1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
31 CinderEnableIscsiBackend:
33 description: Whether to enable or not the Iscsi backend for Cinder
35 CinderEnableRbdBackend:
37 description: Whether to enable or not the Rbd backend for Cinder
41 description: The iSCSI helper to use with cinder.
43 CinderLVMLoopDeviceSize:
45 description: The size of the loopback file used by the cinder LVM driver.
49 description: The password for the cinder service account, used by cinder-api.
54 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
56 ControllerExtraConfig:
59 Controller specific configuration to inject into the cluster. Same
60 structure as ExtraConfig.
62 ControlVirtualInterface:
64 description: Interface where virtual ip will be assigned.
68 description: Set to True to enable debugging on all services.
72 description: Whether to use Galera instead of regular MariaDB.
76 description: If enabled services will be monitored by Pacemaker; it
77 will manage VIPs as well, in place of Keepalived.
81 description: Whether to deploy Ceph Storage (OSD) on the Controller
85 description: Whether to enable Swift Storage on the Controller
90 Additional configuration to inject into the cluster. The JSON should have
91 the following structure:
94 [{"section": "SECTIONNAME",
96 [{"option": "OPTIONNAME",
107 [{"section": "default",
109 [{"option": "compute_manager",
110 "value": "ironic.nova.compute.manager.ClusterComputeManager"
116 [{"option": "driver",
117 "value": "nova.cells.rpc_driver.CellsRPCDriver"
126 description: Flavor for control nodes to request when deploying.
129 - custom_constraint: nova.flavor
130 GlanceNotifierStrategy:
131 description: Strategy to use for Glance notification queue
135 description: The filepath of the file to use for logging messages from Glance.
140 description: The password for the glance service account, used by the glance services.
145 description: Glance port.
149 description: Protocol to use when connecting to glance, set to https for SSL.
153 description: The short name of the Glance backend to use. Should be one
154 of swift, rbd, or file
157 - allowed_values: ['swift', 'file', 'rbd']
160 description: The password for the Heat service account, used by the Heat services.
163 HeatStackDomainAdminPassword:
164 description: Password for heat_domain_admin user.
168 HeatAuthEncryptionKey:
169 description: Auth encryption key for heat-engine
172 description: Secret key for Django
176 default: overcloud-control
178 - custom_constraint: glance.image
180 default: 'REBUILD_PRESERVE_EPHEMERAL'
181 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
185 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
188 - custom_constraint: nova.keypair
189 KeystoneCACertificate:
191 description: Keystone self-signed certificate authority certificate.
193 KeystoneSigningCertificate:
195 description: Keystone certificate for verifying token validity.
199 description: Keystone key for signing tokens.
202 KeystoneSSLCertificate:
204 description: Keystone certificate for verifying token validity.
206 KeystoneSSLCertificateKey:
208 description: Keystone key for signing tokens.
211 MysqlClustercheckPassword:
214 default: '' # Has to be here because of the ignored empty value bug
215 MysqlClusterUniquePart:
216 description: A unique identifier of the MySQL cluster the controller is in.
218 default: 'unset' # Has to be here because of the ignored empty value bug
219 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
221 # - length: {min: 4, max: 10}
222 MysqlInnodbBufferPoolSize:
224 Specifies the size of the buffer pool in megabytes. Setting to
225 zero should be interpreted as "no value" and will defer to the
232 default: '' # Has to be here because of the ignored empty value bug
233 NeutronBridgeMappings:
235 The OVS logical->physical bridge mappings to use. See the Neutron
236 documentation for details. Defaults to mapping br-ex - the external
237 bridge on hosts - to a physical name 'datacentre' which can be used
238 to create provider networks (and we use this for the default floating
239 network) - if changing this either use different post-install network
240 scripts or be sure to keep 'datacentre' as a mapping network name.
242 default: "datacentre:br-ex"
243 NeutronDnsmasqOptions:
244 default: 'dhcp-option-force=26,1400'
245 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
249 description: Agent mode for the neutron-l3-agent on the controller hosts
253 description: Whether to configure Neutron Distributed Virtual Routers
255 NeutronMetadataProxySharedSecret:
257 description: Shared secret to prevent spoofing
259 NeutronMechanismDrivers:
260 default: 'openvswitch'
262 The mechanism drivers for the Neutron tenant network. To specify multiple
263 values, use a comma separated string, like so: 'openvswitch,l2_population'
265 NeutronAllowL3AgentFailover:
267 description: Allow automatic l3-agent failover
271 description: Whether to enable l3-agent HA
273 NeutronEnableTunnelling:
278 default: 'datacentre'
279 description: If set, flat networks to configure in neutron plugins.
