1 description: Deprecated. Please migrate to use overcloud-without-mergepy instead.
2 heat_template_version: 2013-05-23
6 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
11 description: The keystone auth secret.
14 CeilometerComputeAgent:
15 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
19 - allowed_values: ['', Present]
20 CeilometerMeteringSecret:
22 description: Secret shared by the ceilometer services.
27 description: The password for the ceilometer service account.
32 description: The iSCSI helper to use with cinder.
34 CinderLVMLoopDeviceSize:
36 description: The size of the loopback file used by the cinder LVM driver.
40 description: The password for the cinder service account, used by cinder-api.
45 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
49 description: Should be used for arbitrary ips.
51 controllerExtraConfig:
54 Controller specific configuration to inject into the cluster. Same
55 structure as ExtraConfig.
59 default: overcloud-control
61 - custom_constraint: glance.image
62 ControlVirtualInterface:
64 description: Interface where virtual ip will be assigned.
68 description: Set to True to enable debugging on all services.
70 DefaultSignalTransport:
72 description: Transport to use for software-config signals.
75 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
79 Additional configuration to inject into the cluster. The JSON should have
80 the following structure:
83 [{"section": "SECTIONNAME",
85 [{"option": "OPTIONNAME",
96 [{"section": "default",
98 [{"option": "force_config_drive",
105 [{"option": "driver",
106 "value": "nova.cells.rpc_driver.CellsRPCDriver"
115 description: The filepath of the file to use for logging messages from Glance.
121 description: Horizon web server port.
124 description: The password for the glance service account, used by the glance services.
129 description: Glance port.
133 description: Protocol to use when connecting to glance, set to https for SSL.
135 GlanceNotifierStrategy:
136 description: Strategy to use for Glance notification queue
141 description: The password for the Heat service account, used by the Heat services.
144 HeatStackDomainAdminPassword:
145 description: Password for heat_domain_admin user.
149 HypervisorNeutronPhysicalBridge:
152 An OVS bridge to create on each hypervisor. This defaults to br-ex the
153 same as the control plane nodes, as we have a uniform configuration of
154 the openvswitch agent. Typically should not need to be changed.
156 HypervisorNeutronPublicInterface:
158 description: What interface to add to the HypervisorNeutronPhysicalBridge.
161 default: 'REBUILD_PRESERVE_EPHEMERAL'
162 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
166 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
169 - custom_constraint: nova.keypair
170 KeystoneCACertificate:
172 description: Keystone self-signed certificate authority certificate.
174 KeystoneSigningCertificate:
176 description: Keystone certificate for verifying token validity.
180 description: Keystone key for signing tokens.
183 KeystoneSSLCertificate:
185 description: Keystone certificate for verifying token validity.
187 KeystoneSSLCertificateKey:
189 description: Keystone key for signing tokens.
192 MysqlInnodbBufferPoolSize:
194 Specifies the size of the buffer pool in megabytes. Setting to
195 zero should be interpreted as "no value" and will defer to the
199 NeutronBridgeMappings:
201 The OVS logical->physical bridge mappings to use. See the Neutron
202 documentation for details. Defaults to mapping br-ex - the external
203 bridge on hosts - to a physical name 'datacentre' which can be used
204 to create provider networks (and we use this for the default floating
205 network) - if changing this either use different post-install network
206 scripts or be sure to keep 'datacentre' as a mapping network name.
208 default: "datacentre:br-ex"
209 NeutronControlPlaneID:
212 description: Neutron ID for ctlplane network.
213 NeutronDnsmasqOptions:
214 default: 'dhcp-option-force=26,1400'
215 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
219 default: 'datacentre'
221 If set, flat networks to configure in neutron plugins. Defaults to
222 'datacentre' to permit external network creation.
225 description: The tenant network type for Neutron, either gre or vxlan.
227 NeutronNetworkVLANRanges:
228 default: 'datacentre'
230 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
231 Neutron documentation for permitted values. Defaults to permitting any
232 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
236 description: The password for the neutron service account, used by neutron agents.
239 NeutronPublicInterface:
241 description: What interface to bridge onto br-ex for network nodes.
243 NeutronPublicInterfaceDefaultRoute:
245 description: A custom default route for the NeutronPublicInterface.
247 NeutronPublicInterfaceIP:
249 description: A custom IP address to put onto the NeutronPublicInterface.
251 NeutronPublicInterfaceRawDevice:
253 description: If set, the public interface is a vlan with this device as the raw device.
