1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
31 CinderEnableIscsiBackend:
33 description: Whether to enable or not the Iscsi backend for Cinder
35 CinderEnableRbdBackend:
37 description: Whether to enable or not the Rbd backend for Cinder
41 description: The iSCSI helper to use with cinder.
43 CinderLVMLoopDeviceSize:
45 description: The size of the loopback file used by the cinder LVM driver.
49 description: The password for the cinder service account, used by cinder-api.
54 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
56 ControllerExtraConfig:
59 Controller specific configuration to inject into the cluster. Same
60 structure as ExtraConfig.
62 ControlVirtualInterface:
64 description: Interface where virtual ip will be assigned.
68 description: Set to True to enable debugging on all services.
72 description: Whether to use Galera instead of regular MariaDB.
76 description: If enabled services will be monitored by Pacemaker; it
77 will manage VIPs as well, in place of Keepalived.
81 description: Whether to deploy Ceph Storage (OSD) on the Controller
85 description: Whether to enable Swift Storage on the Controller
90 Additional configuration to inject into the cluster. The JSON should have
91 the following structure:
94 [{"section": "SECTIONNAME",
96 [{"option": "OPTIONNAME",
107 [{"section": "default",
109 [{"option": "compute_manager",
110 "value": "ironic.nova.compute.manager.ClusterComputeManager"
116 [{"option": "driver",
117 "value": "nova.cells.rpc_driver.CellsRPCDriver"
126 description: Flavor for control nodes to request when deploying.
129 - custom_constraint: nova.flavor
130 GlanceNotifierStrategy:
131 description: Strategy to use for Glance notification queue
135 description: The filepath of the file to use for logging messages from Glance.
140 description: The password for the glance service account, used by the glance services.
145 description: Glance port.
149 description: Protocol to use when connecting to glance, set to https for SSL.
153 description: The short name of the Glance backend to use. Should be one
154 of swift, rbd, or file
157 - allowed_values: ['swift', 'file', 'rbd']
160 description: The password for the Heat service account, used by the Heat services.
163 HeatStackDomainAdminPassword:
164 description: Password for heat_domain_admin user.
168 HeatAuthEncryptionKey:
169 description: Auth encryption key for heat-engine
172 description: Secret key for Django
176 default: overcloud-control
178 - custom_constraint: glance.image
180 default: 'REBUILD_PRESERVE_EPHEMERAL'
181 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
185 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
188 - custom_constraint: nova.keypair
189 KeystoneCACertificate:
191 description: Keystone self-signed certificate authority certificate.
193 KeystoneSigningCertificate:
195 description: Keystone certificate for verifying token validity.
199 description: Keystone key for signing tokens.
202 KeystoneSSLCertificate:
204 description: Keystone certificate for verifying token validity.
206 KeystoneSSLCertificateKey:
208 description: Keystone key for signing tokens.
211 MysqlClusterUniquePart:
212 description: A unique identifier of the MySQL cluster the controller is in.
214 default: 'unset' # Has to be here because of the ignored empty value bug
215 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
217 # - length: {min: 4, max: 10}
218 MysqlInnodbBufferPoolSize:
220 Specifies the size of the buffer pool in megabytes. Setting to
221 zero should be interpreted as "no value" and will defer to the
228 default: '' # Has to be here because of the ignored empty value bug
229 NeutronBridgeMappings:
231 The OVS logical->physical bridge mappings to use. See the Neutron
232 documentation for details. Defaults to mapping br-ex - the external
233 bridge on hosts - to a physical name 'datacentre' which can be used
234 to create provider networks (and we use this for the default floating
235 network) - if changing this either use different post-install network
236 scripts or be sure to keep 'datacentre' as a mapping network name.
238 default: "datacentre:br-ex"
239 NeutronDnsmasqOptions:
240 default: 'dhcp-option-force=26,1400'
241 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
245 description: Agent mode for the neutron-l3-agent on the controller hosts
249 description: Whether to configure Neutron Distributed Virtual Routers
251 NeutronMetadataProxySharedSecret:
253 description: Shared secret to prevent spoofing
255 NeutronMechanismDrivers:
256 default: 'openvswitch'
258 The mechanism drivers for the Neutron tenant network. To specify multiple
259 values, use a comma separated string, like so: 'openvswitch,l2_population'
261 NeutronAllowL3AgentFailover:
263 description: Allow automatic l3-agent failover
267 description: Whether to enable l3-agent HA
269 NeutronEnableTunnelling:
274 default: 'datacentre'
275 description: If set, flat networks to configure in neutron plugins.