282 description: The tenant network type for Neutron, either gre or vxlan.
284 NeutronNetworkVLANRanges:
285 default: 'datacentre'
287 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
288 Neutron documentation for permitted values. Defaults to permitting any
289 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
293 description: The password for the neutron service account, used by neutron agents.
296 NeutronPublicInterface:
298 description: What interface to bridge onto br-ex for network nodes.
300 NeutronPublicInterfaceTag:
303 VLAN tag for creating a public VLAN. The tag will be used to
304 create an access port on the exterior bridge for each control plane node,
305 and that port will be given the IP address returned by neutron from the
306 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
307 overcloud.yaml to include the deployment of VLAN ports to the control
310 NeutronPublicInterfaceDefaultRoute:
312 description: A custom default route for the NeutronPublicInterface.
314 NeutronPublicInterfaceIP:
316 description: A custom IP address to put onto the NeutronPublicInterface.
318 NeutronPublicInterfaceRawDevice:
320 description: If set, the public interface is a vlan with this device as the raw device.
325 The tunnel types for the Neutron tenant network. To specify multiple
326 values, use a comma separated string, like so: 'gre,vxlan'
330 description: The password for the nova service account, used by nova-api.
338 description: The password for the 'pcsd' user.
339 PublicVirtualInterface:
342 Specifies the interface where the public-facing virtual ip will be assigned.
343 This should be int_public when a VLAN is being used.
347 default: '' # Has to be here because of the ignored empty value bug
350 default: '' # Has to be here because of the ignored empty value bug
354 description: The password for RabbitMQ
359 description: The username for RabbitMQ
364 Rabbit client subscriber parameter to specify
365 an SSL connection to the RabbitMQ host.
369 description: Set rabbit subscriber port, change this if using SSL
371 SnmpdReadonlyUserName:
372 default: ro_snmp_user
373 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
375 SnmpdReadonlyUserPassword:
377 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
382 description: If set, the contents of an SSL certificate authority file.
386 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
391 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
396 description: A random string to be used as a salt when hashing to determine mappings
402 description: Value of mount_check in Swift account/container/object -server.conf
407 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
410 description: Partition Power to use when building Swift rings
414 description: The password for the swift service account, used by the swift proxy
421 description: How many replicas to use in the swift rings.
424 default: '' # Has to be here because of the ignored empty value bug
430 type: OS::Nova::Server
432 image: {get_param: Image}
433 image_update_policy: {get_param: ImageUpdatePolicy}
434 flavor: {get_param: Flavor}
435 key_name: {get_param: KeyName}
438 user_data_format: SOFTWARE_CONFIG
439 user_data: {get_resource: NodeUserData}
442 type: OS::TripleO::NodeUserData
445 type: OS::TripleO::Controller::Net::SoftwareConfig
448 type: OS::TripleO::SoftwareDeployment
450 signal_transport: NO_SIGNAL
451 config: {get_attr: [NetworkConfig, config_id]}
452 server: {get_resource: Controller}
455 interface_name: {get_param: NeutronPublicInterface}
457 ControllerPassthroughConfig:
458 type: OS::Heat::StructuredConfig
460 group: os-apply-config
461 config: {get_input: passthrough_config}
463 ControllerPassthroughConfigSpecific:
464 type: OS::Heat::StructuredConfig
466 group: os-apply-config
467 config: {get_input: passthrough_config_specific}
470 type: OS::Heat::StructuredConfig
472 group: os-apply-config
474 admin-password: {get_input: admin_password}
475 admin-token: {get_input: admin_token}
477 public_interface_ip: {get_input: neutron_public_interface_ip}
479 nodeid: {get_input: bootstack_nodeid}
481 db: {get_input: cinder_dsn}
482 debug: {get_input: debug}
483 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
484 service-password: {get_input: cinder_password}