255 NeutronPublicInterfaceTag:
258 VLAN tag for creating a public VLAN. The tag will be used to
259 create an access port on the exterior bridge for each control plane node,
260 and that port will be given the IP address returned by neutron from the
261 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
262 overcloud.yaml to include the deployment of VLAN ports to the control
265 NeutronComputeAgentMode:
267 description: Agent mode for the neutron-l3-agent on the compute hosts
271 description: Agent mode for the neutron-l3-agent on the controller hosts
275 description: Whether to configure Neutron Distributed Virtual Routers
277 NeutronMetadataProxySharedSecret:
279 description: Shared secret to prevent spoofing
284 The tunnel types for the Neutron tenant network. To specify multiple
285 values, use a comma separated string, like so: 'gre,vxlan'
287 NeutronMechanismDrivers:
288 default: 'openvswitch'
290 The mechanism drivers for the Neutron tenant network. To specify multiple
291 values, use a comma separated string, like so: 'openvswitch,l2_population'
293 NeutronAllowL3AgentFailover:
295 description: Allow automatic l3-agent failover
299 description: Whether to enable l3-agent HA
302 default: libvirt.LibvirtDriver
304 NovaComputeExtraConfig:
307 NovaCompute specific configuration to inject into the cluster. Same
308 structure as ExtraConfig.
310 NovaComputeLibvirtType:
315 default: overcloud-compute
317 - custom_constraint: glance.image
320 description: The password for the nova service account, used by nova-api.
326 OvercloudComputeFlavor:
327 description: Flavor for compute nodes to request when deploying.
330 - custom_constraint: nova.flavor
331 OvercloudControlFlavor:
332 description: Flavor for control nodes to request when deploying.
335 - custom_constraint: nova.flavor
336 PublicVirtualFixedIPs:
339 Control the IP allocation for the PublicVirtualInterface port. E.g.
340 [{'ip_address':'1.2.3.4'}]
342 PublicVirtualInterface:
345 Specifies the interface where the public-facing virtual ip will be assigned.
346 This should be int_public when a VLAN is being used.
348 PublicVirtualNetwork:
352 Neutron network to allocate public virtual IP port on.
356 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
359 description: The password for RabbitMQ
364 description: The username for RabbitMQ
369 Rabbit client subscriber parameter to specify
370 an SSL connection to the RabbitMQ host.
374 description: Set rabbit subscriber port, change this if using SSL
376 SnmpdReadonlyUserName:
377 default: ro_snmp_user
378 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
380 SnmpdReadonlyUserPassword:
382 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
387 type: OS::Neutron::Port
389 name: control_virtual_ip
390 network_id: {get_param: NeutronControlPlaneID}
392 get_param: ControlFixedIPs
393 replacement_policy: AUTO
394 MysqlClusterUniquePart:
395 type: OS::Heat::RandomString
399 type: OS::Heat::RandomString
403 type: OS::Neutron::Port
405 name: public_virtual_ip
406 network: {get_param: PublicVirtualNetwork}
408 get_param: PublicVirtualFixedIPs
409 replacement_policy: AUTO
411 type: OS::Heat::RandomString
415 get_param: RabbitCookieSalt
416 NovaCompute0Deployment:
418 Path: deprecated/nova-compute-instance.yaml
419 SubKey: resources.NovaCompute0Deployment
421 DefaultSignalTransport:
422 get_param: DefaultSignalTransport
423 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
424 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
425 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
426 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
427 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
428 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
430 get_param: NeutronNetworkType
432 get_param: NeutronTunnelTypes
433 NeutronEnableTunnelling: "True"
435 get_param: NeutronFlatNetworks
436 NeutronNetworkVLANRanges:
437 get_param: NeutronNetworkVLANRanges
438 NeutronPhysicalBridge:
439 get_param: HypervisorNeutronPhysicalBridge
440 NeutronPublicInterface:
441 get_param: HypervisorNeutronPublicInterface
442 NeutronBridgeMappings:
443 get_param: NeutronBridgeMappings
445 get_param: NeutronDVR
447 get_param: NeutronComputeAgentMode
448 NeutronPublicInterfaceRawDevice:
449 get_param: NeutronPublicInterfaceRawDevice
450 NeutronMechanismDrivers:
451 get_param: NeutronMechanismDrivers
452 NeutronAllowL3AgentFailover:
453 get_param: NeutronAllowL3AgentFailover
455 get_param: NeutronL3HA
