1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
101 - custom_constraint: nova.flavor
102 GlanceNotifierStrategy:
103 description: Strategy to use for Glance notification queue
107 description: The filepath of the file to use for logging messages from Glance.
112 description: The password for the glance service account, used by the glance services.
117 description: Glance port.
121 description: Protocol to use when connecting to glance, set to https for SSL.
125 description: The password for the Heat service account, used by the Heat services.
128 HeatStackDomainAdminPassword:
129 description: Password for heat_domain_admin user.
135 default: overcloud-control
137 - custom_constraint: glance.image
139 default: 'REBUILD_PRESERVE_EPHEMERAL'
140 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
144 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
147 - custom_constraint: nova.keypair
148 KeystoneCACertificate:
150 description: Keystone self-signed certificate authority certificate.
152 KeystoneSigningCertificate:
154 description: Keystone certificate for verifying token validity.
158 description: Keystone key for signing tokens.
161 MysqlClusterUniquePart:
162 description: A unique identifier of the MySQL cluster the controller is in.
164 default: 'unset' # Has to be here because of the ignored empty value bug
166 - length: {min: 4, max: 10}
167 MysqlInnodbBufferPoolSize:
169 Specifies the size of the buffer pool in megabytes. Setting to
170 zero should be interpreted as "no value" and will defer to the
177 default: '' # Has to be here because of the ignored empty value bug
178 NeutronBridgeMappings:
180 The OVS logical->physical bridge mappings to use. See the Neutron
181 documentation for details. Defaults to mapping br-ex - the external
182 bridge on hosts - to a physical name 'datacentre' which can be used
183 to create provider networks (and we use this for the default floating
184 network) - if changing this either use different post-install network
185 scripts or be sure to keep 'datacentre' as a mapping network name.
188 NeutronDnsmasqOptions:
189 default: 'dhcp-option-force=26,1400'
190 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
192 NeutronEnableTunnelling:
198 description: If set, flat networks to configure in neutron plugins.
201 description: The tenant network type for Neutron, either gre or vxlan.
203 NeutronNetworkVLANRanges:
204 default: 'datacentre'
206 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
207 Neutron documentation for permitted values. Defaults to permitting any
208 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
212 description: The password for the neutron service account, used by neutron agents.
215 NeutronPublicInterface:
217 description: What interface to bridge onto br-ex for network nodes.
219 NeutronPublicInterfaceTag:
222 VLAN tag for creating a public VLAN. The tag will be used to
223 create an access port on the exterior bridge for each control plane node,
224 and that port will be given the IP address returned by neutron from the
225 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
226 overcloud.yaml to include the deployment of VLAN ports to the control
229 NeutronPublicInterfaceDefaultRoute:
231 description: A custom default route for the NeutronPublicInterface.
233 NeutronPublicInterfaceIP:
235 description: A custom IP address to put onto the NeutronPublicInterface.
237 NeutronPublicInterfaceRawDevice:
239 description: If set, the public interface is a vlan with this device as the raw device.
244 The tunnel types for the Neutron tenant network. To specify multiple
245 values, use a comma separated string, like so: 'gre,vxlan'
249 description: The password for the nova service account, used by nova-api.
255 PublicVirtualInterface:
258 Specifies the interface where the public-facing virtual ip will be assigned.
259 This should be int_public when a VLAN is being used.
263 default: '' # Has to be here because of the ignored empty value bug
266 default: '' # Has to be here because of the ignored empty value bug
270 description: The password for RabbitMQ
275 description: The username for RabbitMQ
277 SnmpdReadonlyUserName:
278 default: ro_snmp_user
279 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
281 SnmpdReadonlyUserPassword:
283 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
288 description: If set, the contents of an SSL certificate authority file.
292 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
297 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
302 description: A random string to be used as a salt when hashing to determine mappings
308 description: Partition Power to use when building Swift rings
312 description: The password for the swift service account, used by the swift proxy
319 description: How many replicas to use in the swift rings.