485 iscsi-helper: {get_input: CinderISCSIHelper}
486 controller-address: {get_input: controller_host}
488 bindnetaddr: {get_input: controller_host}
491 stonith_enabled : false
493 quorum_policy : ignore
497 host: {get_input: controller_virtual_ip}
499 db: {get_input: glance_dsn}
500 debug: {get_input: debug}
501 host: {get_input: controller_virtual_ip}
502 port: {get_input: glance_port}
503 protocol: {get_input: glance_protocol}
504 service-password: {get_input: glance_password}
505 swift-store-user: service:glance
506 swift-store-key: {get_input: glance_password}
507 notifier-strategy: {get_input: glance_notifier_strategy}
508 log-file: {get_input: glance_log_file}
510 admin_password: {get_input: heat_password}
511 admin_tenant_name: service
513 auth_encryption_key: {get_input: heat_auth_encryption_key}
514 db: {get_input: heat_dsn}
515 debug: {get_input: debug}
516 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
517 watch_server_url: {get_input: heat.watch_server_url}
518 metadata_server_url: {get_input: heat.metadata_server_url}
519 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
521 db: {get_input: keystone_dsn}
522 debug: {get_input: debug}
523 host: {get_input: controller_virtual_ip}
524 ca_certificate: {get_input: keystone_ca_certificate}
525 signing_key: {get_input: keystone_signing_key}
526 signing_certificate: {get_input: keystone_signing_certificate}
528 certificate: {get_input: keystone_ssl_certificate}
529 certificate_key: {get_input: keystone_ssl_certificate_key}
531 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
533 root-password: {get_input: mysql_root_password}
534 cluster_name: {get_input: mysql_cluster_name}
536 debug: {get_input: debug}
537 flat-networks: {get_input: neutron_flat_networks}
538 host: {get_input: controller_virtual_ip}
539 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
540 agent_mode: {get_input: neutron_agent_mode}
541 router_distributed: {get_input: neutron_router_distributed}
542 mechanism_drivers: {get_input: neutron_mechanism_drivers}
543 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
544 l3_ha: {get_input: neutron_l3_ha}
546 enable_tunneling: {get_input: neutron_enable_tunneling}
547 local_ip: {get_input: controller_host}
548 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
549 bridge_mappings: {get_input: neutron_bridge_mappings}
550 public_interface: {get_input: neutron_public_interface}
551 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
552 public_interface_route: {get_input: neutron_public_interface_default_route}
553 public_interface_tag: {get_input: neutron_public_interface_tag}
554 physical_bridge: br-ex
555 tenant_network_type: {get_input: neutron_tenant_network_type}
556 tunnel_types: {get_input: neutron_tunnel_types}
557 ovs_db: {get_input: neutron_dsn}
558 service-password: {get_input: neutron_password}
559 dnsmasq-options: {get_input: neutron_dnsmasq_options}
561 db: {get_input: ceilometer_dsn}
562 debug: {get_input: debug}
563 metering_secret: {get_input: ceilometer_metering_secret}
564 service-password: {get_input: ceilometer_password}
566 export_MIB: UCD-SNMP-MIB
567 readonly_user_name: {get_input: snmpd_readonly_user_name}
568 readonly_user_password: {get_input: snmpd_readonly_user_password}
570 compute_driver: libvirt.LibvirtDriver
571 db: {get_input: nova_dsn}
572 default_floating_pool:
574 host: {get_input: controller_virtual_ip}
576 service-password: {get_input: nova_password}
578 host: {get_input: controller_virtual_ip}
579 username: {get_input: rabbit_username}
580 password: {get_input: rabbit_password}
581 cookie: {get_input: rabbit_cookie}
582 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
583 rabbit_port: {get_input: rabbit_client_port}
586 - {server: {get_input: ntp_server}}
589 - vrrp_instance_name: VI_CONTROL
590 virtual_router_id: 51
591 keepalive_interface: {get_input: control_virtual_interface}
594 - ip: {get_input: controller_virtual_ip}
595 interface: {get_input: control_virtual_interface}
596 - vrrp_instance_name: VI_PUBLIC
597 virtual_router_id: 52
598 keepalive_interface: {get_input: public_virtual_interface}
601 - ip: {get_input: public_virtual_ip}
602 interface: {get_input: public_virtual_interface}
609 keepalive_interface: {get_input: public_virtual_interface}
613 ip: {get_input: controller_virtual_ip}
