1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
98 description: Flavor for control nodes to request when deploying.
101 - custom_constraint: nova.flavor
102 GlanceNotifierStrategy:
103 description: Strategy to use for Glance notification queue
107 description: The filepath of the file to use for logging messages from Glance.
112 description: The password for the glance service account, used by the glance services.
117 description: Glance port.
121 description: Protocol to use when connecting to glance, set to https for SSL.
125 description: The password for the Heat service account, used by the Heat services.
128 HeatStackDomainAdminPassword:
129 description: Password for heat_domain_admin user.
135 default: overcloud-control
137 - custom_constraint: glance.image
139 default: 'REBUILD_PRESERVE_EPHEMERAL'
140 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
144 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
147 - custom_constraint: nova.keypair
148 KeystoneCACertificate:
150 description: Keystone self-signed certificate authority certificate.
152 KeystoneSigningCertificate:
154 description: Keystone certificate for verifying token validity.
158 description: Keystone key for signing tokens.
161 KeystoneSSLCertificate:
163 description: Keystone certificate for verifying token validity.
165 KeystoneSSLCertificateKey:
167 description: Keystone key for signing tokens.
170 MysqlClusterUniquePart:
171 description: A unique identifier of the MySQL cluster the controller is in.
173 default: 'unset' # Has to be here because of the ignored empty value bug
175 - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
207 description: Whether to configure Neutron Distributed Virtual Routers
209 NeutronMetadataProxySharedSecret:
211 description: Shared secret to prevent spoofing
213 NeutronMechanismDrivers:
214 default: 'openvswitch'
216 The mechanism drivers for the Neutron tenant network. To specify multiple
217 values, use a comma separated string, like so: 'openvswitch,l2_population'
219 NeutronAllowL3AgentFailover:
221 description: Allow automatic l3-agent failover
223 NeutronEnableTunnelling:
229 description: If set, flat networks to configure in neutron plugins.
232 description: The tenant network type for Neutron, either gre or vxlan.
234 NeutronNetworkVLANRanges:
235 default: 'datacentre'
237 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
238 Neutron documentation for permitted values. Defaults to permitting any
239 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
243 description: The password for the neutron service account, used by neutron agents.
246 NeutronPublicInterface:
248 description: What interface to bridge onto br-ex for network nodes.
250 NeutronPublicInterfaceTag:
253 VLAN tag for creating a public VLAN. The tag will be used to
254 create an access port on the exterior bridge for each control plane node,
255 and that port will be given the IP address returned by neutron from the
256 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
257 overcloud.yaml to include the deployment of VLAN ports to the control
260 NeutronPublicInterfaceDefaultRoute:
262 description: A custom default route for the NeutronPublicInterface.
264 NeutronPublicInterfaceIP:
266 description: A custom IP address to put onto the NeutronPublicInterface.
268 NeutronPublicInterfaceRawDevice:
270 description: If set, the public interface is a vlan with this device as the raw device.
275 The tunnel types for the Neutron tenant network. To specify multiple
276 values, use a comma separated string, like so: 'gre,vxlan'
280 description: The password for the nova service account, used by nova-api.
286 PublicVirtualInterface:
289 Specifies the interface where the public-facing virtual ip will be assigned.
290 This should be int_public when a VLAN is being used.
294 default: '' # Has to be here because of the ignored empty value bug
297 default: '' # Has to be here because of the ignored empty value bug
301 description: The password for RabbitMQ
306 description: The username for RabbitMQ
311 Rabbit client subscriber parameter to specify
312 an SSL connection to the RabbitMQ host.
316 description: Set rabbit subscriber port, change this if using SSL
318 SnmpdReadonlyUserName:
319 default: ro_snmp_user
320 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
322 SnmpdReadonlyUserPassword:
324 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
329 description: If set, the contents of an SSL certificate authority file.
333 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
338 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
343 description: A random string to be used as a salt when hashing to determine mappings
349 description: Partition Power to use when building Swift rings
353 description: The password for the swift service account, used by the swift proxy
360 description: How many replicas to use in the swift rings.
