1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
31 CinderEnableRbdBackend:
33 description: Whether to enable or not the Rbd backend for Cinder
37 description: The iSCSI helper to use with cinder.
39 CinderLVMLoopDeviceSize:
41 description: The size of the loopback file used by the cinder LVM driver.
45 description: The password for the cinder service account, used by cinder-api.
50 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
52 ControllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
58 ControlVirtualInterface:
60 description: Interface where virtual ip will be assigned.
64 description: Set to True to enable debugging on all services.
68 description: Whether to use Galera instead of regular MariaDB.
72 description: If enabled services will be monitored by Pacemaker; it
73 will manage VIPs as well, in place of Keepalived.
77 description: Whether to deploy Ceph Storage (OSD) on the Controller
81 description: Whether to enable Swift Storage on the Controller
86 Additional configuration to inject into the cluster. The JSON should have
87 the following structure:
90 [{"section": "SECTIONNAME",
92 [{"option": "OPTIONNAME",
103 [{"section": "default",
105 [{"option": "compute_manager",
106 "value": "ironic.nova.compute.manager.ClusterComputeManager"
112 [{"option": "driver",
113 "value": "nova.cells.rpc_driver.CellsRPCDriver"
122 description: Flavor for control nodes to request when deploying.
125 - custom_constraint: nova.flavor
126 GlanceNotifierStrategy:
127 description: Strategy to use for Glance notification queue
131 description: The filepath of the file to use for logging messages from Glance.
136 description: The password for the glance service account, used by the glance services.
141 description: Glance port.
145 description: Protocol to use when connecting to glance, set to https for SSL.
149 description: The password for the Heat service account, used by the Heat services.
152 HeatStackDomainAdminPassword:
153 description: Password for heat_domain_admin user.
157 HeatAuthEncryptionKey:
158 description: Auth encryption key for heat-engine
162 default: overcloud-control
164 - custom_constraint: glance.image
166 default: 'REBUILD_PRESERVE_EPHEMERAL'
167 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
171 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
174 - custom_constraint: nova.keypair
175 KeystoneCACertificate:
177 description: Keystone self-signed certificate authority certificate.
179 KeystoneSigningCertificate:
181 description: Keystone certificate for verifying token validity.
185 description: Keystone key for signing tokens.
188 KeystoneSSLCertificate:
190 description: Keystone certificate for verifying token validity.
192 KeystoneSSLCertificateKey:
194 description: Keystone key for signing tokens.
197 MysqlClusterUniquePart:
198 description: A unique identifier of the MySQL cluster the controller is in.
200 default: 'unset' # Has to be here because of the ignored empty value bug
201 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
203 # - length: {min: 4, max: 10}
204 MysqlInnodbBufferPoolSize:
206 Specifies the size of the buffer pool in megabytes. Setting to
207 zero should be interpreted as "no value" and will defer to the
214 default: '' # Has to be here because of the ignored empty value bug
215 NeutronBridgeMappings:
217 The OVS logical->physical bridge mappings to use. See the Neutron
218 documentation for details. Defaults to mapping br-ex - the external
219 bridge on hosts - to a physical name 'datacentre' which can be used
220 to create provider networks (and we use this for the default floating
221 network) - if changing this either use different post-install network
222 scripts or be sure to keep 'datacentre' as a mapping network name.
225 NeutronDnsmasqOptions:
226 default: 'dhcp-option-force=26,1400'
227 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
231 description: Agent mode for the neutron-l3-agent on the controller hosts
235 description: Whether to configure Neutron Distributed Virtual Routers
237 NeutronMetadataProxySharedSecret:
239 description: Shared secret to prevent spoofing
241 NeutronMechanismDrivers:
242 default: 'openvswitch'
244 The mechanism drivers for the Neutron tenant network. To specify multiple
245 values, use a comma separated string, like so: 'openvswitch,l2_population'
247 NeutronAllowL3AgentFailover:
249 description: Allow automatic l3-agent failover
253 description: Whether to enable l3-agent HA
255 NeutronEnableTunnelling:
261 description: If set, flat networks to configure in neutron plugins.
264 description: The tenant network type for Neutron, either gre or vxlan.