614 interface: {get_input: control_virtual_interface}
616 ip: {get_input: public_virtual_ip}
617 interface: {get_input: public_virtual_interface}
620 - ip: {get_input: controller_virtual_ip}
622 - option httpchk GET /
624 - name: keystone_admin
626 net_binds: &public_binds
627 - ip: {get_input: controller_virtual_ip}
628 - ip: {get_input: public_virtual_ip}
629 - name: keystone_public
631 net_binds: *public_binds
634 net_binds: *public_binds
637 net_binds: *public_binds
640 net_binds: *public_binds
643 net_binds: *public_binds
644 - name: glance_registry
646 net_binds: *public_binds
647 options: # overwrite options as glace_reg needs auth for http req
650 net_binds: *public_binds
651 - name: heat_cloudwatch
653 net_binds: *public_binds
656 net_binds: *public_binds
668 net_binds: *public_binds
669 - name: nova_metadata
671 net_binds: *public_binds
672 - name: nova_novncproxy
674 net_binds: *public_binds
677 net_binds: *public_binds
678 options: # overwrite options as ceil needs auth for http req
679 - name: swift_proxy_server
681 net_binds: *public_binds
683 - option httpchk GET /info
691 ControllerDeployment:
692 type: OS::TripleO::SoftwareDeployment
694 signal_transport: NO_SIGNAL
695 config: {get_resource: ControllerConfig}
696 server: {get_resource: Controller}
698 bootstack_nodeid: {get_attr: [Controller, name]}
699 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
700 controller_virtual_ip: {get_param: VirtualIP}
701 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
702 heat.watch_server_url:
706 - {get_param: VirtualIP}
708 heat.metadata_server_url:
712 - {get_param: VirtualIP}
714 heat.waitcondition_server_url:
718 - {get_param: VirtualIP}
719 - ':8000/v1/waitcondition'
720 admin_password: {get_param: AdminPassword}
721 admin_token: {get_param: AdminToken}
722 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
723 debug: {get_param: Debug}
724 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
725 cinder_password: {get_param: CinderPassword}
726 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
730 - - 'mysql://cinder:unset@'
731 - {get_param: VirtualIP}
733 glance_port: {get_param: GlancePort}
734 glance_protocol: {get_param: GlanceProtocol}
735 glance_password: {get_param: GlancePassword}
736 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
737 glance_log_file: {get_param: GlanceLogFile}
741 - - 'mysql://glance:unset@'
742 - {get_param: VirtualIP}
744 heat_password: {get_param: HeatPassword}
745 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
746 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
750 - - 'mysql://heat:unset@'
751 - {get_param: VirtualIP}
753 keystone_ca_certificate: {get_param: KeystoneCACertificate}
754 keystone_signing_key: {get_param: KeystoneSigningKey}
755 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
756 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
757 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
761 - - 'mysql://keystone:unset@'
762 - {get_param: VirtualIP}
764 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
765 mysql_root_password: {get_param: MysqlRootPassword}
768 template: tripleo-CLUSTER
770 CLUSTER: {get_param: MysqlClusterUniquePart}
771 neutron_flat_networks: {get_param: NeutronFlatNetworks}
772 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
773 neutron_agent_mode: {get_param: NeutronAgentMode}
774 neutron_router_distributed: {get_param: NeutronDVR}
775 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
776 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
777 neutron_l3_ha: {get_param: NeutronL3HA}
778 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
779 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
780 neutron_public_interface: {get_param: NeutronPublicInterface}
781 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
782 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
783 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
784 neutron_tenant_network_type: {get_param: NeutronNetworkType}
785 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
786 neutron_password: {get_param: NeutronPassword}
787 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
791 - - 'mysql://neutron:unset@'
792 - {get_param: VirtualIP}
793 - '/ovs_neutron?charset=utf8'
