1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
100 GlanceNotifierStrategy:
101 description: Strategy to use for Glance notification queue
105 description: The filepath of the file to use for logging messages from Glance.
110 description: The password for the glance service account, used by the glance services.
115 description: Glance port.
119 description: Protocol to use when connecting to glance, set to https for SSL.
123 description: The password for the Heat service account, used by the Heat services.
126 HeatStackDomainAdminPassword:
127 description: Password for heat_domain_admin user.
133 default: overcloud-control
135 default: 'REBUILD_PRESERVE_EPHEMERAL'
136 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
140 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
142 KeystoneCACertificate:
144 description: Keystone self-signed certificate authority certificate.
146 KeystoneSigningCertificate:
148 description: Keystone certificate for verifying token validity.
152 description: Keystone key for signing tokens.
155 MysqlClusterUniquePart:
156 description: A unique identifier of the MySQL cluster the controller is in.
158 default: 'unset' # Has to be here because of the ignored empty value bug
160 - length: {min: 4, max: 10}
161 MysqlInnodbBufferPoolSize:
163 Specifies the size of the buffer pool in megabytes. Setting to
164 zero should be interpreted as "no value" and will defer to the
171 default: '' # Has to be here because of the ignored empty value bug
172 NeutronBridgeMappings:
174 The OVS logical->physical bridge mappings to use. See the Neutron
175 documentation for details. Defaults to mapping br-ex - the external
176 bridge on hosts - to a physical name 'datacentre' which can be used
177 to create provider networks (and we use this for the default floating
178 network) - if changing this either use different post-install network
179 scripts or be sure to keep 'datacentre' as a mapping network name.
182 NeutronDnsmasqOptions:
183 default: 'dhcp-option-force=26,1400'
184 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
186 NeutronEnableTunnelling:
192 description: If set, flat networks to configure in neutron plugins.
195 description: The tenant network type for Neutron, either gre or vxlan.
197 NeutronNetworkVLANRanges:
198 default: 'datacentre'
200 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
201 Neutron documentation for permitted values. Defaults to permitting any
202 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
206 description: The password for the neutron service account, used by neutron agents.
209 NeutronPublicInterface:
211 description: What interface to bridge onto br-ex for network nodes.
213 NeutronPublicInterfaceTag:
216 VLAN tag for creating a public VLAN. The tag will be used to
217 create an access port on the exterior bridge for each control plane node,
218 and that port will be given the IP address returned by neutron from the
219 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
220 overcloud.yaml to include the deployment of VLAN ports to the control
223 NeutronPublicInterfaceDefaultRoute:
225 description: A custom default route for the NeutronPublicInterface.
227 NeutronPublicInterfaceIP:
229 description: A custom IP address to put onto the NeutronPublicInterface.
231 NeutronPublicInterfaceRawDevice:
233 description: If set, the public interface is a vlan with this device as the raw device.
238 The tunnel types for the Neutron tenant network. To specify multiple
239 values, use a comma separated string, like so: 'gre,vxlan'
243 description: The password for the nova service account, used by nova-api.
249 PublicVirtualInterface:
252 Specifies the interface where the public-facing virtual ip will be assigned.
253 This should be int_public when a VLAN is being used.
257 default: '' # Has to be here because of the ignored empty value bug
260 default: '' # Has to be here because of the ignored empty value bug
264 description: The password for RabbitMQ
269 description: The username for RabbitMQ
271 SnmpdReadonlyUserName:
272 default: ro_snmp_user
273 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
275 SnmpdReadonlyUserPassword:
277 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
282 description: If set, the contents of an SSL certificate authority file.
