1 description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2 server,Dedicated RabbitMQ Server,Group of Nova Computes
3 heat_template_version: 2013-05-23
7 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The keystone auth secret.
15 CeilometerComputeAgent:
16 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
20 - allowed_values: ['', Present]
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
50 description: Should be used for arbitrary ips.
52 controllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
60 default: overcloud-control
62 - custom_constraint: glance.image
63 ControlVirtualInterface:
65 description: Interface where virtual ip will be assigned.
69 description: Set to True to enable debugging on all services.
71 DefaultSignalTransport:
73 description: Transport to use for software-config signals.
76 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
80 Additional configuration to inject into the cluster. The JSON should have
81 the following structure:
84 [{"section": "SECTIONNAME",
86 [{"option": "OPTIONNAME",
97 [{"section": "default",
99 [{"option": "force_config_drive",
106 [{"option": "driver",
107 "value": "nova.cells.rpc_driver.CellsRPCDriver"
116 description: The filepath of the file to use for logging messages from Glance.
121 description: The password for the glance service account, used by the glance services.
126 description: Glance port.
130 description: Protocol to use when connecting to glance, set to https for SSL.
132 GlanceNotifierStrategy:
133 description: Strategy to use for Glance notification queue
138 description: The password for the Heat service account, used by the Heat services.
141 HeatStackDomainAdminPassword:
142 description: Password for heat_domain_admin user.
146 HypervisorNeutronPhysicalBridge:
149 An OVS bridge to create on each hypervisor. This defaults to br-ex the
150 same as the control plane nodes, as we have a uniform configuration of
151 the openvswitch agent. Typically should not need to be changed.
153 HypervisorNeutronPublicInterface:
155 description: What interface to add to the HypervisorNeutronPhysicalBridge.
158 default: 'REBUILD_PRESERVE_EPHEMERAL'
159 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
163 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
166 - custom_constraint: nova.keypair
167 KeystoneCACertificate:
169 description: Keystone self-signed certificate authority certificate.
171 KeystoneSigningCertificate:
173 description: Keystone certificate for verifying token validity.
177 description: Keystone key for signing tokens.
180 KeystoneSSLCertificate:
182 description: Keystone certificate for verifying token validity.
184 KeystoneSSLCertificateKey:
186 description: Keystone key for signing tokens.
189 LiveUpdateComputeImage:
191 description: The image ID for live-updates to the overcloud compute nodes.
195 description: The IP address for the undercloud Glance API.
200 description: The live-update password for the undercloud Glance API.
202 LiveUpdateTenantName:
204 description: The live-update tenant name for the undercloud Glance API.
208 description: The live-update username for the undercloud Glance API.
210 MysqlInnodbBufferPoolSize:
212 Specifies the size of the buffer pool in megabytes. Setting to
213 zero should be interpreted as "no value" and will defer to the
217 NeutronBridgeMappings:
219 The OVS logical->physical bridge mappings to use. See the Neutron
220 documentation for details. Defaults to mapping br-ex - the external
221 bridge on hosts - to a physical name 'datacentre' which can be used
222 to create provider networks (and we use this for the default floating
223 network) - if changing this either use different post-install network
224 scripts or be sure to keep 'datacentre' as a mapping network name.
226 default: "datacentre:br-ex"
227 NeutronControlPlaneID:
230 description: Neutron ID for ctlplane network.
231 NeutronDnsmasqOptions:
232 default: 'dhcp-option-force=26,1400'
233 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
237 default: 'datacentre'
239 If set, flat networks to configure in neutron plugins. Defaults to
240 'datacentre' to permit external network creation.
243 description: The tenant network type for Neutron, either gre or vxlan.
245 NeutronNetworkVLANRanges:
246 default: 'datacentre'
248 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
249 Neutron documentation for permitted values. Defaults to permitting any
250 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
254 description: The password for the neutron service account, used by neutron agents.
257 NeutronPublicInterface:
259 description: What interface to bridge onto br-ex for network nodes.
261 NeutronPublicInterfaceDefaultRoute:
263 description: A custom default route for the NeutronPublicInterface.
