1 description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2 server,Dedicated RabbitMQ Server,Group of Nova Computes
3 heat_template_version: 2013-05-23
7 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The keystone auth secret.
15 CeilometerComputeAgent:
16 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
20 - allowed_values: ['', Present]
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
50 description: Should be used for arbitrary ips.
52 controllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
60 default: overcloud-control
62 - custom_constraint: glance.image
63 ControlVirtualInterface:
65 description: Interface where virtual ip will be assigned.
69 description: Set to True to enable debugging on all services.
71 DefaultSignalTransport:
73 description: Transport to use for software-config signals.
76 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
80 Additional configuration to inject into the cluster. The JSON should have
81 the following structure:
84 [{"section": "SECTIONNAME",
86 [{"option": "OPTIONNAME",
97 [{"section": "default",
99 [{"option": "force_config_drive",
106 [{"option": "driver",
107 "value": "nova.cells.rpc_driver.CellsRPCDriver"
116 description: The filepath of the file to use for logging messages from Glance.
121 description: The password for the glance service account, used by the glance services.
126 description: Glance port.
130 description: Protocol to use when connecting to glance, set to https for SSL.
132 GlanceNotifierStrategy:
133 description: Strategy to use for Glance notification queue
138 description: The password for the Heat service account, used by the Heat services.
141 HeatStackDomainAdminPassword:
142 description: Password for heat_domain_admin user.
146 HypervisorNeutronPhysicalBridge:
149 An OVS bridge to create on each hypervisor. This defaults to br-ex the
150 same as the control plane nodes, as we have a uniform configuration of
151 the openvswitch agent. Typically should not need to be changed.
153 HypervisorNeutronPublicInterface:
155 description: What interface to add to the HypervisorNeutronPhysicalBridge.
158 default: 'REBUILD_PRESERVE_EPHEMERAL'
159 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
163 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
166 - custom_constraint: nova.keypair
167 KeystoneCACertificate:
169 description: Keystone self-signed certificate authority certificate.
171 KeystoneSigningCertificate:
173 description: Keystone certificate for verifying token validity.
177 description: Keystone key for signing tokens.
180 KeystoneSSLCertificate:
182 description: Keystone certificate for verifying token validity.
184 KeystoneSSLCertificateKey:
186 description: Keystone key for signing tokens.
189 MysqlInnodbBufferPoolSize:
191 Specifies the size of the buffer pool in megabytes. Setting to
192 zero should be interpreted as "no value" and will defer to the
196 NeutronBridgeMappings:
198 The OVS logical->physical bridge mappings to use. See the Neutron
199 documentation for details. Defaults to mapping br-ex - the external
200 bridge on hosts - to a physical name 'datacentre' which can be used
201 to create provider networks (and we use this for the default floating
202 network) - if changing this either use different post-install network
203 scripts or be sure to keep 'datacentre' as a mapping network name.
205 default: "datacentre:br-ex"
206 NeutronControlPlaneID:
209 description: Neutron ID for ctlplane network.
210 NeutronDnsmasqOptions:
211 default: 'dhcp-option-force=26,1400'
212 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
216 default: 'datacentre'
218 If set, flat networks to configure in neutron plugins. Defaults to
219 'datacentre' to permit external network creation.
222 description: The tenant network type for Neutron, either gre or vxlan.
224 NeutronNetworkVLANRanges:
225 default: 'datacentre'
227 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
228 Neutron documentation for permitted values. Defaults to permitting any
229 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
233 description: The password for the neutron service account, used by neutron agents.
236 NeutronPublicInterface:
238 description: What interface to bridge onto br-ex for network nodes.
240 NeutronPublicInterfaceDefaultRoute:
242 description: A custom default route for the NeutronPublicInterface.
244 NeutronPublicInterfaceIP:
246 description: A custom IP address to put onto the NeutronPublicInterface.
248 NeutronPublicInterfaceRawDevice:
250 description: If set, the public interface is a vlan with this device as the raw device.