286 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
291 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
296 default: '' # Has to be here because of the ignored empty value bug
302 type: OS::Nova::Server
304 image: {get_param: Image}
305 image_update_policy: {get_param: ImageUpdatePolicy}
306 flavor: {get_param: Flavor}
307 key_name: {get_param: KeyName}
310 user_data_format: SOFTWARE_CONFIG
313 type: OS::Heat::StructuredConfig
315 group: os-apply-config
317 admin-password: {get_param: AdminPassword}
318 admin-token: {get_param: AdminToken}
320 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
322 nodeid: {get_input: bootstack_nodeid}
325 {get_param: VirtualIP}
330 - - mysql://cinder:unset@
333 debug: {get_param: Debug}
334 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
335 service-password: {get_param: CinderPassword}
336 iscsi-helper: {get_param: CinderISCSIHelper}
337 controller-address: {get_input: controller_host}
339 bindnetaddr: {get_input: controller_host}
342 stonith_enabled : false
344 quorum_policy : ignore
348 host: {get_input: controller_virtual_ip}
353 - - mysql://glance:unset@
356 debug: {get_param: Debug}
357 host: {get_input: controller_virtual_ip}
358 port: {get_param: GlancePort}
359 protocol: {get_param: GlanceProtocol}
360 service-password: {get_param: GlancePassword}
361 swift-store-user: service:glance
362 swift-store-key: {get_param: GlancePassword}
363 notifier-strategy: {get_param: GlanceNotifierStrategy}
364 log-file: {get_param: GlanceLogFile}
366 admin_password: {get_param: HeatPassword}
367 admin_tenant_name: service
369 auth_encryption_key: unset___________
373 - - mysql://heat:unset@
376 debug: {get_param: Debug}
377 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
378 watch_server_url: {get_input: heat.watch_server_url}
379 metadata_server_url: {get_input: heat.metadata_server_url}
380 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
385 - - mysql://keystone:unset@
388 debug: {get_param: Debug}
389 host: {get_input: controller_virtual_ip}
390 ca_certificate: {get_param: KeystoneCACertificate}
391 signing_key: {get_param: KeystoneSigningKey}
392 signing_certificate: {get_param: KeystoneSigningCertificate}
394 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
396 root-password: {get_param: MysqlRootPassword}
399 template: tripleo-CLUSTER
401 CLUSTER: {get_param: MysqlClusterUniquePart}
403 debug: {get_param: Debug}
404 flat-networks: {get_param: NeutronFlatNetworks}
405 host: {get_input: controller_virtual_ip}
406 metadata_proxy_shared_secret: unset
408 enable_tunneling: {get_input: neutron_enable_tunneling}
409 local_ip: {get_input: controller_host}
410 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
411 bridge_mappings: {get_param: NeutronBridgeMappings}
412 public_interface: {get_param: NeutronPublicInterface}
413 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
414 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
415 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
416 physical_bridge: br-ex
417 tenant_network_type: {get_param: NeutronNetworkType}
418 tunnel_types: {get_param: NeutronTunnelTypes}
422 - - mysql://neutron:unset@
424 - /ovs_neutron?charset=utf8
425 service-password: {get_param: NeutronPassword}
426 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
431 - - mysql://ceilometer:unset@
434 debug: {get_param: Debug}
435 metering_secret: {get_param: CeilometerMeteringSecret}
436 service-password: {get_param: CeilometerPassword}
438 export_MIB: UCD-SNMP-MIB
439 readonly_user_name: {get_param: SnmpdReadonlyUserName}
440 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
442 compute_driver: libvirt.LibvirtDriver
446 - - mysql://nova:unset@
449 default_floating_pool:
451 host: {get_input: controller_virtual_ip}
453 service-password: {get_param: NovaPassword}
455 host: {get_input: controller_virtual_ip}
456 username: {get_param: RabbitUserName}
457 password: {get_param: RabbitPassword}
458 cookie: {get_param: RabbitCookie}
461 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
464 - vrrp_instance_name: VI_CONTROL
465 virtual_router_id: 51
466 keepalive_interface: {get_param: ControlVirtualInterface}
469 - ip: {get_param: VirtualIP}
470 interface: {get_param: ControlVirtualInterface}
471 - vrrp_instance_name: VI_PUBLIC
472 virtual_router_id: 52
473 keepalive_interface: {get_param: PublicVirtualInterface}
476 - ip: {get_param: PublicVirtualIP}
477 interface: {get_param: PublicVirtualInterface}