265 NeutronPublicInterfaceIP:
267 description: A custom IP address to put onto the NeutronPublicInterface.
269 NeutronPublicInterfaceRawDevice:
271 description: If set, the public interface is a vlan with this device as the raw device.
273 NeutronPublicInterfaceTag:
276 VLAN tag for creating a public VLAN. The tag will be used to
277 create an access port on the exterior bridge for each control plane node,
278 and that port will be given the IP address returned by neutron from the
279 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
280 overcloud.yaml to include the deployment of VLAN ports to the control
286 The tunnel types for the Neutron tenant network. To specify multiple
287 values, use a comma separated string, like so: 'gre,vxlan'
290 default: libvirt.LibvirtDriver
292 NovaComputeExtraConfig:
295 NovaCompute specific configuration to inject into the cluster. Same
296 structure as ExtraConfig.
298 NovaComputeLibvirtType:
303 default: overcloud-compute
305 - custom_constraint: glance.image
308 description: The password for the nova service account, used by nova-api.
314 OvercloudComputeFlavor:
316 description: Flavor for compute nodes to request when deploying.
319 - custom_constraint: nova.flavor
320 OvercloudControlFlavor:
322 description: Flavor for control nodes to request when deploying.
325 - custom_constraint: nova.flavor
326 PublicVirtualFixedIPs:
329 Control the IP allocation for the PublicVirtualInterface port. E.g.
330 [{'ip_address':'1.2.3.4'}]
332 PublicVirtualInterface:
335 Specifies the interface where the public-facing virtual ip will be assigned.
336 This should be int_public when a VLAN is being used.
338 PublicVirtualNetwork:
342 Neutron network to allocate public virtual IP port on.
346 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
349 description: The password for RabbitMQ
354 description: The username for RabbitMQ
359 Rabbit client subscriber parameter to specify
360 an SSL connection to the RabbitMQ host.
364 description: Set rabbit subscriber port, change this if using SSL
366 SnmpdReadonlyUserName:
367 default: ro_snmp_user
368 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
370 SnmpdReadonlyUserPassword:
372 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
377 type: OS::Neutron::Port
379 name: control_virtual_ip
380 network_id: {get_param: NeutronControlPlaneID}
382 get_param: ControlFixedIPs
383 replacement_policy: AUTO
384 MysqlClusterUniquePart:
385 type: OS::Heat::RandomString
389 type: OS::Heat::RandomString
393 type: OS::Neutron::Port
395 name: public_virtual_ip
396 network: {get_param: PublicVirtualNetwork}
398 get_param: PublicVirtualFixedIPs
399 replacement_policy: AUTO
401 type: OS::Heat::RandomString
405 get_param: RabbitCookieSalt
406 NovaCompute0Deployment:
408 Path: nova-compute-instance.yaml
409 SubKey: resources.NovaCompute0Deployment
411 DefaultSignalTransport:
412 get_param: DefaultSignalTransport
413 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
414 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
415 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
416 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
417 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
421 - - mysql://nova:unset@
422 - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
424 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
428 - - mysql://ceilometer:unset@
429 - *compute_database_host
434 - - mysql://neutron:unset@
435 - *compute_database_host
438 get_param: NeutronNetworkType
440 get_param: NeutronTunnelTypes
441 NeutronEnableTunnelling: "True"
443 get_param: NeutronFlatNetworks
444 NeutronNetworkVLANRanges:
445 get_param: NeutronNetworkVLANRanges
446 NeutronPhysicalBridge:
447 get_param: HypervisorNeutronPhysicalBridge
448 NeutronPublicInterface:
449 get_param: HypervisorNeutronPublicInterface
450 NeutronBridgeMappings:
451 get_param: NeutronBridgeMappings
452 NovaCompute0AllNodesDeployment:
454 Path: nova-compute-instance.yaml
455 SubKey: resources.NovaCompute0AllNodesDeployment
457 AllNodesConfig: {get_resource: allNodesConfig}