322 default: '' # Has to be here because of the ignored empty value bug
328 type: OS::Nova::Server
330 image: {get_param: Image}
331 image_update_policy: {get_param: ImageUpdatePolicy}
332 flavor: {get_param: Flavor}
333 key_name: {get_param: KeyName}
336 user_data_format: SOFTWARE_CONFIG
339 type: OS::Heat::StructuredConfig
341 group: os-apply-config
343 admin-password: {get_param: AdminPassword}
344 admin-token: {get_param: AdminToken}
346 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
348 nodeid: {get_input: bootstack_nodeid}
351 {get_param: VirtualIP}
356 - - mysql://cinder:unset@
359 debug: {get_param: Debug}
360 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
361 service-password: {get_param: CinderPassword}
362 iscsi-helper: {get_param: CinderISCSIHelper}
363 controller-address: {get_input: controller_host}
365 bindnetaddr: {get_input: controller_host}
368 stonith_enabled : false
370 quorum_policy : ignore
374 host: {get_input: controller_virtual_ip}
379 - - mysql://glance:unset@
382 debug: {get_param: Debug}
383 host: {get_input: controller_virtual_ip}
384 port: {get_param: GlancePort}
385 protocol: {get_param: GlanceProtocol}
386 service-password: {get_param: GlancePassword}
387 swift-store-user: service:glance
388 swift-store-key: {get_param: GlancePassword}
389 notifier-strategy: {get_param: GlanceNotifierStrategy}
390 log-file: {get_param: GlanceLogFile}
392 admin_password: {get_param: HeatPassword}
393 admin_tenant_name: service
395 auth_encryption_key: unset___________
399 - - mysql://heat:unset@
402 debug: {get_param: Debug}
403 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
404 watch_server_url: {get_input: heat.watch_server_url}
405 metadata_server_url: {get_input: heat.metadata_server_url}
406 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
411 - - mysql://keystone:unset@
414 debug: {get_param: Debug}
415 host: {get_input: controller_virtual_ip}
416 ca_certificate: {get_param: KeystoneCACertificate}
417 signing_key: {get_param: KeystoneSigningKey}
418 signing_certificate: {get_param: KeystoneSigningCertificate}
420 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
422 root-password: {get_param: MysqlRootPassword}
425 template: tripleo-CLUSTER
427 CLUSTER: {get_param: MysqlClusterUniquePart}
429 debug: {get_param: Debug}
430 flat-networks: {get_param: NeutronFlatNetworks}
431 host: {get_input: controller_virtual_ip}
432 metadata_proxy_shared_secret: unset
434 enable_tunneling: {get_input: neutron_enable_tunneling}
435 local_ip: {get_input: controller_host}
436 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
437 bridge_mappings: {get_param: NeutronBridgeMappings}
438 public_interface: {get_param: NeutronPublicInterface}
439 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
440 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
441 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
442 physical_bridge: br-ex
443 tenant_network_type: {get_param: NeutronNetworkType}
444 tunnel_types: {get_param: NeutronTunnelTypes}
448 - - mysql://neutron:unset@
450 - /ovs_neutron?charset=utf8
451 service-password: {get_param: NeutronPassword}
452 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
457 - - mysql://ceilometer:unset@
460 debug: {get_param: Debug}
461 metering_secret: {get_param: CeilometerMeteringSecret}
462 service-password: {get_param: CeilometerPassword}
464 export_MIB: UCD-SNMP-MIB
465 readonly_user_name: {get_param: SnmpdReadonlyUserName}
466 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
468 compute_driver: libvirt.LibvirtDriver
472 - - mysql://nova:unset@
475 default_floating_pool:
477 host: {get_input: controller_virtual_ip}
479 service-password: {get_param: NovaPassword}
481 host: {get_input: controller_virtual_ip}
482 username: {get_param: RabbitUserName}
483 password: {get_param: RabbitPassword}
484 cookie: {get_param: RabbitCookie}
487 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
490 - vrrp_instance_name: VI_CONTROL
491 virtual_router_id: 51
492 keepalive_interface: {get_param: ControlVirtualInterface}
495 - ip: {get_param: VirtualIP}
496 interface: {get_param: ControlVirtualInterface}
497 - vrrp_instance_name: VI_PUBLIC
498 virtual_router_id: 52
499 keepalive_interface: {get_param: PublicVirtualInterface}
502 - ip: {get_param: PublicVirtualIP}
503 interface: {get_param: PublicVirtualInterface}
510 keepalive_interface: {get_param: PublicVirtualInterface}
514 ip: {get_param: VirtualIP}
515 interface: {get_param: ControlVirtualInterface}
517 ip: {get_param: PublicVirtualIP}
518 interface: {get_param: PublicVirtualInterface}
521 - ip: {get_param: VirtualIP}
523 - name: keystone_admin
525 net_binds: &public_binds
526 - ip: {get_param: VirtualIP}
