1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
174 - length: {min: 4, max: 10}
175 MysqlInnodbBufferPoolSize:
177 Specifies the size of the buffer pool in megabytes. Setting to
178 zero should be interpreted as "no value" and will defer to the
185 default: '' # Has to be here because of the ignored empty value bug
186 NeutronBridgeMappings:
188 The OVS logical->physical bridge mappings to use. See the Neutron
189 documentation for details. Defaults to mapping br-ex - the external
190 bridge on hosts - to a physical name 'datacentre' which can be used
191 to create provider networks (and we use this for the default floating
192 network) - if changing this either use different post-install network
193 scripts or be sure to keep 'datacentre' as a mapping network name.
196 NeutronDnsmasqOptions:
197 default: 'dhcp-option-force=26,1400'
198 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
202 description: Agent mode for the neutron-l3-agent on the controller hosts
206 description: Whether to configure Neutron Distributed Virtual Routers
208 NeutronMetadataProxySharedSecret:
210 description: Shared secret to prevent spoofing
212 NeutronMechanismDrivers:
213 default: 'openvswitch'
215 The mechanism drivers for the Neutron tenant network. To specify multiple
216 values, use a comma separated string, like so: 'openvswitch,l2_population'
218 NeutronAllowL3AgentFailover:
220 description: Allow automatic l3-agent failover
222 NeutronEnableTunnelling:
228 description: If set, flat networks to configure in neutron plugins.
231 description: The tenant network type for Neutron, either gre or vxlan.
233 NeutronNetworkVLANRanges:
234 default: 'datacentre'
236 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
237 Neutron documentation for permitted values. Defaults to permitting any
238 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
242 description: The password for the neutron service account, used by neutron agents.
245 NeutronPublicInterface:
247 description: What interface to bridge onto br-ex for network nodes.
249 NeutronPublicInterfaceTag:
252 VLAN tag for creating a public VLAN. The tag will be used to
253 create an access port on the exterior bridge for each control plane node,
254 and that port will be given the IP address returned by neutron from the
255 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
256 overcloud.yaml to include the deployment of VLAN ports to the control
259 NeutronPublicInterfaceDefaultRoute:
261 description: A custom default route for the NeutronPublicInterface.
263 NeutronPublicInterfaceIP:
265 description: A custom IP address to put onto the NeutronPublicInterface.
267 NeutronPublicInterfaceRawDevice:
269 description: If set, the public interface is a vlan with this device as the raw device.
274 The tunnel types for the Neutron tenant network. To specify multiple
275 values, use a comma separated string, like so: 'gre,vxlan'
279 description: The password for the nova service account, used by nova-api.
285 PublicVirtualInterface:
288 Specifies the interface where the public-facing virtual ip will be assigned.
289 This should be int_public when a VLAN is being used.
293 default: '' # Has to be here because of the ignored empty value bug
296 default: '' # Has to be here because of the ignored empty value bug
300 description: The password for RabbitMQ
305 description: The username for RabbitMQ
310 Rabbit client subscriber parameter to specify
311 an SSL connection to the RabbitMQ host.
315 description: Set rabbit subscriber port, change this if using SSL
317 SnmpdReadonlyUserName:
318 default: ro_snmp_user
319 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
321 SnmpdReadonlyUserPassword:
323 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
328 description: If set, the contents of an SSL certificate authority file.
332 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
337 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
342 description: A random string to be used as a salt when hashing to determine mappings
348 description: Partition Power to use when building Swift rings
352 description: The password for the swift service account, used by the swift proxy
359 description: How many replicas to use in the swift rings.