460 Path: nova-compute-instance.yaml
461 SubKey: resources.NovaCompute0
462 NovaCompute0Passthrough:
464 Path: nova-compute-instance.yaml
465 SubKey: resources.NovaCompute0Passthrough
467 passthrough_config: {get_param: ExtraConfig}
468 NovaCompute0PassthroughSpecific:
470 Path: nova-compute-instance.yaml
471 SubKey: resources.NovaCompute0PassthroughSpecific
473 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
475 type: OS::Heat::StructuredConfig
477 group: os-apply-config
480 get_param: AdminPassword
482 get_param: AdminToken
485 get_param: NeutronPublicInterfaceIP
497 nodeid: {get_input: bootstack_nodeid}
500 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
505 - - mysql://cinder:unset@
508 debug: {get_param: Debug}
510 get_param: CinderLVMLoopDeviceSize
512 get_param: CinderPassword
514 get_param: CinderISCSIHelper
516 get_input: controller_host
518 bindnetaddr: {get_input: controller_host}
523 ip: {get_attr: [controller0, networks, ctlplane, 0]}
525 stonith_enabled : false
527 quorum_policy : ignore
531 host: {get_input: controller_virtual_ip}
536 - - mysql://glance:unset@
539 debug: {get_param: Debug}
541 get_input: controller_virtual_ip
543 get_param: GlancePort
545 get_param: GlanceProtocol
547 get_param: GlancePassword
548 swift-store-user: service:glance
550 get_param: GlancePassword
552 get_param: GlanceNotifierStrategy
554 get_param: GlanceLogFile
557 get_param: HeatPassword
558 admin_tenant_name: service
560 auth_encryption_key: unset___________
564 - - mysql://heat:unset@
567 debug: {get_param: Debug}
568 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
569 watch_server_url: {get_input: heat.watch_server_url}
570 metadata_server_url: {get_input: heat.metadata_server_url}
571 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
578 {get_attr: [controller0, name]}
583 - - mysql://keystone:unset@
586 debug: {get_param: Debug}
588 get_input: controller_virtual_ip
589 ca_certificate: {get_param: KeystoneCACertificate}
590 signing_key: {get_param: KeystoneSigningKey}
591 signing_certificate: {get_param: KeystoneSigningCertificate}
593 certificate: {get_param: KeystoneSSLCertificate}
594 certificate_key: {get_param: KeystoneSSLCertificateKey}
596 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
598 root-password: {get_resource: MysqlRootPassword}
602 ip: {get_attr: [controller0, networks, ctlplane, 0]}
607 - {get_resource: MysqlClusterUniquePart}
609 debug: {get_param: Debug}
610 flat-networks: {get_param: NeutronFlatNetworks}
611 host: {get_input: controller_virtual_ip}
612 metadata_proxy_shared_secret: unset
614 enable_tunneling: 'True'
616 get_input: controller_host
617 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
618 bridge_mappings: {get_param: NeutronBridgeMappings}
620 get_param: NeutronPublicInterface
621 public_interface_raw_device:
622 get_param: NeutronPublicInterfaceRawDevice
623 public_interface_route:
624 get_param: NeutronPublicInterfaceDefaultRoute
625 public_interface_tag:
626 get_param: NeutronPublicInterfaceTag
627 physical_bridge: br-ex
629 get_param: NeutronNetworkType
631 get_param: NeutronTunnelTypes
635 - - mysql://neutron:unset@
637 - /ovs_neutron?charset=utf8
639 get_param: NeutronPassword
641 get_param: NeutronDnsmasqOptions
646 - - mysql://ceilometer:unset@
649 debug: {get_param: Debug}
650 metering_secret: {get_param: CeilometerMeteringSecret}
652 get_param: CeilometerPassword
654 export_MIB: UCD-SNMP-MIB
656 get_param: SnmpdReadonlyUserName
657 readonly_user_password:
658 get_param: SnmpdReadonlyUserPassword
660 compute_driver: libvirt.LibvirtDriver
664 - - mysql://nova:unset@
667 default_floating_pool:
669 host: {get_input: controller_virtual_ip}
672 get_param: NovaPassword
674 host: {get_input: controller_virtual_ip}
676 get_param: RabbitUserName
678 get_param: RabbitPassword
683 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
684 rabbit_port: {get_param: RabbitClientPort}
687 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
690 - vrrp_instance_name: VI_CONTROL
691 virtual_router_id: 51
693 get_param: ControlVirtualInterface
