1 heat_template_version: 2014-10-16
4 OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
27 CinderEnableIscsiBackend:
29 description: Whether to enable or not the Iscsi backend for Cinder
31 CinderEnableRbdBackend:
33 description: Whether to enable or not the Rbd backend for Cinder
37 description: The iSCSI helper to use with cinder.
39 CinderLVMLoopDeviceSize:
41 description: The size of the loopback file used by the cinder LVM driver.
45 description: The password for the cinder service account, used by cinder-api.
50 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
52 ControllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
58 ControlVirtualInterface:
60 description: Interface where virtual ip will be assigned.
64 description: Set to True to enable debugging on all services.
68 description: Whether to use Galera instead of regular MariaDB.
73 Additional configuration to inject into the cluster. The JSON should have
74 the following structure:
77 [{"section": "SECTIONNAME",
79 [{"option": "OPTIONNAME",
90 [{"section": "default",
92 [{"option": "compute_manager",
93 "value": "ironic.nova.compute.manager.ClusterComputeManager"
100 "value": "nova.cells.rpc_driver.CellsRPCDriver"
109 description: Flavor for control nodes to request when deploying.
112 - custom_constraint: nova.flavor
113 GlanceNotifierStrategy:
114 description: Strategy to use for Glance notification queue
118 description: The filepath of the file to use for logging messages from Glance.
123 description: The password for the glance service account, used by the glance services.
128 description: Glance port.
132 description: Protocol to use when connecting to glance, set to https for SSL.
136 description: The password for the Heat service account, used by the Heat services.
139 HeatStackDomainAdminPassword:
140 description: Password for heat_domain_admin user.
144 HeatAuthEncryptionKey:
145 description: Auth encryption key for heat-engine
149 default: overcloud-control
151 - custom_constraint: glance.image
153 default: 'REBUILD_PRESERVE_EPHEMERAL'
154 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
158 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
161 - custom_constraint: nova.keypair
162 KeystoneCACertificate:
164 description: Keystone self-signed certificate authority certificate.
166 KeystoneSigningCertificate:
168 description: Keystone certificate for verifying token validity.
172 description: Keystone key for signing tokens.
175 KeystoneSSLCertificate:
177 description: Keystone certificate for verifying token validity.
179 KeystoneSSLCertificateKey:
181 description: Keystone key for signing tokens.
184 MysqlClusterUniquePart:
185 description: A unique identifier of the MySQL cluster the controller is in.
187 default: 'unset' # Has to be here because of the ignored empty value bug
188 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
190 # - length: {min: 4, max: 10}
191 MysqlInnodbBufferPoolSize:
193 Specifies the size of the buffer pool in megabytes. Setting to
194 zero should be interpreted as "no value" and will defer to the
201 default: '' # Has to be here because of the ignored empty value bug
202 NeutronBridgeMappings:
204 The OVS logical->physical bridge mappings to use. See the Neutron
205 documentation for details. Defaults to mapping br-ex - the external
206 bridge on hosts - to a physical name 'datacentre' which can be used
207 to create provider networks (and we use this for the default floating
208 network) - if changing this either use different post-install network
209 scripts or be sure to keep 'datacentre' as a mapping network name.
212 NeutronDnsmasqOptions:
213 default: 'dhcp-option-force=26,1400'
214 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
218 description: Agent mode for the neutron-l3-agent on the controller hosts
222 description: Whether to configure Neutron Distributed Virtual Routers
224 NeutronMetadataProxySharedSecret:
226 description: Shared secret to prevent spoofing
228 NeutronMechanismDrivers:
229 default: 'openvswitch'
231 The mechanism drivers for the Neutron tenant network. To specify multiple
232 values, use a comma separated string, like so: 'openvswitch,l2_population'
234 NeutronAllowL3AgentFailover:
236 description: Allow automatic l3-agent failover
240 description: Whether to enable l3-agent HA
242 NeutronEnableTunnelling:
248 description: If set, flat networks to configure in neutron plugins.
251 description: The tenant network type for Neutron, either gre or vxlan.