527 - ip: {get_param: PublicVirtualIP}
528 - name: keystone_public
530 net_binds: *public_binds
533 net_binds: *public_binds
536 net_binds: *public_binds
539 net_binds: *public_binds
542 net_binds: *public_binds
543 - name: glance_registry
545 net_binds: *public_binds
548 net_binds: *public_binds
549 - name: heat_cloudwatch
551 net_binds: *public_binds
554 net_binds: *public_binds
566 net_binds: *public_binds
567 - name: nova_metadata
569 net_binds: *public_binds
572 net_binds: *public_binds
573 - name: swift_proxy_server
575 net_binds: *public_binds
582 ControllerPassthroughConfig:
583 type: OS::Heat::StructuredConfig
585 group: os-apply-config
586 config: {get_input: passthrough_config}
588 ControllerPassthroughConfigSpecific:
589 type: OS::Heat::StructuredConfig
591 group: os-apply-config
592 config: {get_input: passthrough_config_specific}
594 ControllerDeployment:
595 type: OS::Heat::StructuredDeployment
597 signal_transport: NO_SIGNAL
598 config: {get_resource: ControllerConfig}
599 server: {get_resource: Controller}
601 bootstack_nodeid: {get_attr: [Controller, name]}
602 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
603 controller_virtual_ip: {get_param: VirtualIP}
604 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
605 heat.watch_server_url:
609 - {get_param: VirtualIP}
611 heat.metadata_server_url:
615 - {get_param: VirtualIP}
617 heat.waitcondition_server_url:
621 - {get_param: VirtualIP}
622 - ':8000/v1/waitcondition'
625 type: OS::Heat::StructuredConfig
627 group: os-apply-config
630 ca_certificate: {get_input: ssl_ca_certificate}
632 cert: {get_input: ssl_certificate}
633 key: {get_input: ssl_key}
634 cacert: {get_input: ssl_ca_certificate}
639 connect_host: {get_input: controller_host}
643 connect_host: {get_input: controller_host}
647 connect_host: {get_input: controller_host}
651 connect_host: {get_input: controller_host}
655 connect_host: {get_input: controller_host}
656 - name: 'swift-proxy'
659 connect_host: {get_input: controller_host}
663 connect_host: {get_input: controller_host}
667 connect_host: {get_input: controller_host}
669 ControllerSSLDeployment:
670 type: OS::Heat::StructuredDeployment
672 config: {get_resource: SSLConfig}
673 server: {get_resource: Controller}
674 signal_transport: NO_SIGNAL
676 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
677 ssl_certificate: {get_param: SSLCertificate}
678 ssl_key: {get_param: SSLKey}
679 ssl_ca_certificate: {get_param: SSLCACertificate}
681 ControllerPassthroughDeployment:
682 type: OS::Heat::StructuredDeployment
684 config: {get_resource: ControllerPassthroughConfig}
685 server: {get_resource: Controller}
686 signal_transport: NO_SIGNAL
688 passthrough_config: {get_param: ExtraConfig}
690 ControllerPassthroughSpecificDeployment:
691 depends_on: [ControllerPassthroughDeployment]
692 type: OS::Heat::StructuredDeployment
694 config: {get_resource: ControllerPassthroughConfigSpecific}
695 server: {get_resource: Controller}
696 signal_transport: NO_SIGNAL
698 passthrough_config_specific: {get_param: ControllerExtraConfig}
701 type: OS::Heat::StructuredConfig
703 group: os-apply-config
706 hash: { get_input: swift_hash_suffix }
707 part-power: { get_input: swift_part_power }
708 replicas: {get_input: swift_replicas }
709 service-password: { get_input: swift_password }
712 type: OS::Heat::StructuredDeployment
714 server: {get_resource: Controller}
715 config: {get_resource: SwiftConfig}
716 signal_transport: NO_SIGNAL
718 swift_hash_suffix: {get_param: SwiftHashSuffix}
719 swift_password: {get_param: SwiftPassword}
720 swift_part_power: {get_param: SwiftPartPower}
721 swift_replicas: { get_param: SwiftReplicas}
725 description: IP address of the server in the ctlplane network
726 value: {get_attr: [Controller, networks, ctlplane, 0]}
728 description: Hostname of the server
729 value: {get_attr: [Controller, name]}
732 Node object in the format {ip: ..., name: ...} format that the corosync
735 ip: {get_attr: [Controller, networks, ctlplane, 0]}
736 name: {get_attr: [Controller, name]}
739 Server's IP address and hostname in the /etc/hosts format
742 template: IP HOST HOST.novalocal CLOUDNAME
744 IP: {get_attr: [Controller, networks, ctlplane, 0]}
745 HOST: {get_attr: [Controller, name]}
746 CLOUDNAME: {get_param: CloudName}
747 nova_server_resource:
748 description: Heat resource handle for the Nova compute server
750 {get_resource: Controller}
752 description: Swift device formatted for swift-ring-builder
755 template: 'r1z1-IP:%PORT%/d1'
757 IP: {get_attr: [Controller, networks, ctlplane, 0]}
758 swift_proxy_memcache:
759 description: Swift proxy-memcache value
764 IP: {get_attr: [Controller, networks, ctlplane, 0]}