696 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
698 get_param: ControlVirtualInterface
699 - vrrp_instance_name: VI_PUBLIC
700 virtual_router_id: 52
702 get_param: PublicVirtualInterface
705 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
707 get_param: PublicVirtualInterface
715 get_param: PublicVirtualInterface
719 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
721 get_param: ControlVirtualInterface
723 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
725 get_param: PublicVirtualInterface
730 ip: {get_attr: [controller0, networks, ctlplane, 0]}
731 name: {get_attr: [controller0, name]}
733 - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
734 - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
736 - name: keystone_admin
738 - name: keystone_public
748 - name: glance_registry
752 - name: heat_cloudwatch
769 - name: nova_metadata
771 - name: nova_novncproxy
775 - name: swift_proxy_server
784 controllerPassthrough:
785 type: OS::Heat::StructuredConfig
787 group: os-apply-config
788 config: {get_input: passthrough_config}
789 controllerPassthroughSpecific:
790 type: OS::Heat::StructuredConfig
792 group: os-apply-config
793 config: {get_input: passthrough_config_specific}
795 type: OS::Nova::Server
798 get_param: controllerImage
800 get_param: ImageUpdatePolicy
802 get_param: OvercloudControlFlavor
807 user_data_format: SOFTWARE_CONFIG
808 controller0AllNodesDeployment:
809 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
810 type: OS::Heat::StructuredDeployment
812 signal_transport: {get_param: DefaultSignalTransport}
813 config: {get_resource: allNodesConfig}
814 server: {get_resource: controller0}
815 controller0Deployment:
816 type: OS::Heat::StructuredDeployment
818 signal_transport: NO_SIGNAL
819 config: {get_resource: controllerConfig}
820 server: {get_resource: controller0}
822 bootstack_nodeid: {get_attr: [controller0, name]}
823 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
824 controller_virtual_ip:
825 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
826 heat.watch_server_url:
830 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
832 heat.metadata_server_url:
836 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
838 heat.waitcondition_server_url:
842 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
843 - ':8000/v1/waitcondition'
845 type: OS::Heat::StructuredConfig
848 completion-signal: {get_input: deploy_signal_id}
858 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
859 - {get_attr: [NovaCompute0, name]}
862 - - {get_attr: [NovaCompute0, name]}
870 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
871 - {get_attr: [BlockStorage0, name]}
874 - - {get_attr: [BlockStorage0, name]}
882 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
883 - {get_attr: [SwiftStorage0, name]}
886 - - {get_attr: [SwiftStorage0, name]}
894 - - {get_attr: [controller0, networks, ctlplane, 0]}
895 - {get_attr: [controller0, name]}
898 - - {get_attr: [controller0, name]}
900 - {get_param: CloudName}
907 {get_attr: [controller0, name]}
908 controller0SSLDeployment:
909 type: OS::Heat::StructuredDeployment
911 config: {get_resource: SSLConfig}
912 server: {get_resource: controller0}
913 signal_transport: NO_SIGNAL
915 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
916 ssl_certificate: {get_param: SSLCertificate}
917 ssl_key: {get_param: SSLKey}
918 ssl_ca_certificate: {get_param: SSLCACertificate}
919 controller0Passthrough:
920 type: OS::Heat::StructuredDeployment
922 config: {get_resource: controllerPassthrough}
923 server: {get_resource: controller0}
924 signal_transport: NO_SIGNAL
926 passthrough_config: {get_param: ExtraConfig}
927 controller0PassthroughSpecific:
928 depends_on: [controller0Passthrough]
929 type: OS::Heat::StructuredDeployment
931 config: {get_resource: controllerPassthroughSpecific}
932 server: {get_resource: controller0}
933 signal_transport: NO_SIGNAL
935 passthrough_config_specific: {get_param: controllerExtraConfig}
938 description: URL for the Overcloud Keystone service
943 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}