1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
101 - custom_constraint: nova.flavor
102 GlanceNotifierStrategy:
103 description: Strategy to use for Glance notification queue
107 description: The filepath of the file to use for logging messages from Glance.
112 description: The password for the glance service account, used by the glance services.
117 description: Glance port.
121 description: Protocol to use when connecting to glance, set to https for SSL.
125 description: The password for the Heat service account, used by the Heat services.
128 HeatStackDomainAdminPassword:
129 description: Password for heat_domain_admin user.
135 default: overcloud-control
137 - custom_constraint: glance.image
139 default: 'REBUILD_PRESERVE_EPHEMERAL'
140 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
144 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
147 - custom_constraint: nova.keypair
148 KeystoneCACertificate:
150 description: Keystone self-signed certificate authority certificate.
152 KeystoneSigningCertificate:
154 description: Keystone certificate for verifying token validity.
158 description: Keystone key for signing tokens.
161 MysqlClusterUniquePart:
162 description: A unique identifier of the MySQL cluster the controller is in.
164 default: 'unset' # Has to be here because of the ignored empty value bug
166 - length: {min: 4, max: 10}
167 MysqlInnodbBufferPoolSize:
169 Specifies the size of the buffer pool in megabytes. Setting to
170 zero should be interpreted as "no value" and will defer to the
177 default: '' # Has to be here because of the ignored empty value bug
178 NeutronBridgeMappings:
180 The OVS logical->physical bridge mappings to use. See the Neutron
181 documentation for details. Defaults to mapping br-ex - the external
182 bridge on hosts - to a physical name 'datacentre' which can be used
183 to create provider networks (and we use this for the default floating
184 network) - if changing this either use different post-install network
185 scripts or be sure to keep 'datacentre' as a mapping network name.
188 NeutronDnsmasqOptions:
189 default: 'dhcp-option-force=26,1400'
190 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
192 NeutronEnableTunnelling:
198 description: If set, flat networks to configure in neutron plugins.
201 description: The tenant network type for Neutron, either gre or vxlan.
203 NeutronNetworkVLANRanges:
204 default: 'datacentre'
206 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
207 Neutron documentation for permitted values. Defaults to permitting any
208 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
212 description: The password for the neutron service account, used by neutron agents.
215 NeutronPublicInterface:
217 description: What interface to bridge onto br-ex for network nodes.
219 NeutronPublicInterfaceTag:
222 VLAN tag for creating a public VLAN. The tag will be used to
223 create an access port on the exterior bridge for each control plane node,
224 and that port will be given the IP address returned by neutron from the
225 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
226 overcloud.yaml to include the deployment of VLAN ports to the control
229 NeutronPublicInterfaceDefaultRoute:
231 description: A custom default route for the NeutronPublicInterface.
233 NeutronPublicInterfaceIP:
235 description: A custom IP address to put onto the NeutronPublicInterface.
237 NeutronPublicInterfaceRawDevice:
239 description: If set, the public interface is a vlan with this device as the raw device.
244 The tunnel types for the Neutron tenant network. To specify multiple
245 values, use a comma separated string, like so: 'gre,vxlan'
249 description: The password for the nova service account, used by nova-api.
255 PublicVirtualInterface:
258 Specifies the interface where the public-facing virtual ip will be assigned.
259 This should be int_public when a VLAN is being used.
263 default: '' # Has to be here because of the ignored empty value bug
266 default: '' # Has to be here because of the ignored empty value bug
270 description: The password for RabbitMQ
275 description: The username for RabbitMQ
277 SnmpdReadonlyUserName:
278 default: ro_snmp_user
279 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
281 SnmpdReadonlyUserPassword:
283 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
288 description: If set, the contents of an SSL certificate authority file.