253 NeutronNetworkVLANRanges:
254 default: 'datacentre'
256 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
257 Neutron documentation for permitted values. Defaults to permitting any
258 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
262 description: The password for the neutron service account, used by neutron agents.
265 NeutronPublicInterface:
267 description: What interface to bridge onto br-ex for network nodes.
269 NeutronPublicInterfaceTag:
272 VLAN tag for creating a public VLAN. The tag will be used to
273 create an access port on the exterior bridge for each control plane node,
274 and that port will be given the IP address returned by neutron from the
275 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
276 overcloud.yaml to include the deployment of VLAN ports to the control
279 NeutronPublicInterfaceDefaultRoute:
281 description: A custom default route for the NeutronPublicInterface.
283 NeutronPublicInterfaceIP:
285 description: A custom IP address to put onto the NeutronPublicInterface.
287 NeutronPublicInterfaceRawDevice:
289 description: If set, the public interface is a vlan with this device as the raw device.
294 The tunnel types for the Neutron tenant network. To specify multiple
295 values, use a comma separated string, like so: 'gre,vxlan'
299 description: The password for the nova service account, used by nova-api.
305 PublicVirtualInterface:
308 Specifies the interface where the public-facing virtual ip will be assigned.
309 This should be int_public when a VLAN is being used.
313 default: '' # Has to be here because of the ignored empty value bug
316 default: '' # Has to be here because of the ignored empty value bug
320 description: The password for RabbitMQ
325 description: The username for RabbitMQ
330 Rabbit client subscriber parameter to specify
331 an SSL connection to the RabbitMQ host.
335 description: Set rabbit subscriber port, change this if using SSL
337 SnmpdReadonlyUserName:
338 default: ro_snmp_user
339 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
341 SnmpdReadonlyUserPassword:
343 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
348 description: If set, the contents of an SSL certificate authority file.
352 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
357 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
362 description: A random string to be used as a salt when hashing to determine mappings
368 description: Value of mount_check in Swift account/container/object -server.conf
373 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
376 description: Partition Power to use when building Swift rings
380 description: The password for the swift service account, used by the swift proxy
387 description: How many replicas to use in the swift rings.
390 default: '' # Has to be here because of the ignored empty value bug
396 type: OS::Nova::Server
398 image: {get_param: Image}
399 image_update_policy: {get_param: ImageUpdatePolicy}
400 flavor: {get_param: Flavor}
401 key_name: {get_param: KeyName}
404 user_data_format: SOFTWARE_CONFIG
407 type: OS::TripleO::Net::SoftwareConfig
410 type: OS::TripleO::SoftwareDeployment
412 signal_transport: NO_SIGNAL
413 config: {get_attr: [NetworkConfig, config_id]}
414 server: {get_resource: Controller}
417 interface_name: {get_param: NeutronPublicInterface}
419 ControllerPassthroughConfig:
420 type: OS::Heat::StructuredConfig
422 group: os-apply-config
423 config: {get_input: passthrough_config}
425 ControllerPassthroughConfigSpecific:
426 type: OS::Heat::StructuredConfig
428 group: os-apply-config
429 config: {get_input: passthrough_config_specific}
432 type: OS::Heat::StructuredConfig
434 group: os-apply-config
436 admin-password: {get_input: admin_password}
437 admin-token: {get_input: admin_token}
439 public_interface_ip: {get_input: neutron_public_interface_ip}
441 nodeid: {get_input: bootstack_nodeid}
443 db: {get_input: cinder_dsn}
444 debug: {get_input: debug}
445 volume_size_mb: {get_input: cinder_lvm_loop_device_size}
446 service-password: {get_input: cinder_password}
447 iscsi-helper: {get_input: CinderISCSIHelper}
448 controller-address: {get_input: controller_host}
450 bindnetaddr: {get_input: controller_host}
453 stonith_enabled : false