363 default: '' # Has to be here because of the ignored empty value bug
369 type: OS::Nova::Server
371 image: {get_param: Image}
372 image_update_policy: {get_param: ImageUpdatePolicy}
373 flavor: {get_param: Flavor}
374 key_name: {get_param: KeyName}
377 user_data_format: SOFTWARE_CONFIG
380 type: OS::Heat::StructuredConfig
382 group: os-apply-config
384 admin-password: {get_param: AdminPassword}
385 admin-token: {get_param: AdminToken}
387 public_interface_ip: {get_param: NeutronPublicInterfaceIP}
389 nodeid: {get_input: bootstack_nodeid}
392 {get_param: VirtualIP}
397 - - mysql://cinder:unset@
400 debug: {get_param: Debug}
401 volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
402 service-password: {get_param: CinderPassword}
403 iscsi-helper: {get_param: CinderISCSIHelper}
404 controller-address: {get_input: controller_host}
406 bindnetaddr: {get_input: controller_host}
409 stonith_enabled : false
411 quorum_policy : ignore
415 host: {get_input: controller_virtual_ip}
420 - - mysql://glance:unset@
423 debug: {get_param: Debug}
424 host: {get_input: controller_virtual_ip}
425 port: {get_param: GlancePort}
426 protocol: {get_param: GlanceProtocol}
427 service-password: {get_param: GlancePassword}
428 swift-store-user: service:glance
429 swift-store-key: {get_param: GlancePassword}
430 notifier-strategy: {get_param: GlanceNotifierStrategy}
431 log-file: {get_param: GlanceLogFile}
433 admin_password: {get_param: HeatPassword}
434 admin_tenant_name: service
436 auth_encryption_key: unset___________
440 - - mysql://heat:unset@
443 debug: {get_param: Debug}
444 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
445 watch_server_url: {get_input: heat.watch_server_url}
446 metadata_server_url: {get_input: heat.metadata_server_url}
447 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
452 - - mysql://keystone:unset@
455 debug: {get_param: Debug}
456 host: {get_input: controller_virtual_ip}
457 ca_certificate: {get_param: KeystoneCACertificate}
458 signing_key: {get_param: KeystoneSigningKey}
459 signing_certificate: {get_param: KeystoneSigningCertificate}
461 certificate: {get_param: KeystoneSSLCertificate}
462 certificate_key: {get_param: KeystoneSSLCertificateKey}
464 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
466 root-password: {get_param: MysqlRootPassword}
469 template: tripleo-CLUSTER
471 CLUSTER: {get_param: MysqlClusterUniquePart}
473 debug: {get_param: Debug}
474 flat-networks: {get_param: NeutronFlatNetworks}
475 host: {get_input: controller_virtual_ip}
476 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
477 agent_mode: {get_param: NeutronAgentMode}
478 router_distributed: {get_param: NeutronDVR}
479 mechanism_drivers: {get_param: NeutronMechanismDrivers}
480 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
482 enable_tunneling: {get_input: neutron_enable_tunneling}
483 local_ip: {get_input: controller_host}
484 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
485 bridge_mappings: {get_param: NeutronBridgeMappings}
486 public_interface: {get_param: NeutronPublicInterface}
487 public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
488 public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
489 public_interface_tag: {get_param: NeutronPublicInterfaceTag}
490 physical_bridge: br-ex
491 tenant_network_type: {get_param: NeutronNetworkType}
492 tunnel_types: {get_param: NeutronTunnelTypes}
496 - - mysql://neutron:unset@
498 - /ovs_neutron?charset=utf8
499 service-password: {get_param: NeutronPassword}
500 dnsmasq-options: {get_param: NeutronDnsmasqOptions}
505 - - mysql://ceilometer:unset@
508 debug: {get_param: Debug}
509 metering_secret: {get_param: CeilometerMeteringSecret}
510 service-password: {get_param: CeilometerPassword}
512 export_MIB: UCD-SNMP-MIB
513 readonly_user_name: {get_param: SnmpdReadonlyUserName}
514 readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
516 compute_driver: libvirt.LibvirtDriver
520 - - mysql://nova:unset@
523 default_floating_pool:
525 host: {get_input: controller_virtual_ip}
527 service-password: {get_param: NovaPassword}
529 host: {get_input: controller_virtual_ip}
530 username: {get_param: RabbitUserName}
531 password: {get_param: RabbitPassword}
532 cookie: {get_param: RabbitCookie}
533 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
534 rabbit_port: {get_param: RabbitClientPort}
537 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
540 - vrrp_instance_name: VI_CONTROL
541 virtual_router_id: 51
542 keepalive_interface: {get_param: ControlVirtualInterface}
545 - ip: {get_param: VirtualIP}
546 interface: {get_param: ControlVirtualInterface}
547 - vrrp_instance_name: VI_PUBLIC
548 virtual_router_id: 52
549 keepalive_interface: {get_param: PublicVirtualInterface}
552 - ip: {get_param: PublicVirtualIP}
553 interface: {get_param: PublicVirtualInterface}
560 keepalive_interface: {get_param: PublicVirtualInterface}
564 ip: {get_param: VirtualIP}