278 description: The tenant network type for Neutron, either gre or vxlan.
280 NeutronNetworkVLANRanges:
281 default: 'datacentre'
283 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
284 Neutron documentation for permitted values. Defaults to permitting any
285 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
289 description: The password for the neutron service account, used by neutron agents.
292 NeutronPublicInterface:
294 description: What interface to bridge onto br-ex for network nodes.
296 NeutronPublicInterfaceTag:
299 VLAN tag for creating a public VLAN. The tag will be used to
300 create an access port on the exterior bridge for each control plane node,
301 and that port will be given the IP address returned by neutron from the
302 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
303 overcloud.yaml to include the deployment of VLAN ports to the control
306 NeutronPublicInterfaceDefaultRoute:
308 description: A custom default route for the NeutronPublicInterface.
310 NeutronPublicInterfaceIP:
312 description: A custom IP address to put onto the NeutronPublicInterface.
314 NeutronPublicInterfaceRawDevice:
316 description: If set, the public interface is a vlan with this device as the raw device.
321 The tunnel types for the Neutron tenant network. To specify multiple
322 values, use a comma separated string, like so: 'gre,vxlan'
326 description: The password for the nova service account, used by nova-api.
334 description: The password for the 'pcsd' user.
335 PublicVirtualInterface:
338 Specifies the interface where the public-facing virtual ip will be assigned.
339 This should be int_public when a VLAN is being used.
343 default: '' # Has to be here because of the ignored empty value bug
346 default: '' # Has to be here because of the ignored empty value bug
350 description: The password for RabbitMQ
355 description: The username for RabbitMQ
360 Rabbit client subscriber parameter to specify
361 an SSL connection to the RabbitMQ host.
365 description: Set rabbit subscriber port, change this if using SSL
367 SnmpdReadonlyUserName:
368 default: ro_snmp_user
369 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
371 SnmpdReadonlyUserPassword:
373 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
378 description: If set, the contents of an SSL certificate authority file.
382 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
387 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
392 description: A random string to be used as a salt when hashing to determine mappings
398 description: Value of mount_check in Swift account/container/object -server.conf
403 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
406 description: Partition Power to use when building Swift rings
410 description: The password for the swift service account, used by the swift proxy
417 description: How many replicas to use in the swift rings.
420 default: '' # Has to be here because of the ignored empty value bug
426 type: OS::Nova::Server
428 image: {get_param: Image}
429 image_update_policy: {get_param: ImageUpdatePolicy}
430 flavor: {get_param: Flavor}
431 key_name: {get_param: KeyName}
434 user_data_format: SOFTWARE_CONFIG
435 user_data: {get_resource: NodeUserData}
438 type: OS::TripleO::NodeUserData
441 type: OS::TripleO::Controller::Net::SoftwareConfig
444 type: OS::TripleO::SoftwareDeployment
446 signal_transport: NO_SIGNAL
447 config: {get_attr: [NetworkConfig, config_id]}
448 server: {get_resource: Controller}
451 interface_name: {get_param: NeutronPublicInterface}
453 ControllerPassthroughConfig:
454 type: OS::Heat::StructuredConfig
456 group: os-apply-config
457 config: {get_input: passthrough_config}
459 ControllerPassthroughConfigSpecific:
460 type: OS::Heat::StructuredConfig
462 group: os-apply-config
463 config: {get_input: passthrough_config_specific}
466 type: OS::Heat::StructuredConfig
468 group: os-apply-config
470 admin-password: {get_input: admin_password}
471 admin-token: {get_input: admin_token}
473 public_interface_ip: {get_input: neutron_public_interface_ip}
475 nodeid: {get_input: bootstack_nodeid}
477 db: {get_input: cinder_dsn}
478 debug: {get_input: debug}
479 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
480 service-password: {get_input: cinder_password}