266 NeutronNetworkVLANRanges:
267 default: 'datacentre'
269 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
270 Neutron documentation for permitted values. Defaults to permitting any
271 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
275 description: The password for the neutron service account, used by neutron agents.
278 NeutronPublicInterface:
280 description: What interface to bridge onto br-ex for network nodes.
282 NeutronPublicInterfaceTag:
285 VLAN tag for creating a public VLAN. The tag will be used to
286 create an access port on the exterior bridge for each control plane node,
287 and that port will be given the IP address returned by neutron from the
288 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
289 overcloud.yaml to include the deployment of VLAN ports to the control
292 NeutronPublicInterfaceDefaultRoute:
294 description: A custom default route for the NeutronPublicInterface.
296 NeutronPublicInterfaceIP:
298 description: A custom IP address to put onto the NeutronPublicInterface.
300 NeutronPublicInterfaceRawDevice:
302 description: If set, the public interface is a vlan with this device as the raw device.
307 The tunnel types for the Neutron tenant network. To specify multiple
308 values, use a comma separated string, like so: 'gre,vxlan'
312 description: The password for the nova service account, used by nova-api.
320 description: The password for the 'pcsd' user.
321 PublicVirtualInterface:
324 Specifies the interface where the public-facing virtual ip will be assigned.
325 This should be int_public when a VLAN is being used.
329 default: '' # Has to be here because of the ignored empty value bug
332 default: '' # Has to be here because of the ignored empty value bug
336 description: The password for RabbitMQ
341 description: The username for RabbitMQ
346 Rabbit client subscriber parameter to specify
347 an SSL connection to the RabbitMQ host.
351 description: Set rabbit subscriber port, change this if using SSL
353 SnmpdReadonlyUserName:
354 default: ro_snmp_user
355 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
357 SnmpdReadonlyUserPassword:
359 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
364 description: If set, the contents of an SSL certificate authority file.
368 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
373 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
378 description: A random string to be used as a salt when hashing to determine mappings
384 description: Value of mount_check in Swift account/container/object -server.conf
389 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
392 description: Partition Power to use when building Swift rings
396 description: The password for the swift service account, used by the swift proxy
403 description: How many replicas to use in the swift rings.
406 default: '' # Has to be here because of the ignored empty value bug
412 type: OS::Nova::Server
414 image: {get_param: Image}
415 image_update_policy: {get_param: ImageUpdatePolicy}
416 flavor: {get_param: Flavor}
417 key_name: {get_param: KeyName}
420 user_data_format: SOFTWARE_CONFIG
421 user_data: {get_resource: NodeUserData}
424 type: OS::TripleO::NodeUserData
427 type: OS::TripleO::Net::SoftwareConfig
430 type: OS::TripleO::SoftwareDeployment
432 signal_transport: NO_SIGNAL
433 config: {get_attr: [NetworkConfig, config_id]}
434 server: {get_resource: Controller}
437 interface_name: {get_param: NeutronPublicInterface}
439 ControllerPassthroughConfig:
440 type: OS::Heat::StructuredConfig
442 group: os-apply-config
443 config: {get_input: passthrough_config}
445 ControllerPassthroughConfigSpecific:
446 type: OS::Heat::StructuredConfig
448 group: os-apply-config
449 config: {get_input: passthrough_config_specific}
452 type: OS::Heat::StructuredConfig
454 group: os-apply-config
456 admin-password: {get_input: admin_password}
457 admin-token: {get_input: admin_token}
459 public_interface_ip: {get_input: neutron_public_interface_ip}
461 nodeid: {get_input: bootstack_nodeid}
463 db: {get_input: cinder_dsn}
464 debug: {get_input: debug}
465 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
466 service-password: {get_input: cinder_password}
467 iscsi-helper: {get_input: CinderISCSIHelper}
468 controller-address: {get_input: controller_host}