292 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
297 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
302 default: '' # Has to be here because of the ignored empty value bug
308 type: OS::Nova::Server
310 image: {get_param: Image}
311 image_update_policy: {get_param: ImageUpdatePolicy}
312 flavor: {get_param: Flavor}
313 key_name: {get_param: KeyName}
316 user_data_format: SOFTWARE_CONFIG
319 type: OS::Heat::StructuredConfig
321 group: os-apply-config
323 admin-password: {get_param: AdminPassword}
324 admin-token: {get_param: AdminToken}
326 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
328 nodeid: {get_input: bootstack_nodeid}
331 {get_param: VirtualIP}
336 - - mysql://cinder:unset@
339 debug: {get_param: Debug}
340 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
341 service-password: {get_param: CinderPassword}
342 iscsi-helper: {get_param: CinderISCSIHelper}
343 controller-address: {get_input: controller_host}
345 bindnetaddr: {get_input: controller_host}
348 stonith_enabled : false
350 quorum_policy : ignore
354 host: {get_input: controller_virtual_ip}
359 - - mysql://glance:unset@
362 debug: {get_param: Debug}
363 host: {get_input: controller_virtual_ip}
364 port: {get_param: GlancePort}
365 protocol: {get_param: GlanceProtocol}
366 service-password: {get_param: GlancePassword}
367 swift-store-user: service:glance
368 swift-store-key: {get_param: GlancePassword}
369 notifier-strategy: {get_param: GlanceNotifierStrategy}
370 log-file: {get_param: GlanceLogFile}
372 admin_password: {get_param: HeatPassword}
373 admin_tenant_name: service
375 auth_encryption_key: unset___________
379 - - mysql://heat:unset@
382 debug: {get_param: Debug}
383 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
384 watch_server_url: {get_input: heat.watch_server_url}
385 metadata_server_url: {get_input: heat.metadata_server_url}
386 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
391 - - mysql://keystone:unset@
394 debug: {get_param: Debug}
395 host: {get_input: controller_virtual_ip}
396 ca_certificate: {get_param: KeystoneCACertificate}
397 signing_key: {get_param: KeystoneSigningKey}
398 signing_certificate: {get_param: KeystoneSigningCertificate}
400 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
402 root-password: {get_param: MysqlRootPassword}
405 template: tripleo-CLUSTER
407 CLUSTER: {get_param: MysqlClusterUniquePart}
409 debug: {get_param: Debug}
410 flat-networks: {get_param: NeutronFlatNetworks}
411 host: {get_input: controller_virtual_ip}
412 metadata_proxy_shared_secret: unset
414 enable_tunneling: {get_input: neutron_enable_tunneling}
415 local_ip: {get_input: controller_host}
416 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
417 bridge_mappings: {get_param: NeutronBridgeMappings}
418 public_interface: {get_param: NeutronPublicInterface}
419 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
420 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
421 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
422 physical_bridge: br-ex
423 tenant_network_type: {get_param: NeutronNetworkType}
424 tunnel_types: {get_param: NeutronTunnelTypes}
428 - - mysql://neutron:unset@
430 - /ovs_neutron?charset=utf8
431 service-password: {get_param: NeutronPassword}
432 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
437 - - mysql://ceilometer:unset@
440 debug: {get_param: Debug}
441 metering_secret: {get_param: CeilometerMeteringSecret}
442 service-password: {get_param: CeilometerPassword}
444 export_MIB: UCD-SNMP-MIB
445 readonly_user_name: {get_param: SnmpdReadonlyUserName}
446 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
448 compute_driver: libvirt.LibvirtDriver
452 - - mysql://nova:unset@
455 default_floating_pool:
457 host: {get_input: controller_virtual_ip}
459 service-password: {get_param: NovaPassword}
461 host: {get_input: controller_virtual_ip}
462 username: {get_param: RabbitUserName}
463 password: {get_param: RabbitPassword}
464 cookie: {get_param: RabbitCookie}
467 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
470 - vrrp_instance_name: VI_CONTROL
471 virtual_router_id: 51
472 keepalive_interface: {get_param: ControlVirtualInterface}
475 - ip: {get_param: VirtualIP}
476 interface: {get_param: ControlVirtualInterface}
477 - vrrp_instance_name: VI_PUBLIC
478 virtual_router_id: 52
479 keepalive_interface: {get_param: PublicVirtualInterface}
482 - ip: {get_param: PublicVirtualIP}
483 interface: {get_param: PublicVirtualInterface}