481 iscsi-helper: {get_input: CinderISCSIHelper}
482 controller-address: {get_input: controller_host}
484 bindnetaddr: {get_input: controller_host}
487 stonith_enabled : false
489 quorum_policy : ignore
493 host: {get_input: controller_virtual_ip}
495 db: {get_input: glance_dsn}
496 debug: {get_input: debug}
497 host: {get_input: controller_virtual_ip}
498 port: {get_input: glance_port}
499 protocol: {get_input: glance_protocol}
500 service-password: {get_input: glance_password}
501 swift-store-user: service:glance
502 swift-store-key: {get_input: glance_password}
503 notifier-strategy: {get_input: glance_notifier_strategy}
504 log-file: {get_input: glance_log_file}
506 admin_password: {get_input: heat_password}
507 admin_tenant_name: service
509 auth_encryption_key: {get_input: heat_auth_encryption_key}
510 db: {get_input: heat_dsn}
511 debug: {get_input: debug}
512 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
513 watch_server_url: {get_input: heat.watch_server_url}
514 metadata_server_url: {get_input: heat.metadata_server_url}
515 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
517 db: {get_input: keystone_dsn}
518 debug: {get_input: debug}
519 host: {get_input: controller_virtual_ip}
520 ca_certificate: {get_input: keystone_ca_certificate}
521 signing_key: {get_input: keystone_signing_key}
522 signing_certificate: {get_input: keystone_signing_certificate}
524 certificate: {get_input: keystone_ssl_certificate}
525 certificate_key: {get_input: keystone_ssl_certificate_key}
527 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
529 root-password: {get_input: mysql_root_password}
530 cluster_name: {get_input: mysql_cluster_name}
532 debug: {get_input: debug}
533 flat-networks: {get_input: neutron_flat_networks}
534 host: {get_input: controller_virtual_ip}
535 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
536 agent_mode: {get_input: neutron_agent_mode}
537 router_distributed: {get_input: neutron_router_distributed}
538 mechanism_drivers: {get_input: neutron_mechanism_drivers}
539 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
540 l3_ha: {get_input: neutron_l3_ha}
542 enable_tunneling: {get_input: neutron_enable_tunneling}
543 local_ip: {get_input: controller_host}
544 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
545 bridge_mappings: {get_input: neutron_bridge_mappings}
546 public_interface: {get_input: neutron_public_interface}
547 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
548 public_interface_route: {get_input: neutron_public_interface_default_route}
549 public_interface_tag: {get_input: neutron_public_interface_tag}
550 physical_bridge: br-ex
551 tenant_network_type: {get_input: neutron_tenant_network_type}
552 tunnel_types: {get_input: neutron_tunnel_types}
553 ovs_db: {get_input: neutron_dsn}
554 service-password: {get_input: neutron_password}
555 dnsmasq-options: {get_input: neutron_dnsmasq_options}
557 db: {get_input: ceilometer_dsn}
558 debug: {get_input: debug}
559 metering_secret: {get_input: ceilometer_metering_secret}
560 service-password: {get_input: ceilometer_password}
562 export_MIB: UCD-SNMP-MIB
563 readonly_user_name: {get_input: snmpd_readonly_user_name}
564 readonly_user_password: {get_input: snmpd_readonly_user_password}
566 compute_driver: libvirt.LibvirtDriver
567 db: {get_input: nova_dsn}
568 default_floating_pool:
570 host: {get_input: controller_virtual_ip}
572 service-password: {get_input: nova_password}
574 host: {get_input: controller_virtual_ip}
575 username: {get_input: rabbit_username}
576 password: {get_input: rabbit_password}
577 cookie: {get_input: rabbit_cookie}
578 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
579 rabbit_port: {get_input: rabbit_client_port}
582 - {server: {get_input: ntp_server}}
585 - vrrp_instance_name: VI_CONTROL
586 virtual_router_id: 51
587 keepalive_interface: {get_input: control_virtual_interface}
590 - ip: {get_input: controller_virtual_ip}
591 interface: {get_input: control_virtual_interface}
592 - vrrp_instance_name: VI_PUBLIC
593 virtual_router_id: 52
594 keepalive_interface: {get_input: public_virtual_interface}
597 - ip: {get_input: public_virtual_ip}
598 interface: {get_input: public_virtual_interface}
605 keepalive_interface: {get_input: public_virtual_interface}
609 ip: {get_input: controller_virtual_ip}