362 default: '' # Has to be here because of the ignored empty value bug
368 type: OS::Nova::Server
370 image: {get_param: Image}
371 image_update_policy: {get_param: ImageUpdatePolicy}
372 flavor: {get_param: Flavor}
373 key_name: {get_param: KeyName}
376 user_data_format: SOFTWARE_CONFIG
379 type: OS::TripleO::Net::SoftwareConfig
382 type: OS::TripleO::SoftwareDeployment
384 signal_transport: NO_SIGNAL
385 config: {get_attr: [NetworkConfig, config_id]}
386 server: {get_resource: Controller}
389 interface_name: {get_param: NeutronPublicInterface}
392 type: OS::TripleO::Controller::SoftwareConfig
394 # allow configs to create sub-resources attached to the controller
395 controller_id: {get_resource: Controller}
397 ControllerPassthroughConfig:
398 type: OS::Heat::StructuredConfig
400 group: os-apply-config
401 config: {get_input: passthrough_config}
403 ControllerPassthroughConfigSpecific:
404 type: OS::Heat::StructuredConfig
406 group: os-apply-config
407 config: {get_input: passthrough_config_specific}
409 ControllerDeployment:
410 type: OS::TripleO::SoftwareDeployment
412 signal_transport: NO_SIGNAL
413 config: {get_attr: [ControllerConfig, config_id]}
414 server: {get_resource: Controller}
416 bootstack_nodeid: {get_attr: [Controller, name]}
417 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
418 controller_virtual_ip: {get_param: VirtualIP}
419 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
420 heat.watch_server_url:
424 - {get_param: VirtualIP}
426 heat.metadata_server_url:
430 - {get_param: VirtualIP}
432 heat.waitcondition_server_url:
436 - {get_param: VirtualIP}
437 - ':8000/v1/waitcondition'
438 admin_password: {get_param: AdminPassword}
439 admin_token: {get_param: AdminToken}
440 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
441 debug: {get_param: Debug}
442 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
443 cinder_password: {get_param: CinderPassword}
444 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
448 - - 'mysql://cinder:unset@'
449 - {get_param: VirtualIP}
451 glance_port: {get_param: GlancePort}
452 glance_protocol: {get_param: GlanceProtocol}
453 glance_password: {get_param: GlancePassword}
454 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
455 glance_log_file: {get_param: GlanceLogFile}
459 - - 'mysql://glance:unset@'
460 - {get_param: VirtualIP}
462 heat_password: {get_param: HeatPassword}
463 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
467 - - 'mysql://heat:unset@'
468 - {get_param: VirtualIP}
470 keystone_ca_certificate: {get_param: KeystoneCACertificate}
471 keystone_signing_key: {get_param: KeystoneSigningKey}
472 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
473 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
474 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
478 - - 'mysql://keystone:unset@'
479 - {get_param: VirtualIP}
481 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
482 mysql_root_password: {get_param: MysqlRootPassword}
485 template: tripleo-CLUSTER
487 CLUSTER: {get_param: MysqlClusterUniquePart}
488 neutron_flat_networks: {get_param: NeutronFlatNetworks}
489 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
490 neutron_agent_mode: {get_param: NeutronAgentMode}
491 neutron_router_distributed: {get_param: NeutronDVR}
492 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
493 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
494 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
495 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
496 neutron_public_interface: {get_param: NeutronPublicInterface}
497 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
498 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
499 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
500 neutron_tenant_network_type: {get_param: NeutronNetworkType}
501 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
502 neutron_password: {get_param: NeutronPassword}
503 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
507 - - 'mysql://neutron:unset@'
508 - {get_param: VirtualIP}
509 - '/ovs_neutron?charset=utf8'