456 NovaCompute0AllNodesDeployment:
458 Path: deprecated/nova-compute-instance.yaml
459 SubKey: resources.NovaCompute0AllNodesDeployment
461 AllNodesConfig: {get_resource: allNodesConfig}
464 Path: deprecated/nova-compute-instance.yaml
465 SubKey: resources.NovaCompute0
466 NovaCompute0Passthrough:
468 Path: deprecated/nova-compute-instance.yaml
469 SubKey: resources.NovaCompute0Passthrough
471 passthrough_config: {get_param: ExtraConfig}
472 NovaCompute0PassthroughSpecific:
474 Path: deprecated/nova-compute-instance.yaml
475 SubKey: resources.NovaCompute0PassthroughSpecific
477 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
479 type: OS::Heat::StructuredConfig
481 group: os-apply-config
484 get_param: AdminPassword
486 get_param: AdminToken
489 get_param: NeutronPublicInterfaceIP
501 nodeid: {get_input: bootstack_nodeid}
504 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
509 - - mysql://cinder:unset@
512 debug: {get_param: Debug}
514 get_param: CinderLVMLoopDeviceSize
516 get_param: CinderPassword
518 get_param: CinderISCSIHelper
520 get_input: controller_host
522 bindnetaddr: {get_input: controller_host}
527 ip: {get_attr: [controller0, networks, ctlplane, 0]}
529 stonith_enabled : false
531 quorum_policy : ignore
535 host: {get_input: controller_virtual_ip}
540 - - mysql://glance:unset@
543 debug: {get_param: Debug}
545 get_input: controller_virtual_ip
547 get_param: GlancePort
549 get_param: GlanceProtocol
551 get_param: GlancePassword
552 swift-store-user: service:glance
554 get_param: GlancePassword
556 get_param: GlanceNotifierStrategy
558 get_param: GlanceLogFile
561 get_param: HeatPassword
562 admin_tenant_name: service
564 auth_encryption_key: unset___________
568 - - mysql://heat:unset@
571 debug: {get_param: Debug}
572 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
573 watch_server_url: {get_input: heat.watch_server_url}
574 metadata_server_url: {get_input: heat.metadata_server_url}
575 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
577 port: {get_param: HorizonPort}
583 {get_attr: [controller0, name]}
588 - - mysql://keystone:unset@
591 debug: {get_param: Debug}
593 get_input: controller_virtual_ip
594 ca_certificate: {get_param: KeystoneCACertificate}
595 signing_key: {get_param: KeystoneSigningKey}
596 signing_certificate: {get_param: KeystoneSigningCertificate}
598 certificate: {get_param: KeystoneSSLCertificate}
599 certificate_key: {get_param: KeystoneSSLCertificateKey}
601 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
603 root-password: {get_resource: MysqlRootPassword}
607 ip: {get_attr: [controller0, networks, ctlplane, 0]}
612 - {get_resource: MysqlClusterUniquePart}
614 debug: {get_param: Debug}
615 flat-networks: {get_param: NeutronFlatNetworks}
616 host: {get_input: controller_virtual_ip}
617 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
618 agent_mode: {get_param: NeutronAgentMode}
619 router_distributed: {get_param: NeutronDVR}
620 mechanism_drivers: {get_param: NeutronMechanismDrivers}
621 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
622 l3_ha: {get_param: NeutronL3HA}
624 enable_tunneling: 'True'
626 get_input: controller_host
627 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
628 bridge_mappings: {get_param: NeutronBridgeMappings}
630 get_param: NeutronPublicInterface
631 public_interface_raw_device:
632 get_param: NeutronPublicInterfaceRawDevice
633 public_interface_route:
634 get_param: NeutronPublicInterfaceDefaultRoute
635 public_interface_tag:
636 get_param: NeutronPublicInterfaceTag
637 physical_bridge: br-ex
639 get_param: NeutronNetworkType
641 get_param: NeutronTunnelTypes
645 - - mysql://neutron:unset@
647 - /ovs_neutron?charset=utf8
649 get_param: NeutronPassword
651 get_param: NeutronDnsmasqOptions
656 - - mysql://ceilometer:unset@
659 debug: {get_param: Debug}
660 metering_secret: {get_param: CeilometerMeteringSecret}
662 get_param: CeilometerPassword
664 export_MIB: UCD-SNMP-MIB
666 get_param: SnmpdReadonlyUserName
667 readonly_user_password:
668 get_param: SnmpdReadonlyUserPassword
670 compute_driver: libvirt.LibvirtDriver
674 - - mysql://nova:unset@
677 default_floating_pool:
679 host: {get_input: controller_virtual_ip}
682 get_param: NovaPassword
684 host: {get_input: controller_virtual_ip}
686 get_param: RabbitUserName
688 get_param: RabbitPassword
693 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
694 rabbit_port: {get_param: RabbitClientPort}
697 - {server: {get_param: NtpServer}}