610 interface: {get_input: control_virtual_interface}
612 ip: {get_input: public_virtual_ip}
613 interface: {get_input: public_virtual_interface}
616 - ip: {get_input: controller_virtual_ip}
618 - option httpchk GET /
620 - name: keystone_admin
622 net_binds: &public_binds
623 - ip: {get_input: controller_virtual_ip}
624 - ip: {get_input: public_virtual_ip}
625 - name: keystone_public
627 net_binds: *public_binds
630 net_binds: *public_binds
633 net_binds: *public_binds
636 net_binds: *public_binds
639 net_binds: *public_binds
640 - name: glance_registry
642 net_binds: *public_binds
643 options: # overwrite options as glace_reg needs auth for http req
646 net_binds: *public_binds
647 - name: heat_cloudwatch
649 net_binds: *public_binds
652 net_binds: *public_binds
664 net_binds: *public_binds
665 - name: nova_metadata
667 net_binds: *public_binds
668 - name: nova_novncproxy
670 net_binds: *public_binds
673 net_binds: *public_binds
674 options: # overwrite options as ceil needs auth for http req
675 - name: swift_proxy_server
677 net_binds: *public_binds
679 - option httpchk GET /info
687 ControllerDeployment:
688 type: OS::TripleO::SoftwareDeployment
690 signal_transport: NO_SIGNAL
691 config: {get_resource: ControllerConfig}
692 server: {get_resource: Controller}
694 bootstack_nodeid: {get_attr: [Controller, name]}
695 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
696 controller_virtual_ip: {get_param: VirtualIP}
697 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
698 heat.watch_server_url:
702 - {get_param: VirtualIP}
704 heat.metadata_server_url:
708 - {get_param: VirtualIP}
710 heat.waitcondition_server_url:
714 - {get_param: VirtualIP}
715 - ':8000/v1/waitcondition'
716 admin_password: {get_param: AdminPassword}
717 admin_token: {get_param: AdminToken}
718 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
719 debug: {get_param: Debug}
720 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
721 cinder_password: {get_param: CinderPassword}
722 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
726 - - 'mysql://cinder:unset@'
727 - {get_param: VirtualIP}
729 glance_port: {get_param: GlancePort}
730 glance_protocol: {get_param: GlanceProtocol}
731 glance_password: {get_param: GlancePassword}
732 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
733 glance_log_file: {get_param: GlanceLogFile}
737 - - 'mysql://glance:unset@'
738 - {get_param: VirtualIP}
740 heat_password: {get_param: HeatPassword}
741 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
742 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
746 - - 'mysql://heat:unset@'
747 - {get_param: VirtualIP}
749 keystone_ca_certificate: {get_param: KeystoneCACertificate}
750 keystone_signing_key: {get_param: KeystoneSigningKey}
751 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
752 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
753 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
757 - - 'mysql://keystone:unset@'
758 - {get_param: VirtualIP}
760 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
761 mysql_root_password: {get_param: MysqlRootPassword}
764 template: tripleo-CLUSTER
766 CLUSTER: {get_param: MysqlClusterUniquePart}
767 neutron_flat_networks: {get_param: NeutronFlatNetworks}
768 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
769 neutron_agent_mode: {get_param: NeutronAgentMode}
770 neutron_router_distributed: {get_param: NeutronDVR}
771 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
772 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
773 neutron_l3_ha: {get_param: NeutronL3HA}
774 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
775 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
776 neutron_public_interface: {get_param: NeutronPublicInterface}
777 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
778 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
779 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
780 neutron_tenant_network_type: {get_param: NeutronNetworkType}
781 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
782 neutron_password: {get_param: NeutronPassword}
783 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
787 - - 'mysql://neutron:unset@'
788 - {get_param: VirtualIP}
789 - '/ovs_neutron?charset=utf8'