484 keepalive_interface: {get_param: PublicVirtualInterface}
488 ip: {get_param: VirtualIP}
489 interface: {get_param: ControlVirtualInterface}
491 ip: {get_param: PublicVirtualIP}
492 interface: {get_param: PublicVirtualInterface}
495 - ip: {get_param: VirtualIP}
497 - name: keystone_admin
499 net_binds: &public_binds
500 - ip: {get_param: VirtualIP}
501 - ip: {get_param: PublicVirtualIP}
502 - name: keystone_public
504 net_binds: *public_binds
507 net_binds: *public_binds
510 net_binds: *public_binds
513 net_binds: *public_binds
516 net_binds: *public_binds
517 - name: glance_registry
519 net_binds: *public_binds
522 net_binds: *public_binds
523 - name: heat_cloudwatch
525 net_binds: *public_binds
528 net_binds: *public_binds
540 net_binds: *public_binds
541 - name: nova_metadata
543 net_binds: *public_binds
546 net_binds: *public_binds
547 - name: swift_proxy_server
549 net_binds: *public_binds
556 ControllerPassthroughConfig:
557 type: OS::Heat::StructuredConfig
559 group: os-apply-config
560 config: {get_input: passthrough_config}
562 ControllerPassthroughConfigSpecific:
563 type: OS::Heat::StructuredConfig
565 group: os-apply-config
566 config: {get_input: passthrough_config_specific}
568 ControllerDeployment:
569 type: OS::Heat::StructuredDeployment
571 signal_transport: NO_SIGNAL
572 config: {get_resource: ControllerConfig}
573 server: {get_resource: Controller}
575 bootstack_nodeid: {get_attr: [Controller, name]}
576 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
577 controller_virtual_ip: {get_param: VirtualIP}
578 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
579 heat.watch_server_url:
583 - {get_param: VirtualIP}
585 heat.metadata_server_url:
589 - {get_param: VirtualIP}
591 heat.waitcondition_server_url:
595 - {get_param: VirtualIP}
596 - ':8000/v1/waitcondition'
599 type: OS::Heat::StructuredConfig
601 group: os-apply-config
604 ca_certificate: {get_input: ssl_ca_certificate}
606 cert: {get_input: ssl_certificate}
607 key: {get_input: ssl_key}
608 cacert: {get_input: ssl_ca_certificate}
613 connect_host: {get_input: controller_host}
617 connect_host: {get_input: controller_host}
621 connect_host: {get_input: controller_host}
625 connect_host: {get_input: controller_host}
629 connect_host: {get_input: controller_host}
630 - name: 'swift-proxy'
633 connect_host: {get_input: controller_host}
637 connect_host: {get_input: controller_host}
641 connect_host: {get_input: controller_host}
643 ControllerSSLDeployment:
644 type: OS::Heat::StructuredDeployment
646 config: {get_resource: SSLConfig}
647 server: {get_resource: Controller}
648 signal_transport: NO_SIGNAL
650 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
651 ssl_certificate: {get_param: SSLCertificate}
652 ssl_key: {get_param: SSLKey}
653 ssl_ca_certificate: {get_param: SSLCACertificate}
655 ControllerPassthroughDeployment:
656 type: OS::Heat::StructuredDeployment
658 config: {get_resource: ControllerPassthroughConfig}
659 server: {get_resource: Controller}
660 signal_transport: NO_SIGNAL
662 passthrough_config: {get_param: ExtraConfig}
664 ControllerPassthroughSpecificDeployment:
665 depends_on: [ControllerPassthroughDeployment]
666 type: OS::Heat::StructuredDeployment
668 config: {get_resource: ControllerPassthroughConfigSpecific}
669 server: {get_resource: Controller}
670 signal_transport: NO_SIGNAL
672 passthrough_config_specific: {get_param: ControllerExtraConfig}
677 description: IP address of the server in the ctlplane network
678 value: {get_attr: [Controller, networks, ctlplane, 0]}
680 description: Hostname of the server
681 value: {get_attr: [Controller, name]}
684 Node object in the format {ip: ..., name: ...} format that the corosync
687 ip: {get_attr: [Controller, networks, ctlplane, 0]}
688 name: {get_attr: [Controller, name]}
691 Server's IP address and hostname in the /etc/hosts format
694 template: IP HOST HOST.novalocal CLOUDNAME
696 IP: {get_attr: [Controller, networks, ctlplane, 0]}
697 HOST: {get_attr: [Controller, name]}
698 CLOUDNAME: {get_param: CloudName}
699 nova_server_resource:
700 description: Heat resource handle for the Nova compute server
702 {get_resource: Controller}
704 description: Swift device formatted for swift-ring-builder
707 template: 'r1z1-IP:%PORT%/d1'
709 IP: {get_attr: [Controller, networks, ctlplane, 0]}
710 swift_proxy_memcache:
711 description: Swift proxy-memcache value
716 IP: {get_attr: [Controller, networks, ctlplane, 0]}