455 quorum_policy : ignore
459 host: {get_input: controller_virtual_ip}
461 db: {get_input: glance_dsn}
462 debug: {get_input: debug}
463 host: {get_input: controller_virtual_ip}
464 port: {get_input: glance_port}
465 protocol: {get_input: glance_protocol}
466 service-password: {get_input: glance_password}
467 swift-store-user: service:glance
468 swift-store-key: {get_input: glance_password}
469 notifier-strategy: {get_input: glance_notifier_strategy}
470 log-file: {get_input: glance_log_file}
472 admin_password: {get_input: heat_password}
473 admin_tenant_name: service
475 auth_encryption_key: {get_input: heat_auth_encryption_key}
476 db: {get_input: heat_dsn}
477 debug: {get_input: debug}
478 stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
479 watch_server_url: {get_input: heat.watch_server_url}
480 metadata_server_url: {get_input: heat.metadata_server_url}
481 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
483 db: {get_input: keystone_dsn}
484 debug: {get_input: debug}
485 host: {get_input: controller_virtual_ip}
486 ca_certificate: {get_input: keystone_ca_certificate}
487 signing_key: {get_input: keystone_signing_key}
488 signing_certificate: {get_input: keystone_signing_certificate}
490 certificate: {get_input: keystone_ssl_certificate}
491 certificate_key: {get_input: keystone_ssl_certificate_key}
493 innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
495 root-password: {get_input: mysql_root_password}
496 cluster_name: {get_input: mysql_cluster_name}
498 debug: {get_input: debug}
499 flat-networks: {get_input: neutron_flat_networks}
500 host: {get_input: controller_virtual_ip}
501 metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
502 agent_mode: {get_input: neutron_agent_mode}
503 router_distributed: {get_input: neutron_router_distributed}
504 mechanism_drivers: {get_input: neutron_mechanism_drivers}
505 allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
506 l3_ha: {get_input: neutron_l3_ha}
508 enable_tunneling: {get_input: neutron_enable_tunneling}
509 local_ip: {get_input: controller_host}
510 network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
511 bridge_mappings: {get_input: neutron_bridge_mappings}
512 public_interface: {get_input: neutron_public_interface}
513 public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
514 public_interface_route: {get_input: neutron_public_interface_default_route}
515 public_interface_tag: {get_input: neutron_public_interface_tag}
516 physical_bridge: br-ex
517 tenant_network_type: {get_input: neutron_tenant_network_type}
518 tunnel_types: {get_input: neutron_tunnel_types}
519 ovs_db: {get_input: neutron_dsn}
520 service-password: {get_input: neutron_password}
521 dnsmasq-options: {get_input: neutron_dnsmasq_options}
523 db: {get_input: ceilometer_dsn}
524 debug: {get_input: debug}
525 metering_secret: {get_input: ceilometer_metering_secret}
526 service-password: {get_input: ceilometer_password}
528 export_MIB: UCD-SNMP-MIB
529 readonly_user_name: {get_input: snmpd_readonly_user_name}
530 readonly_user_password: {get_input: snmpd_readonly_user_password}
532 compute_driver: libvirt.LibvirtDriver
533 db: {get_input: nova_dsn}
534 default_floating_pool:
536 host: {get_input: controller_virtual_ip}
538 service-password: {get_input: nova_password}
540 host: {get_input: controller_virtual_ip}
541 username: {get_input: rabbit_username}
542 password: {get_input: rabbit_password}
543 cookie: {get_input: rabbit_cookie}
544 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
545 rabbit_port: {get_input: rabbit_client_port}
548 - {server: {get_input: ntp_server}}
551 - vrrp_instance_name: VI_CONTROL
552 virtual_router_id: 51
553 keepalive_interface: {get_input: control_virtual_interface}
556 - ip: {get_input: controller_virtual_ip}
557 interface: {get_input: control_virtual_interface}
558 - vrrp_instance_name: VI_PUBLIC
559 virtual_router_id: 52
560 keepalive_interface: {get_input: public_virtual_interface}
563 - ip: {get_input: public_virtual_ip}
564 interface: {get_input: public_virtual_interface}
571 keepalive_interface: {get_input: public_virtual_interface}
575 ip: {get_input: controller_virtual_ip}
576 interface: {get_input: control_virtual_interface}
578 ip: {get_input: public_virtual_ip}