565 interface: {get_param: ControlVirtualInterface}
567 ip: {get_param: PublicVirtualIP}
568 interface: {get_param: PublicVirtualInterface}
571 - ip: {get_param: VirtualIP}
573 - name: keystone_admin
575 net_binds: &public_binds
576 - ip: {get_param: VirtualIP}
577 - ip: {get_param: PublicVirtualIP}
578 - name: keystone_public
580 net_binds: *public_binds
583 net_binds: *public_binds
586 net_binds: *public_binds
589 net_binds: *public_binds
592 net_binds: *public_binds
593 - name: glance_registry
595 net_binds: *public_binds
598 net_binds: *public_binds
599 - name: heat_cloudwatch
601 net_binds: *public_binds
604 net_binds: *public_binds
616 net_binds: *public_binds
617 - name: nova_metadata
619 net_binds: *public_binds
622 net_binds: *public_binds
623 - name: swift_proxy_server
625 net_binds: *public_binds
632 ControllerPassthroughConfig:
633 type: OS::Heat::StructuredConfig
635 group: os-apply-config
636 config: {get_input: passthrough_config}
638 ControllerPassthroughConfigSpecific:
639 type: OS::Heat::StructuredConfig
641 group: os-apply-config
642 config: {get_input: passthrough_config_specific}
644 ControllerDeployment:
645 type: OS::Heat::StructuredDeployment
647 signal_transport: NO_SIGNAL
648 config: {get_resource: ControllerConfig}
649 server: {get_resource: Controller}
651 bootstack_nodeid: {get_attr: [Controller, name]}
652 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
653 controller_virtual_ip: {get_param: VirtualIP}
654 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
655 heat.watch_server_url:
659 - {get_param: VirtualIP}
661 heat.metadata_server_url:
665 - {get_param: VirtualIP}
667 heat.waitcondition_server_url:
671 - {get_param: VirtualIP}
672 - ':8000/v1/waitcondition'
675 type: OS::Heat::StructuredConfig
677 group: os-apply-config
680 ca_certificate: {get_input: ssl_ca_certificate}
682 cert: {get_input: ssl_certificate}
683 key: {get_input: ssl_key}
684 cacert: {get_input: ssl_ca_certificate}
689 connect_host: {get_input: controller_host}
693 connect_host: {get_input: controller_host}
697 connect_host: {get_input: controller_host}
701 connect_host: {get_input: controller_host}
705 connect_host: {get_input: controller_host}
706 - name: 'swift-proxy'
709 connect_host: {get_input: controller_host}
713 connect_host: {get_input: controller_host}
717 connect_host: {get_input: controller_host}
719 ControllerSSLDeployment:
720 type: OS::Heat::StructuredDeployment
722 config: {get_resource: SSLConfig}
723 server: {get_resource: Controller}
724 signal_transport: NO_SIGNAL
726 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
727 ssl_certificate: {get_param: SSLCertificate}
728 ssl_key: {get_param: SSLKey}
729 ssl_ca_certificate: {get_param: SSLCACertificate}
731 ControllerPassthroughDeployment:
732 type: OS::Heat::StructuredDeployment
734 config: {get_resource: ControllerPassthroughConfig}
735 server: {get_resource: Controller}
736 signal_transport: NO_SIGNAL
738 passthrough_config: {get_param: ExtraConfig}
740 ControllerPassthroughSpecificDeployment:
741 depends_on: [ControllerPassthroughDeployment]
742 type: OS::Heat::StructuredDeployment
744 config: {get_resource: ControllerPassthroughConfigSpecific}
745 server: {get_resource: Controller}
746 signal_transport: NO_SIGNAL
748 passthrough_config_specific: {get_param: ControllerExtraConfig}
751 type: OS::Heat::StructuredConfig
753 group: os-apply-config
756 hash: { get_input: swift_hash_suffix }
757 part-power: { get_input: swift_part_power }
758 replicas: {get_input: swift_replicas }
759 service-password: { get_input: swift_password }
762 type: OS::Heat::StructuredDeployment
764 server: {get_resource: Controller}
765 config: {get_resource: SwiftConfig}
766 signal_transport: NO_SIGNAL
768 swift_hash_suffix: {get_param: SwiftHashSuffix}
769 swift_password: {get_param: SwiftPassword}
770 swift_part_power: {get_param: SwiftPartPower}
771 swift_replicas: { get_param: SwiftReplicas}
775 description: IP address of the server in the ctlplane network
776 value: {get_attr: [Controller, networks, ctlplane, 0]}
778 description: Hostname of the server
779 value: {get_attr: [Controller, name]}
782 Node object in the format {ip: ..., name: ...} format that the corosync
785 ip: {get_attr: [Controller, networks, ctlplane, 0]}
786 name: {get_attr: [Controller, name]}
789 Server's IP address and hostname in the /etc/hosts format
792 template: IP HOST HOST.novalocal CLOUDNAME
794 IP: {get_attr: [Controller, networks, ctlplane, 0]}
795 HOST: {get_attr: [Controller, name]}
796 CLOUDNAME: {get_param: CloudName}
797 nova_server_resource:
798 description: Heat resource handle for the Nova compute server
800 {get_resource: Controller}
802 description: Swift device formatted for swift-ring-builder
805 template: 'r1z1-IP:%PORT%/d1'
807 IP: {get_attr: [Controller, networks, ctlplane, 0]}
808 swift_proxy_memcache:
809 description: Swift proxy-memcache value
814 IP: {get_attr: [Controller, networks, ctlplane, 0]}