794 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
795 ceilometer_password: {get_param: CeilometerPassword}
799 - - 'mysql://ceilometer:unset@'
800 - {get_param: VirtualIP}
802 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
803 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
804 nova_password: {get_param: NovaPassword}
808 - - 'mysql://nova:unset@'
809 - {get_param: VirtualIP}
811 rabbit_username: {get_param: RabbitUserName}
812 rabbit_password: {get_param: RabbitPassword}
813 rabbit_cookie: {get_param: RabbitCookie}
814 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
815 rabbit_client_port: {get_param: RabbitClientPort}
816 ntp_server: {get_param: NtpServer}
817 control_virtual_interface: {get_param: ControlVirtualInterface}
818 public_virtual_interface: {get_param: PublicVirtualInterface}
819 public_virtual_ip: {get_param: PublicVirtualIP}
822 type: OS::Heat::StructuredConfig
824 group: os-apply-config
827 ca_certificate: {get_input: ssl_ca_certificate}
829 cert: {get_input: ssl_certificate}
830 key: {get_input: ssl_key}
831 cacert: {get_input: ssl_ca_certificate}
836 connect_host: {get_input: controller_host}
840 connect_host: {get_input: controller_host}
844 connect_host: {get_input: controller_host}
848 connect_host: {get_input: controller_host}
852 connect_host: {get_input: controller_host}
853 - name: 'swift-proxy'
856 connect_host: {get_input: controller_host}
860 connect_host: {get_input: controller_host}
864 connect_host: {get_input: controller_host}
866 ControllerSSLDeployment:
867 type: OS::Heat::StructuredDeployment
869 config: {get_resource: SSLConfig}
870 server: {get_resource: Controller}
871 signal_transport: NO_SIGNAL
873 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
874 ssl_certificate: {get_param: SSLCertificate}
875 ssl_key: {get_param: SSLKey}
876 ssl_ca_certificate: {get_param: SSLCACertificate}
878 ControllerPassthroughDeployment:
879 type: OS::Heat::StructuredDeployment
881 config: {get_resource: ControllerPassthroughConfig}
882 server: {get_resource: Controller}
883 signal_transport: NO_SIGNAL
885 passthrough_config: {get_param: ExtraConfig}
887 ControllerPassthroughSpecificDeployment:
888 depends_on: [ControllerPassthroughDeployment]
889 type: OS::Heat::StructuredDeployment
891 config: {get_resource: ControllerPassthroughConfigSpecific}
892 server: {get_resource: Controller}
893 signal_transport: NO_SIGNAL
895 passthrough_config_specific: {get_param: ControllerExtraConfig}
898 type: OS::Heat::StructuredConfig
900 group: os-apply-config
903 hash: { get_input: swift_hash_suffix }
904 part-power: { get_input: swift_part_power }
905 mount-check: { get_input: swift_mount_check }
906 min-part-hours: { get_input: swift_min_part_hours }
907 replicas: {get_input: swift_replicas }
908 service-password: { get_input: swift_password }
911 type: OS::Heat::StructuredDeployment
913 server: {get_resource: Controller}
914 config: {get_resource: SwiftConfig}
915 signal_transport: NO_SIGNAL
917 swift_hash_suffix: {get_param: SwiftHashSuffix}
918 swift_mount_check: {get_param: SwiftMountCheck}
919 swift_password: {get_param: SwiftPassword}
920 swift_min_part_hours: {get_param: SwiftMinPartHours}
921 swift_part_power: {get_param: SwiftPartPower}
922 swift_replicas: { get_param: SwiftReplicas}
926 description: IP address of the server in the ctlplane network
927 value: {get_attr: [Controller, networks, ctlplane, 0]}
929 description: Hostname of the server
930 value: {get_attr: [Controller, name]}
933 Node object in the format {ip: ..., name: ...} format that the corosync
936 ip: {get_attr: [Controller, networks, ctlplane, 0]}
937 name: {get_attr: [Controller, name]}
940 Server's IP address and hostname in the /etc/hosts format
943 template: IP HOST CLOUDNAME
945 IP: {get_attr: [Controller, networks, ctlplane, 0]}
946 HOST: {get_attr: [Controller, name]}
947 CLOUDNAME: {get_param: CloudName}
948 nova_server_resource:
949 description: Heat resource handle for the Nova compute server
951 {get_resource: Controller}
953 description: Swift device formatted for swift-ring-builder
956 template: 'r1z1-IP:%PORT%/d1'
958 IP: {get_attr: [Controller, networks, ctlplane, 0]}
959 swift_proxy_memcache:
960 description: Swift proxy-memcache value
965 IP: {get_attr: [Controller, networks, ctlplane, 0]}