510 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
511 ceilometer_password: {get_param: CeilometerPassword}
515 - - 'mysql://ceilometer:unset@'
516 - {get_param: VirtualIP}
518 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
519 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
520 nova_password: {get_param: NovaPassword}
524 - - 'mysql://nova:unset@'
525 - {get_param: VirtualIP}
527 rabbit_username: {get_param: RabbitUserName}
528 rabbit_password: {get_param: RabbitPassword}
529 rabbit_cookie: {get_param: RabbitCookie}
530 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
531 rabbit_client_port: {get_param: RabbitClientPort}
532 ntp_server: {get_param: NtpServer}
533 control_virtual_interface: {get_param: ControlVirtualInterface}
534 public_virtual_interface: {get_param: PublicVirtualInterface}
535 public_virtual_ip: {get_param: PublicVirtualIP}
538 type: OS::Heat::StructuredConfig
540 group: os-apply-config
543 ca_certificate: {get_input: ssl_ca_certificate}
545 cert: {get_input: ssl_certificate}
546 key: {get_input: ssl_key}
547 cacert: {get_input: ssl_ca_certificate}
552 connect_host: {get_input: controller_host}
556 connect_host: {get_input: controller_host}
560 connect_host: {get_input: controller_host}
564 connect_host: {get_input: controller_host}
568 connect_host: {get_input: controller_host}
569 - name: 'swift-proxy'
572 connect_host: {get_input: controller_host}
576 connect_host: {get_input: controller_host}
580 connect_host: {get_input: controller_host}
582 ControllerSSLDeployment:
583 type: OS::Heat::StructuredDeployment
585 config: {get_resource: SSLConfig}
586 server: {get_resource: Controller}
587 signal_transport: NO_SIGNAL
589 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
590 ssl_certificate: {get_param: SSLCertificate}
591 ssl_key: {get_param: SSLKey}
592 ssl_ca_certificate: {get_param: SSLCACertificate}
594 ControllerPassthroughDeployment:
595 type: OS::Heat::StructuredDeployment
597 config: {get_resource: ControllerPassthroughConfig}
598 server: {get_resource: Controller}
599 signal_transport: NO_SIGNAL
601 passthrough_config: {get_param: ExtraConfig}
603 ControllerPassthroughSpecificDeployment:
604 depends_on: [ControllerPassthroughDeployment]
605 type: OS::Heat::StructuredDeployment
607 config: {get_resource: ControllerPassthroughConfigSpecific}
608 server: {get_resource: Controller}
609 signal_transport: NO_SIGNAL
611 passthrough_config_specific: {get_param: ControllerExtraConfig}
614 type: OS::Heat::StructuredConfig
616 group: os-apply-config
619 hash: { get_input: swift_hash_suffix }
620 part-power: { get_input: swift_part_power }
621 replicas: {get_input: swift_replicas }
622 service-password: { get_input: swift_password }
625 type: OS::Heat::StructuredDeployment
627 server: {get_resource: Controller}
628 config: {get_resource: SwiftConfig}
629 signal_transport: NO_SIGNAL
631 swift_hash_suffix: {get_param: SwiftHashSuffix}
632 swift_password: {get_param: SwiftPassword}
633 swift_part_power: {get_param: SwiftPartPower}
634 swift_replicas: { get_param: SwiftReplicas}
638 description: IP address of the server in the ctlplane network
639 value: {get_attr: [Controller, networks, ctlplane, 0]}
641 description: Hostname of the server
642 value: {get_attr: [Controller, name]}
645 Node object in the format {ip: ..., name: ...} format that the corosync
648 ip: {get_attr: [Controller, networks, ctlplane, 0]}
649 name: {get_attr: [Controller, name]}
652 Server's IP address and hostname in the /etc/hosts format
655 template: IP HOST HOST.novalocal CLOUDNAME
657 IP: {get_attr: [Controller, networks, ctlplane, 0]}
658 HOST: {get_attr: [Controller, name]}
659 CLOUDNAME: {get_param: CloudName}
660 nova_server_resource:
661 description: Heat resource handle for the Nova compute server
663 {get_resource: Controller}
665 description: Swift device formatted for swift-ring-builder
668 template: 'r1z1-IP:%PORT%/d1'
670 IP: {get_attr: [Controller, networks, ctlplane, 0]}
671 swift_proxy_memcache:
672 description: Swift proxy-memcache value
677 IP: {get_attr: [Controller, networks, ctlplane, 0]}