579 interface: {get_input: public_virtual_interface}
582 - ip: {get_input: controller_virtual_ip}
584 - option httpchk GET /
586 - name: keystone_admin
588 net_binds: &public_binds
589 - ip: {get_input: controller_virtual_ip}
590 - ip: {get_input: public_virtual_ip}
591 - name: keystone_public
593 net_binds: *public_binds
596 net_binds: *public_binds
599 net_binds: *public_binds
602 net_binds: *public_binds
605 net_binds: *public_binds
606 - name: glance_registry
608 net_binds: *public_binds
609 options: # overwrite options as glace_reg needs auth for http req
612 net_binds: *public_binds
613 - name: heat_cloudwatch
615 net_binds: *public_binds
618 net_binds: *public_binds
630 net_binds: *public_binds
631 - name: nova_metadata
633 net_binds: *public_binds
634 - name: nova_novncproxy
636 net_binds: *public_binds
639 net_binds: *public_binds
640 options: # overwrite options as ceil needs auth for http req
641 - name: swift_proxy_server
643 net_binds: *public_binds
645 - option httpchk GET /info
653 ControllerDeployment:
654 type: OS::TripleO::SoftwareDeployment
656 signal_transport: NO_SIGNAL
657 config: {get_resource: ControllerConfig}
658 server: {get_resource: Controller}
660 bootstack_nodeid: {get_attr: [Controller, name]}
661 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
662 controller_virtual_ip: {get_param: VirtualIP}
663 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
664 heat.watch_server_url:
668 - {get_param: VirtualIP}
670 heat.metadata_server_url:
674 - {get_param: VirtualIP}
676 heat.waitcondition_server_url:
680 - {get_param: VirtualIP}
681 - ':8000/v1/waitcondition'
682 admin_password: {get_param: AdminPassword}
683 admin_token: {get_param: AdminToken}
684 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
685 debug: {get_param: Debug}
686 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
687 cinder_password: {get_param: CinderPassword}
688 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
692 - - 'mysql://cinder:unset@'
693 - {get_param: VirtualIP}
695 glance_port: {get_param: GlancePort}
696 glance_protocol: {get_param: GlanceProtocol}
697 glance_password: {get_param: GlancePassword}
698 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
699 glance_log_file: {get_param: GlanceLogFile}
703 - - 'mysql://glance:unset@'
704 - {get_param: VirtualIP}
706 heat_password: {get_param: HeatPassword}
707 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
708 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
712 - - 'mysql://heat:unset@'
713 - {get_param: VirtualIP}
715 keystone_ca_certificate: {get_param: KeystoneCACertificate}
716 keystone_signing_key: {get_param: KeystoneSigningKey}
717 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
718 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
719 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
723 - - 'mysql://keystone:unset@'
724 - {get_param: VirtualIP}
726 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
727 mysql_root_password: {get_param: MysqlRootPassword}
730 template: tripleo-CLUSTER
732 CLUSTER: {get_param: MysqlClusterUniquePart}
733 neutron_flat_networks: {get_param: NeutronFlatNetworks}
734 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
735 neutron_agent_mode: {get_param: NeutronAgentMode}
736 neutron_router_distributed: {get_param: NeutronDVR}
737 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
738 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
739 neutron_l3_ha: {get_param: NeutronL3HA}
740 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
741 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
742 neutron_public_interface: {get_param: NeutronPublicInterface}
743 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
744 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
745 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
746 neutron_tenant_network_type: {get_param: NeutronNetworkType}
747 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
748 neutron_password: {get_param: NeutronPassword}
749 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
753 - - 'mysql://neutron:unset@'
754 - {get_param: VirtualIP}
755 - '/ovs_neutron?charset=utf8'
756 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