700 - vrrp_instance_name: VI_CONTROL
701 virtual_router_id: 51
703 get_param: ControlVirtualInterface
706 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
708 get_param: ControlVirtualInterface
709 - vrrp_instance_name: VI_PUBLIC
710 virtual_router_id: 52
712 get_param: PublicVirtualInterface
715 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
717 get_param: PublicVirtualInterface
725 get_param: PublicVirtualInterface
729 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
731 get_param: ControlVirtualInterface
733 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
735 get_param: PublicVirtualInterface
740 ip: {get_attr: [controller0, networks, ctlplane, 0]}
741 name: {get_attr: [controller0, name]}
743 - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
744 - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
746 - option httpchk GET /
748 - name: keystone_admin
750 - name: keystone_public
760 - name: glance_registry
762 options: # overwrite options as glace_reg needs auth for http req
765 - name: heat_cloudwatch
782 - name: nova_metadata
784 - name: nova_novncproxy
788 options: # overwrite options as ceil needs auth for http req
789 - name: swift_proxy_server
792 - option httpchk GET /info
801 controllerPassthrough:
802 type: OS::Heat::StructuredConfig
804 group: os-apply-config
805 config: {get_input: passthrough_config}
806 controllerPassthroughSpecific:
807 type: OS::Heat::StructuredConfig
809 group: os-apply-config
810 config: {get_input: passthrough_config_specific}
812 type: OS::Nova::Server
815 get_param: controllerImage
817 get_param: ImageUpdatePolicy
819 get_param: OvercloudControlFlavor
824 user_data_format: SOFTWARE_CONFIG
825 controller0AllNodesDeployment:
826 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
827 type: OS::Heat::StructuredDeployment
829 signal_transport: {get_param: DefaultSignalTransport}
830 config: {get_resource: allNodesConfig}
831 server: {get_resource: controller0}
832 controller0Deployment:
833 type: OS::Heat::StructuredDeployment
835 signal_transport: NO_SIGNAL
836 config: {get_resource: controllerConfig}
837 server: {get_resource: controller0}
839 bootstack_nodeid: {get_attr: [controller0, name]}
840 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
841 controller_virtual_ip:
842 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
843 heat.watch_server_url:
847 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
849 heat.metadata_server_url:
853 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
855 heat.waitcondition_server_url:
859 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
860 - ':8000/v1/waitcondition'
862 type: OS::Heat::StructuredConfig
865 completion-signal: {get_input: deploy_signal_id}
875 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
876 - {get_attr: [NovaCompute0, name]}
879 - - {get_attr: [NovaCompute0, name]}
887 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
888 - {get_attr: [BlockStorage0, name]}
891 - - {get_attr: [BlockStorage0, name]}
899 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
900 - {get_attr: [SwiftStorage0, name]}
903 - - {get_attr: [SwiftStorage0, name]}
911 - - {get_attr: [controller0, networks, ctlplane, 0]}
912 - {get_attr: [controller0, name]}
915 - - {get_attr: [controller0, name]}
917 - {get_param: CloudName}
924 {get_attr: [controller0, name]}
926 net.ipv4.tcp_keepalive_time: 5
927 net.ipv4.tcp_keepalive_probes: 5
928 net.ipv4.tcp_keepalive_intvl: 1
929 controller0SSLDeployment:
930 type: OS::Heat::StructuredDeployment
932 config: {get_resource: SSLConfig}
933 server: {get_resource: controller0}
934 signal_transport: NO_SIGNAL
936 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
937 ssl_certificate: {get_param: SSLCertificate}
938 ssl_key: {get_param: SSLKey}
939 ssl_ca_certificate: {get_param: SSLCACertificate}
940 controller0Passthrough:
941 type: OS::Heat::StructuredDeployment
943 config: {get_resource: controllerPassthrough}
944 server: {get_resource: controller0}
945 signal_transport: NO_SIGNAL
947 passthrough_config: {get_param: ExtraConfig}
948 controller0PassthroughSpecific:
949 depends_on: [controller0Passthrough]
950 type: OS::Heat::StructuredDeployment
952 config: {get_resource: controllerPassthroughSpecific}
953 server: {get_resource: controller0}
954 signal_transport: NO_SIGNAL
956 passthrough_config_specific: {get_param: controllerExtraConfig}
959 description: URL for the Overcloud Keystone service
964 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}