470 bindnetaddr: {get_input: controller_host}
473 stonith_enabled : false
475 quorum_policy : ignore
479 host: {get_input: controller_virtual_ip}
481 db: {get_input: glance_dsn}
482 debug: {get_input: debug}
483 host: {get_input: controller_virtual_ip}
484 port: {get_input: glance_port}
485 protocol: {get_input: glance_protocol}
486 service-password: {get_input: glance_password}
487 swift-store-user: service:glance
488 swift-store-key: {get_input: glance_password}
489 notifier-strategy: {get_input: glance_notifier_strategy}
490 log-file: {get_input: glance_log_file}
492 admin_password: {get_input: heat_password}
493 admin_tenant_name: service
495 auth_encryption_key: {get_input: heat_auth_encryption_key}
496 db: {get_input: heat_dsn}
497 debug: {get_input: debug}
498 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
499 watch_server_url: {get_input: heat.watch_server_url}
500 metadata_server_url: {get_input: heat.metadata_server_url}
501 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
503 db: {get_input: keystone_dsn}
504 debug: {get_input: debug}
505 host: {get_input: controller_virtual_ip}
506 ca_certificate: {get_input: keystone_ca_certificate}
507 signing_key: {get_input: keystone_signing_key}
508 signing_certificate: {get_input: keystone_signing_certificate}
510 certificate: {get_input: keystone_ssl_certificate}
511 certificate_key: {get_input: keystone_ssl_certificate_key}
513 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
515 root-password: {get_input: mysql_root_password}
516 cluster_name: {get_input: mysql_cluster_name}
518 debug: {get_input: debug}
519 flat-networks: {get_input: neutron_flat_networks}
520 host: {get_input: controller_virtual_ip}
521 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
522 agent_mode: {get_input: neutron_agent_mode}
523 router_distributed: {get_input: neutron_router_distributed}
524 mechanism_drivers: {get_input: neutron_mechanism_drivers}
525 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
526 l3_ha: {get_input: neutron_l3_ha}
528 enable_tunneling: {get_input: neutron_enable_tunneling}
529 local_ip: {get_input: controller_host}
530 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
531 bridge_mappings: {get_input: neutron_bridge_mappings}
532 public_interface: {get_input: neutron_public_interface}
533 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
534 public_interface_route: {get_input: neutron_public_interface_default_route}
535 public_interface_tag: {get_input: neutron_public_interface_tag}
536 physical_bridge: br-ex
537 tenant_network_type: {get_input: neutron_tenant_network_type}
538 tunnel_types: {get_input: neutron_tunnel_types}
539 ovs_db: {get_input: neutron_dsn}
540 service-password: {get_input: neutron_password}
541 dnsmasq-options: {get_input: neutron_dnsmasq_options}
543 db: {get_input: ceilometer_dsn}
544 debug: {get_input: debug}
545 metering_secret: {get_input: ceilometer_metering_secret}
546 service-password: {get_input: ceilometer_password}
548 export_MIB: UCD-SNMP-MIB
549 readonly_user_name: {get_input: snmpd_readonly_user_name}
550 readonly_user_password: {get_input: snmpd_readonly_user_password}
552 compute_driver: libvirt.LibvirtDriver
553 db: {get_input: nova_dsn}
554 default_floating_pool:
556 host: {get_input: controller_virtual_ip}
558 service-password: {get_input: nova_password}
560 host: {get_input: controller_virtual_ip}
561 username: {get_input: rabbit_username}
562 password: {get_input: rabbit_password}
563 cookie: {get_input: rabbit_cookie}
564 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
565 rabbit_port: {get_input: rabbit_client_port}
568 - {server: {get_input: ntp_server}}
571 - vrrp_instance_name: VI_CONTROL
572 virtual_router_id: 51
573 keepalive_interface: {get_input: control_virtual_interface}
576 - ip: {get_input: controller_virtual_ip}
577 interface: {get_input: control_virtual_interface}
578 - vrrp_instance_name: VI_PUBLIC
579 virtual_router_id: 52
580 keepalive_interface: {get_input: public_virtual_interface}
583 - ip: {get_input: public_virtual_ip}
584 interface: {get_input: public_virtual_interface}
591 keepalive_interface: {get_input: public_virtual_interface}
595 ip: {get_input: controller_virtual_ip}
596 interface: {get_input: control_virtual_interface}