757 ceilometer_password: {get_param: CeilometerPassword}
761 - - 'mysql://ceilometer:unset@'
762 - {get_param: VirtualIP}
764 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
765 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
766 nova_password: {get_param: NovaPassword}
770 - - 'mysql://nova:unset@'
771 - {get_param: VirtualIP}
773 rabbit_username: {get_param: RabbitUserName}
774 rabbit_password: {get_param: RabbitPassword}
775 rabbit_cookie: {get_param: RabbitCookie}
776 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
777 rabbit_client_port: {get_param: RabbitClientPort}
778 ntp_server: {get_param: NtpServer}
779 control_virtual_interface: {get_param: ControlVirtualInterface}
780 public_virtual_interface: {get_param: PublicVirtualInterface}
781 public_virtual_ip: {get_param: PublicVirtualIP}
784 type: OS::Heat::StructuredConfig
786 group: os-apply-config
789 ca_certificate: {get_input: ssl_ca_certificate}
791 cert: {get_input: ssl_certificate}
792 key: {get_input: ssl_key}
793 cacert: {get_input: ssl_ca_certificate}
798 connect_host: {get_input: controller_host}
802 connect_host: {get_input: controller_host}
806 connect_host: {get_input: controller_host}
810 connect_host: {get_input: controller_host}
814 connect_host: {get_input: controller_host}
815 - name: 'swift-proxy'
818 connect_host: {get_input: controller_host}
822 connect_host: {get_input: controller_host}
826 connect_host: {get_input: controller_host}
828 ControllerSSLDeployment:
829 type: OS::Heat::StructuredDeployment
831 config: {get_resource: SSLConfig}
832 server: {get_resource: Controller}
833 signal_transport: NO_SIGNAL
835 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
836 ssl_certificate: {get_param: SSLCertificate}
837 ssl_key: {get_param: SSLKey}
838 ssl_ca_certificate: {get_param: SSLCACertificate}
840 ControllerPassthroughDeployment:
841 type: OS::Heat::StructuredDeployment
843 config: {get_resource: ControllerPassthroughConfig}
844 server: {get_resource: Controller}
845 signal_transport: NO_SIGNAL
847 passthrough_config: {get_param: ExtraConfig}
849 ControllerPassthroughSpecificDeployment:
850 depends_on: [ControllerPassthroughDeployment]
851 type: OS::Heat::StructuredDeployment
853 config: {get_resource: ControllerPassthroughConfigSpecific}
854 server: {get_resource: Controller}
855 signal_transport: NO_SIGNAL
857 passthrough_config_specific: {get_param: ControllerExtraConfig}
860 type: OS::Heat::StructuredConfig
862 group: os-apply-config
865 hash: { get_input: swift_hash_suffix }
866 part-power: { get_input: swift_part_power }
867 mount-check: { get_input: swift_mount_check }
868 min-part-hours: { get_input: swift_min_part_hours }
869 replicas: {get_input: swift_replicas }
870 service-password: { get_input: swift_password }
873 type: OS::Heat::StructuredDeployment
875 server: {get_resource: Controller}
876 config: {get_resource: SwiftConfig}
877 signal_transport: NO_SIGNAL
879 swift_hash_suffix: {get_param: SwiftHashSuffix}
880 swift_mount_check: {get_param: SwiftMountCheck}
881 swift_password: {get_param: SwiftPassword}
882 swift_min_part_hours: {get_param: SwiftMinPartHours}
883 swift_part_power: {get_param: SwiftPartPower}
884 swift_replicas: { get_param: SwiftReplicas}
888 description: IP address of the server in the ctlplane network
889 value: {get_attr: [Controller, networks, ctlplane, 0]}
891 description: Hostname of the server
892 value: {get_attr: [Controller, name]}
895 Node object in the format {ip: ..., name: ...} format that the corosync
898 ip: {get_attr: [Controller, networks, ctlplane, 0]}
899 name: {get_attr: [Controller, name]}
902 Server's IP address and hostname in the /etc/hosts format
905 template: IP HOST HOST.novalocal CLOUDNAME
907 IP: {get_attr: [Controller, networks, ctlplane, 0]}
908 HOST: {get_attr: [Controller, name]}
909 CLOUDNAME: {get_param: CloudName}
910 nova_server_resource:
911 description: Heat resource handle for the Nova compute server
913 {get_resource: Controller}
915 description: Swift device formatted for swift-ring-builder
918 template: 'r1z1-IP:%PORT%/d1'
920 IP: {get_attr: [Controller, networks, ctlplane, 0]}
921 swift_proxy_memcache:
922 description: Swift proxy-memcache value
927 IP: {get_attr: [Controller, networks, ctlplane, 0]}