input: controller_host}
668 connect_host: {get_input: controller_host}
670 ControllerSSLDeployment:
671 type: OS::Heat::StructuredDeployment
673 config: {get_resource: SSLConfig}
674 server: {get_resource: Controller}
675 signal_transport: NO_SIGNAL
677 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
678 ssl_certificate: {get_param: SSLCertificate}
679 ssl_key: {get_param: SSLKey}
680 ssl_ca_certificate: {get_param: SSLCACertificate}
682 ControllerPassthroughDeployment:
683 type: OS::Heat::StructuredDeployment
685 config: {get_resource: ControllerPassthroughConfig}
686 server: {get_resource: Controller}
687 signal_transport: NO_SIGNAL
689 passthrough_config: {get_param: ExtraConfig}
691 ControllerPassthroughSpecificDeployment:
692 depends_on: [ControllerPassthroughDeployment]
693 type: OS::Heat::StructuredDeployment
695 config: {get_resource: ControllerPassthroughConfigSpecific}
696 server: {get_resource: Controller}
697 signal_transport: NO_SIGNAL
699 passthrough_config_specific: {get_param: ControllerExtraConfig}
702 type: OS::Heat::StructuredConfig
704 group: os-apply-config
707 hash: { get_input: swift_hash_suffix }
708 part-power: { get_input: swift_part_power }
709 replicas: {get_input: swift_replicas }
710 service-password: { get_input: swift_password }
713 type: OS::Heat::StructuredDeployment
715 server: {get_resource: Controller}
716 config: {get_resource: SwiftConfig}
717 signal_transport: NO_SIGNAL
719 swift_hash_suffix: {get_param: SwiftHashSuffix}
720 swift_password: {get_param: SwiftPassword}
721 swift_part_power: {get_param: SwiftPartPower}
722 swift_replicas: { get_param: SwiftReplicas}
726 description: IP address of the server in the ctlplane network
727 value: {get_attr: [Controller, networks, ctlplane, 0]}
729 description: Hostname of the server
730 value: {get_attr: [Controller, name]}
733 Node object in the format {ip: ..., name: ...} format that the corosync
736 ip: {get_attr: [Controller, networks, ctlplane, 0]}
737 name: {get_attr: [Controller, name]}
740 Server's IP address and hostname in the /etc/hosts format
743 template: IP HOST HOST.novalocal CLOUDNAME
745 IP: {get_attr: [Controller, networks, ctlplane, 0]}
746 HOST: {get_attr: [Controller, name]}
747 CLOUDNAME: {get_param: CloudName}
748 nova_server_resource:
749 description: Heat resource handle for the Nova compute server
751 {get_resource: Controller}
753 description: Swift device formatted for swift-ring-builder
756 template: 'r1z1-IP:%PORT%/d1'
758 IP: {get_attr: [Controller, networks, ctlplane, 0]}
759 swift_proxy_memcache:
760 description: Swift proxy-memcache value
765 IP: {get_attr: [Controller, networks, ctlplane, 0]}
Code Review / apex-tripleo-heat-templates.git / blob