490 keepalive_interface: {get_param: PublicVirtualInterface}
494 ip: {get_param: VirtualIP}
495 interface: {get_param: ControlVirtualInterface}
497 ip: {get_param: PublicVirtualIP}
498 interface: {get_param: PublicVirtualInterface}
501 - ip: {get_param: VirtualIP}
503 - name: keystone_admin
505 net_binds: &public_binds
506 - ip: {get_param: VirtualIP}
507 - ip: {get_param: PublicVirtualIP}
508 - name: keystone_public
510 net_binds: *public_binds
513 net_binds: *public_binds
516 net_binds: *public_binds
519 net_binds: *public_binds
522 net_binds: *public_binds
523 - name: glance_registry
525 net_binds: *public_binds
528 net_binds: *public_binds
529 - name: heat_cloudwatch
531 net_binds: *public_binds
534 net_binds: *public_binds
546 net_binds: *public_binds
547 - name: nova_metadata
549 net_binds: *public_binds
552 net_binds: *public_binds
553 - name: swift_proxy_server
555 net_binds: *public_binds
562 ControllerPassthroughConfig:
563 type: OS::Heat::StructuredConfig
565 group: os-apply-config
566 config: {get_input: passthrough_config}
568 ControllerPassthroughConfigSpecific:
569 type: OS::Heat::StructuredConfig
571 group: os-apply-config
572 config: {get_input: passthrough_config_specific}
574 ControllerDeployment:
575 type: OS::Heat::StructuredDeployment
577 signal_transport: NO_SIGNAL
578 config: {get_resource: ControllerConfig}
579 server: {get_resource: Controller}
581 bootstack_nodeid: {get_attr: [Controller, name]}
582 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
583 controller_virtual_ip: {get_param: VirtualIP}
584 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
585 heat.watch_server_url:
589 - {get_param: VirtualIP}
591 heat.metadata_server_url:
595 - {get_param: VirtualIP}
597 heat.waitcondition_server_url:
601 - {get_param: VirtualIP}
602 - ':8000/v1/waitcondition'
605 type: OS::Heat::StructuredConfig
607 group: os-apply-config
610 ca_certificate: {get_input: ssl_ca_certificate}
612 cert: {get_input: ssl_certificate}
613 key: {get_input: ssl_key}
614 cacert: {get_input: ssl_ca_certificate}
619 connect_host: {get_input: controller_host}
623 connect_host: {get_input: controller_host}
627 connect_host: {get_input: controller_host}
631 connect_host: {get_input: controller_host}
635 connect_host: {get_input: controller_host}
636 - name: 'swift-proxy'
639 connect_host: {get_input: controller_host}
643 connect_host: {get_input: controller_host}
647 connect_host: {get_input: controller_host}
649 ControllerSSLDeployment:
650 type: OS::Heat::StructuredDeployment
652 config: {get_resource: SSLConfig}
653 server: {get_resource: Controller}
654 signal_transport: NO_SIGNAL
656 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
657 ssl_certificate: {get_param: SSLCertificate}
658 ssl_key: {get_param: SSLKey}
659 ssl_ca_certificate: {get_param: SSLCACertificate}
661 ControllerPassthroughDeployment:
662 type: OS::Heat::StructuredDeployment
664 config: {get_resource: ControllerPassthroughConfig}
665 server: {get_resource: Controller}
666 signal_transport: NO_SIGNAL
668 passthrough_config: {get_param: ExtraConfig}
670 ControllerPassthroughSpecificDeployment:
671 depends_on: [ControllerPassthroughDeployment]
672 type: OS::Heat::StructuredDeployment
674 config: {get_resource: ControllerPassthroughConfigSpecific}
675 server: {get_resource: Controller}
676 signal_transport: NO_SIGNAL
678 passthrough_config_specific: {get_param: ControllerExtraConfig}
683 description: IP address of the server in the ctlplane network
684 value: {get_attr: [Controller, networks, ctlplane, 0]}
686 description: Hostname of the server
687 value: {get_attr: [Controller, name]}
690 Node object in the format {ip: ..., name: ...} format that the corosync
693 ip: {get_attr: [Controller, networks, ctlplane, 0]}
694 name: {get_attr: [Controller, name]}
697 Server's IP address and hostname in the /etc/hosts format
700 template: IP HOST HOST.novalocal CLOUDNAME
702 IP: {get_attr: [Controller, networks, ctlplane, 0]}
703 HOST: {get_attr: [Controller, name]}
704 CLOUDNAME: {get_param: CloudName}
705 nova_server_resource:
706 description: Heat resource handle for the Nova compute server
708 {get_resource: Controller}
710 description: Swift device formatted for swift-ring-builder
713 template: 'r1z1-IP:%PORT%/d1'
715 IP: {get_attr: [Controller, networks, ctlplane, 0]}
716 swift_proxy_memcache:
717 description: Swift proxy-memcache value
722 IP: {get_attr: [Controller, networks, ctlplane, 0]}
Code Review / apex-tripleo-heat-templates.git / blob