790 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
791 ceilometer_password: {get_param: CeilometerPassword}
795 - - 'mysql://ceilometer:unset@'
796 - {get_param: VirtualIP}
798 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
799 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
800 nova_password: {get_param: NovaPassword}
804 - - 'mysql://nova:unset@'
805 - {get_param: VirtualIP}
807 rabbit_username: {get_param: RabbitUserName}
808 rabbit_password: {get_param: RabbitPassword}
809 rabbit_cookie: {get_param: RabbitCookie}
810 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
811 rabbit_client_port: {get_param: RabbitClientPort}
812 ntp_server: {get_param: NtpServer}
813 control_virtual_interface: {get_param: ControlVirtualInterface}
814 public_virtual_interface: {get_param: PublicVirtualInterface}
815 public_virtual_ip: {get_param: PublicVirtualIP}
818 type: OS::Heat::StructuredConfig
820 group: os-apply-config
823 ca_certificate: {get_input: ssl_ca_certificate}
825 cert: {get_input: ssl_certificate}
826 key: {get_input: ssl_key}
827 cacert: {get_input: ssl_ca_certificate}
832 connect_host: {get_input: controller_host}
836 connect_host: {get_input: controller_host}
840 connect_host: {get_input: controller_host}
844 connect_host: {get_input: controller_host}
848 connect_host: {get_input: controller_host}
849 - name: 'swift-proxy'
852 connect_host: {get_input: controller_host}
856 connect_host: {get_input: controller_host}
860 connect_host: {get_input: controller_host}
862 ControllerSSLDeployment:
863 type: OS::Heat::StructuredDeployment
865 config: {get_resource: SSLConfig}
866 server: {get_resource: Controller}
867 signal_transport: NO_SIGNAL
869 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
870 ssl_certificate: {get_param: SSLCertificate}
871 ssl_key: {get_param: SSLKey}
872 ssl_ca_certificate: {get_param: SSLCACertificate}
874 ControllerPassthroughDeployment:
875 type: OS::Heat::StructuredDeployment
877 config: {get_resource: ControllerPassthroughConfig}
878 server: {get_resource: Controller}
879 signal_transport: NO_SIGNAL
881 passthrough_config: {get_param: ExtraConfig}
883 ControllerPassthroughSpecificDeployment:
884 depends_on: [ControllerPassthroughDeployment]
885 type: OS::Heat::StructuredDeployment
887 config: {get_resource: ControllerPassthroughConfigSpecific}
888 server: {get_resource: Controller}
889 signal_transport: NO_SIGNAL
891 passthrough_config_specific: {get_param: ControllerExtraConfig}
894 type: OS::Heat::StructuredConfig
896 group: os-apply-config
899 hash: { get_input: swift_hash_suffix }
900 part-power: { get_input: swift_part_power }
901 mount-check: { get_input: swift_mount_check }
902 min-part-hours: { get_input: swift_min_part_hours }
903 replicas: {get_input: swift_replicas }
904 service-password: { get_input: swift_password }
907 type: OS::Heat::StructuredDeployment
909 server: {get_resource: Controller}
910 config: {get_resource: SwiftConfig}
911 signal_transport: NO_SIGNAL
913 swift_hash_suffix: {get_param: SwiftHashSuffix}
914 swift_mount_check: {get_param: SwiftMountCheck}
915 swift_password: {get_param: SwiftPassword}
916 swift_min_part_hours: {get_param: SwiftMinPartHours}
917 swift_part_power: {get_param: SwiftPartPower}
918 swift_replicas: { get_param: SwiftReplicas}
922 description: IP address of the server in the ctlplane network
923 value: {get_attr: [Controller, networks, ctlplane, 0]}
925 description: Hostname of the server
926 value: {get_attr: [Controller, name]}
929 Node object in the format {ip: ..., name: ...} format that the corosync
932 ip: {get_attr: [Controller, networks, ctlplane, 0]}
933 name: {get_attr: [Controller, name]}
936 Server's IP address and hostname in the /etc/hosts format
939 template: IP HOST CLOUDNAME
941 IP: {get_attr: [Controller, networks, ctlplane, 0]}
942 HOST: {get_attr: [Controller, name]}
943 CLOUDNAME: {get_param: CloudName}
944 nova_server_resource:
945 description: Heat resource handle for the Nova compute server
947 {get_resource: Controller}
949 description: Swift device formatted for swift-ring-builder
952 template: 'r1z1-IP:%PORT%/d1'
954 IP: {get_attr: [Controller, networks, ctlplane, 0]}
955 swift_proxy_memcache:
956 description: Swift proxy-memcache value
961 IP: {get_attr: [Controller, networks, ctlplane, 0]}