598 ip: {get_input: public_virtual_ip}
599 interface: {get_input: public_virtual_interface}
602 - ip: {get_input: controller_virtual_ip}
604 - option httpchk GET /
606 - name: keystone_admin
608 net_binds: &public_binds
609 - ip: {get_input: controller_virtual_ip}
610 - ip: {get_input: public_virtual_ip}
611 - name: keystone_public
613 net_binds: *public_binds
616 net_binds: *public_binds
619 net_binds: *public_binds
622 net_binds: *public_binds
625 net_binds: *public_binds
626 - name: glance_registry
628 net_binds: *public_binds
629 options: # overwrite options as glace_reg needs auth for http req
632 net_binds: *public_binds
633 - name: heat_cloudwatch
635 net_binds: *public_binds
638 net_binds: *public_binds
650 net_binds: *public_binds
651 - name: nova_metadata
653 net_binds: *public_binds
654 - name: nova_novncproxy
656 net_binds: *public_binds
659 net_binds: *public_binds
660 options: # overwrite options as ceil needs auth for http req
661 - name: swift_proxy_server
663 net_binds: *public_binds
665 - option httpchk GET /info
673 ControllerDeployment:
674 type: OS::TripleO::SoftwareDeployment
676 signal_transport: NO_SIGNAL
677 config: {get_resource: ControllerConfig}
678 server: {get_resource: Controller}
680 bootstack_nodeid: {get_attr: [Controller, name]}
681 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
682 controller_virtual_ip: {get_param: VirtualIP}
683 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
684 heat.watch_server_url:
688 - {get_param: VirtualIP}
690 heat.metadata_server_url:
694 - {get_param: VirtualIP}
696 heat.waitcondition_server_url:
700 - {get_param: VirtualIP}
701 - ':8000/v1/waitcondition'
702 admin_password: {get_param: AdminPassword}
703 admin_token: {get_param: AdminToken}
704 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
705 debug: {get_param: Debug}
706 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
707 cinder_password: {get_param: CinderPassword}
708 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
712 - - 'mysql://cinder:unset@'
713 - {get_param: VirtualIP}
715 glance_port: {get_param: GlancePort}
716 glance_protocol: {get_param: GlanceProtocol}
717 glance_password: {get_param: GlancePassword}
718 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
719 glance_log_file: {get_param: GlanceLogFile}
723 - - 'mysql://glance:unset@'
724 - {get_param: VirtualIP}
726 heat_password: {get_param: HeatPassword}
727 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
728 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
732 - - 'mysql://heat:unset@'
733 - {get_param: VirtualIP}
735 keystone_ca_certificate: {get_param: KeystoneCACertificate}
736 keystone_signing_key: {get_param: KeystoneSigningKey}
737 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
738 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
739 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
743 - - 'mysql://keystone:unset@'
744 - {get_param: VirtualIP}
746 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
747 mysql_root_password: {get_param: MysqlRootPassword}
750 template: tripleo-CLUSTER
752 CLUSTER: {get_param: MysqlClusterUniquePart}
753 neutron_flat_networks: {get_param: NeutronFlatNetworks}
754 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
755 neutron_agent_mode: {get_param: NeutronAgentMode}
756 neutron_router_distributed: {get_param: NeutronDVR}
757 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
758 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
759 neutron_l3_ha: {get_param: NeutronL3HA}
760 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
761 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
762 neutron_public_interface: {get_param: NeutronPublicInterface}
763 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
764 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
765 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
766 neutron_tenant_network_type: {get_param: NeutronNetworkType}
767 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
768 neutron_password: {get_param: NeutronPassword}
769 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
773 - - 'mysql://neutron:unset@'
774 - {get_param: VirtualIP}
775 - '/ovs_neutron?charset=utf8'
776 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