252 NeutronPublicInterfaceTag:
255 VLAN tag for creating a public VLAN. The tag will be used to
256 create an access port on the exterior bridge for each control plane node,
257 and that port will be given the IP address returned by neutron from the
258 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
259 overcloud.yaml to include the deployment of VLAN ports to the control
262 NeutronComputeAgentMode:
264 description: Agent mode for the neutron-l3-agent on the compute hosts
268 description: Agent mode for the neutron-l3-agent on the controller hosts
272 description: Whether to configure Neutron Distributed Virtual Routers
274 NeutronMetadataProxySharedSecret:
276 description: Shared secret to prevent spoofing
281 The tunnel types for the Neutron tenant network. To specify multiple
282 values, use a comma separated string, like so: 'gre,vxlan'
284 NeutronMechanismDrivers:
285 default: 'openvswitch'
287 The mechanism drivers for the Neutron tenant network. To specify multiple
288 values, use a comma separated string, like so: 'openvswitch,l2_population'
290 NeutronAllowL3AgentFailover:
292 description: Allow automatic l3-agent failover
295 default: libvirt.LibvirtDriver
297 NovaComputeExtraConfig:
300 NovaCompute specific configuration to inject into the cluster. Same
301 structure as ExtraConfig.
303 NovaComputeLibvirtType:
308 default: overcloud-compute
310 - custom_constraint: glance.image
313 description: The password for the nova service account, used by nova-api.
319 OvercloudComputeFlavor:
320 description: Flavor for compute nodes to request when deploying.
323 - custom_constraint: nova.flavor
324 OvercloudControlFlavor:
325 description: Flavor for control nodes to request when deploying.
328 - custom_constraint: nova.flavor
329 PublicVirtualFixedIPs:
332 Control the IP allocation for the PublicVirtualInterface port. E.g.
333 [{'ip_address':'1.2.3.4'}]
335 PublicVirtualInterface:
338 Specifies the interface where the public-facing virtual ip will be assigned.
339 This should be int_public when a VLAN is being used.
341 PublicVirtualNetwork:
345 Neutron network to allocate public virtual IP port on.
349 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
352 description: The password for RabbitMQ
357 description: The username for RabbitMQ
362 Rabbit client subscriber parameter to specify
363 an SSL connection to the RabbitMQ host.
367 description: Set rabbit subscriber port, change this if using SSL
369 SnmpdReadonlyUserName:
370 default: ro_snmp_user
371 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
373 SnmpdReadonlyUserPassword:
375 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
380 type: OS::Neutron::Port
382 name: control_virtual_ip
383 network_id: {get_param: NeutronControlPlaneID}
385 get_param: ControlFixedIPs
386 replacement_policy: AUTO
387 MysqlClusterUniquePart:
388 type: OS::Heat::RandomString
392 type: OS::Heat::RandomString
396 type: OS::Neutron::Port
398 name: public_virtual_ip
399 network: {get_param: PublicVirtualNetwork}
401 get_param: PublicVirtualFixedIPs
402 replacement_policy: AUTO
404 type: OS::Heat::RandomString
408 get_param: RabbitCookieSalt
409 NovaCompute0Deployment:
411 Path: nova-compute-instance.yaml
412 SubKey: resources.NovaCompute0Deployment
414 DefaultSignalTransport:
415 get_param: DefaultSignalTransport
416 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
417 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
418 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
419 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
420 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
424 - - mysql://nova:unset@
425 - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
427 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
431 - - mysql://ceilometer:unset@
432 - *compute_database_host
437 - - mysql://neutron:unset@
438 - *compute_database_host
441 get_param: NeutronNetworkType
443 get_param: NeutronTunnelTypes
444 NeutronEnableTunnelling: "True"
446 get_param: NeutronFlatNetworks
447 NeutronNetworkVLANRanges:
448 get_param: NeutronNetworkVLANRanges
449 NeutronPhysicalBridge:
450 get_param: HypervisorNeutronPhysicalBridge
451 NeutronPublicInterface:
452 get_param: HypervisorNeutronPublicInterface
453 NeutronBridgeMappings:
454 get_param: NeutronBridgeMappings
456 get_param: NeutronDVR
458 get_param: NeutronComputeAgentMode
459 NeutronPublicInterfaceRawDevice:
460 get_param: NeutronPublicInterfaceRawDevice
461 NeutronMechanismDrivers:
462 get_param: NeutronMechanismDrivers
463 NeutronAllowL3AgentFailover:
464 get_param: NeutronAllowL3AgentFailover
465 NovaCompute0AllNodesDeployment:
467 Path: nova-compute-instance.yaml
468 SubKey: resources.NovaCompute0AllNodesDeployment
470 AllNodesConfig: {get_resource: allNodesConfig}
473 Path: nova-compute-instance.yaml
474 SubKey: resources.NovaCompute0
475 NovaCompute0Passthrough:
477 Path: nova-compute-instance.yaml
478 SubKey: resources.NovaCompute0Passthrough
480 passthrough_config: {get_param: ExtraConfig}
481 NovaCompute0PassthroughSpecific:
483 Path: nova-compute-instance.yaml
484 SubKey: resources.NovaCompute0PassthroughSpecific
486 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
488 type: OS::Heat::StructuredConfig
490 group: os-apply-config
493 get_param: AdminPassword
495 get_param: AdminToken
498 get_param: NeutronPublicInterfaceIP
510 nodeid: {get_input: bootstack_nodeid}
513 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
518 - - mysql://cinder:unset@
521 debug: {get_param: Debug}
523 get_param: CinderLVMLoopDeviceSize
525 get_param: CinderPassword
527 get_param: CinderISCSIHelper
529 get_input: controller_host
531 bindnetaddr: {get_input: controller_host}
536 ip: {get_attr: [controller0, networks, ctlplane, 0]}
538 stonith_enabled : false
540 quorum_policy : ignore
544 host: {get_input: controller_virtual_ip}
549 - - mysql://glance:unset@
552 debug: {get_param: Debug}
554 get_input: controller_virtual_ip
556 get_param: GlancePort
558 get_param: GlanceProtocol
560 get_param: GlancePassword
561 swift-store-user: service:glance
563 get_param: GlancePassword
565 get_param: GlanceNotifierStrategy
567 get_param: GlanceLogFile
570 get_param: HeatPassword
571 admin_tenant_name: service
573 auth_encryption_key: unset___________
577 - - mysql://heat:unset@
580 debug: {get_param: Debug}
581 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
582 watch_server_url: {get_input: heat.watch_server_url}
583 metadata_server_url: {get_input: heat.metadata_server_url}
584 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
591 {get_attr: [controller0, name]}
596 - - mysql://keystone:unset@
599 debug: {get_param: Debug}
601 get_input: controller_virtual_ip
602 ca_certificate: {get_param: KeystoneCACertificate}
603 signing_key: {get_param: KeystoneSigningKey}
604 signing_certificate: {get_param: KeystoneSigningCertificate}
606 certificate: {get_param: KeystoneSSLCertificate}
607 certificate_key: {get_param: KeystoneSSLCertificateKey}
609 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
611 root-password: {get_resource: MysqlRootPassword}
615 ip: {get_attr: [controller0, networks, ctlplane, 0]}
620 - {get_resource: MysqlClusterUniquePart}
622 debug: {get_param: Debug}
623 flat-networks: {get_param: NeutronFlatNetworks}
624 host: {get_input: controller_virtual_ip}
625 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
626 agent_mode: {get_param: NeutronAgentMode}
627 router_distributed: {get_param: NeutronDVR}
628 mechanism_drivers: {get_param: NeutronMechanismDrivers}
629 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
631 enable_tunneling: 'True'
633 get_input: controller_host
634 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
635 bridge_mappings: {get_param: NeutronBridgeMappings}
637 get_param: NeutronPublicInterface
638 public_interface_raw_device:
639 get_param: NeutronPublicInterfaceRawDevice
640 public_interface_route:
641 get_param: NeutronPublicInterfaceDefaultRoute
642 public_interface_tag:
643 get_param: NeutronPublicInterfaceTag
644 physical_bridge: br-ex
646 get_param: NeutronNetworkType
648 get_param: NeutronTunnelTypes
652 - - mysql://neutron:unset@
654 - /ovs_neutron?charset=utf8
656 get_param: NeutronPassword
658 get_param: NeutronDnsmasqOptions
663 - - mysql://ceilometer:unset@
666 debug: {get_param: Debug}
667 metering_secret: {get_param: CeilometerMeteringSecret}
669 get_param: CeilometerPassword
671 export_MIB: UCD-SNMP-MIB
673 get_param: SnmpdReadonlyUserName
674 readonly_user_password:
675 get_param: SnmpdReadonlyUserPassword
677 compute_driver: libvirt.LibvirtDriver
681 - - mysql://nova:unset@
684 default_floating_pool:
686 host: {get_input: controller_virtual_ip}
689 get_param: NovaPassword
691 host: {get_input: controller_virtual_ip}
693 get_param: RabbitUserName
695 get_param: RabbitPassword
700 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
701 rabbit_port: {get_param: RabbitClientPort}
704 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