777 ceilometer_password: {get_param: CeilometerPassword}
781 - - 'mysql://ceilometer:unset@'
782 - {get_param: VirtualIP}
784 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
785 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
786 nova_password: {get_param: NovaPassword}
790 - - 'mysql://nova:unset@'
791 - {get_param: VirtualIP}
793 rabbit_username: {get_param: RabbitUserName}
794 rabbit_password: {get_param: RabbitPassword}
795 rabbit_cookie: {get_param: RabbitCookie}
796 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
797 rabbit_client_port: {get_param: RabbitClientPort}
798 ntp_server: {get_param: NtpServer}
799 control_virtual_interface: {get_param: ControlVirtualInterface}
800 public_virtual_interface: {get_param: PublicVirtualInterface}
801 public_virtual_ip: {get_param: PublicVirtualIP}
804 type: OS::Heat::StructuredConfig
806 group: os-apply-config
809 ca_certificate: {get_input: ssl_ca_certificate}
811 cert: {get_input: ssl_certificate}
812 key: {get_input: ssl_key}
813 cacert: {get_input: ssl_ca_certificate}
818 connect_host: {get_input: controller_host}
822 connect_host: {get_input: controller_host}
826 connect_host: {get_input: controller_host}
830 connect_host: {get_input: controller_host}
834 connect_host: {get_input: controller_host}
835 - name: 'swift-proxy'
838 connect_host: {get_input: controller_host}
842 connect_host: {get_input: controller_host}
846 connect_host: {get_input: controller_host}
848 ControllerSSLDeployment:
849 type: OS::Heat::StructuredDeployment
851 config: {get_resource: SSLConfig}
852 server: {get_resource: Controller}
853 signal_transport: NO_SIGNAL
855 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
856 ssl_certificate: {get_param: SSLCertificate}
857 ssl_key: {get_param: SSLKey}
858 ssl_ca_certificate: {get_param: SSLCACertificate}
860 ControllerPassthroughDeployment:
861 type: OS::Heat::StructuredDeployment
863 config: {get_resource: ControllerPassthroughConfig}
864 server: {get_resource: Controller}
865 signal_transport: NO_SIGNAL
867 passthrough_config: {get_param: ExtraConfig}
869 ControllerPassthroughSpecificDeployment:
870 depends_on: [ControllerPassthroughDeployment]
871 type: OS::Heat::StructuredDeployment
873 config: {get_resource: ControllerPassthroughConfigSpecific}
874 server: {get_resource: Controller}
875 signal_transport: NO_SIGNAL
877 passthrough_config_specific: {get_param: ControllerExtraConfig}
880 type: OS::Heat::StructuredConfig
882 group: os-apply-config
885 hash: { get_input: swift_hash_suffix }
886 part-power: { get_input: swift_part_power }
887 mount-check: { get_input: swift_mount_check }
888 min-part-hours: { get_input: swift_min_part_hours }
889 replicas: {get_input: swift_replicas }
890 service-password: { get_input: swift_password }
893 type: OS::Heat::StructuredDeployment
895 server: {get_resource: Controller}
896 config: {get_resource: SwiftConfig}
897 signal_transport: NO_SIGNAL
899 swift_hash_suffix: {get_param: SwiftHashSuffix}
900 swift_mount_check: {get_param: SwiftMountCheck}
901 swift_password: {get_param: SwiftPassword}
902 swift_min_part_hours: {get_param: SwiftMinPartHours}
903 swift_part_power: {get_param: SwiftPartPower}
904 swift_replicas: { get_param: SwiftReplicas}
908 description: IP address of the server in the ctlplane network
909 value: {get_attr: [Controller, networks, ctlplane, 0]}
911 description: Hostname of the server
912 value: {get_attr: [Controller, name]}
915 Node object in the format {ip: ..., name: ...} format that the corosync
918 ip: {get_attr: [Controller, networks, ctlplane, 0]}
919 name: {get_attr: [Controller, name]}
922 Server's IP address and hostname in the /etc/hosts format
925 template: IP HOST HOST.novalocal CLOUDNAME
927 IP: {get_attr: [Controller, networks, ctlplane, 0]}
928 HOST: {get_attr: [Controller, name]}
929 CLOUDNAME: {get_param: CloudName}
930 nova_server_resource:
931 description: Heat resource handle for the Nova compute server
933 {get_resource: Controller}
935 description: Swift device formatted for swift-ring-builder
938 template: 'r1z1-IP:%PORT%/d1'
940 IP: {get_attr: [Controller, networks, ctlplane, 0]}
941 swift_proxy_memcache:
942 description: Swift proxy-memcache value
947 IP: {get_attr: [Controller, networks, ctlplane, 0]}