707 - vrrp_instance_name: VI_CONTROL
708 virtual_router_id: 51
710 get_param: ControlVirtualInterface
713 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
715 get_param: ControlVirtualInterface
716 - vrrp_instance_name: VI_PUBLIC
717 virtual_router_id: 52
719 get_param: PublicVirtualInterface
722 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
724 get_param: PublicVirtualInterface
732 get_param: PublicVirtualInterface
736 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
738 get_param: ControlVirtualInterface
740 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
742 get_param: PublicVirtualInterface
747 ip: {get_attr: [controller0, networks, ctlplane, 0]}
748 name: {get_attr: [controller0, name]}
750 - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
751 - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
753 - option httpchk GET /
755 - name: keystone_admin
757 - name: keystone_public
767 - name: glance_registry
769 options: # overwrite options as glace_reg needs auth for http req
772 - name: heat_cloudwatch
789 - name: nova_metadata
791 - name: nova_novncproxy
795 options: # overwrite options as ceil needs auth for http req
796 - name: swift_proxy_server
799 - option httpchk GET /info
808 controllerPassthrough:
809 type: OS::Heat::StructuredConfig
811 group: os-apply-config
812 config: {get_input: passthrough_config}
813 controllerPassthroughSpecific:
814 type: OS::Heat::StructuredConfig
816 group: os-apply-config
817 config: {get_input: passthrough_config_specific}
819 type: OS::Nova::Server
822 get_param: controllerImage
824 get_param: ImageUpdatePolicy
826 get_param: OvercloudControlFlavor
831 user_data_format: SOFTWARE_CONFIG
832 controller0AllNodesDeployment:
833 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
834 type: OS::Heat::StructuredDeployment
836 signal_transport: {get_param: DefaultSignalTransport}
837 config: {get_resource: allNodesConfig}
838 server: {get_resource: controller0}
839 controller0Deployment:
840 type: OS::Heat::StructuredDeployment
842 signal_transport: NO_SIGNAL
843 config: {get_resource: controllerConfig}
844 server: {get_resource: controller0}
846 bootstack_nodeid: {get_attr: [controller0, name]}
847 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
848 controller_virtual_ip:
849 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
850 heat.watch_server_url:
854 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
856 heat.metadata_server_url:
860 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
862 heat.waitcondition_server_url:
866 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
867 - ':8000/v1/waitcondition'
869 type: OS::Heat::StructuredConfig
872 completion-signal: {get_input: deploy_signal_id}
882 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
883 - {get_attr: [NovaCompute0, name]}
886 - - {get_attr: [NovaCompute0, name]}
894 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
895 - {get_attr: [BlockStorage0, name]}
898 - - {get_attr: [BlockStorage0, name]}
906 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
907 - {get_attr: [SwiftStorage0, name]}
910 - - {get_attr: [SwiftStorage0, name]}
918 - - {get_attr: [controller0, networks, ctlplane, 0]}
919 - {get_attr: [controller0, name]}
922 - - {get_attr: [controller0, name]}
924 - {get_param: CloudName}
931 {get_attr: [controller0, name]}
933 net.ipv4.tcp_keepalive_time: 5
934 net.ipv4.tcp_keepalive_probes: 5
935 net.ipv4.tcp_keepalive_intvl: 1
936 controller0SSLDeployment:
937 type: OS::Heat::StructuredDeployment
939 config: {get_resource: SSLConfig}
940 server: {get_resource: controller0}
941 signal_transport: NO_SIGNAL
943 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
944 ssl_certificate: {get_param: SSLCertificate}
945 ssl_key: {get_param: SSLKey}
946 ssl_ca_certificate: {get_param: SSLCACertificate}
947 controller0Passthrough:
948 type: OS::Heat::StructuredDeployment
950 config: {get_resource: controllerPassthrough}
951 server: {get_resource: controller0}
952 signal_transport: NO_SIGNAL
954 passthrough_config: {get_param: ExtraConfig}
955 controller0PassthroughSpecific:
956 depends_on: [controller0Passthrough]
957 type: OS::Heat::StructuredDeployment
959 config: {get_resource: controllerPassthroughSpecific}
960 server: {get_resource: controller0}
961 signal_transport: NO_SIGNAL
963 passthrough_config_specific: {get_param: controllerExtraConfig}
966 description: URL for the Overcloud Keystone service
971 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}