Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Make Heat service password configurable.
[apex-tripleo-heat-templates.git] / overcloud-source.yaml
1 Description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2   server,Dedicated RabbitMQ Server,Group of Nova Computes
3 HeatTemplateFormatVersion: '2012-12-12'
4 Parameters:
5   AdminPassword:
6     Default: unset
7     Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
8     Type: String
9   AdminToken:
10     Default: unset
11     Description: The keystone auth secret.
12     Type: String
13   CinderPassword:
14     Default: unset
15     Description: The password for the cinder service account, used by cinder-api.
16     Type: String
17   Flavor:
18     Default: baremetal
19     Description: Flavor to request when deploying.
20     Type: String
21   GlancePassword:
22     Default: unset
23     Description: The password for the glance service account, used by the glance services.
24     Type: String
25   HeatPassword:
26     Default: unset
27     Description: The password for the Heat service account, used by the Heat services.
28     Type: String
29   KeyName:
30     Default: default
31     Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
32     Type: String
33   NeutronPassword:
34     Default: unset
35     Description: The password for the neutron service account, used by neutron agents.
36     Type: String
37   NovaComputeDriver:
38     Default: libvirt.LibvirtDriver
39     Type: String
40   NovaComputeLibvirtType:
41     Default: ''
42     Type: String
43   NovaImage:
44     Type: String
45     Default: overcloud-compute
46   NovaInterfaces:
47     Default: eth0
48     Type: String
49   NovaPassword:
50     Default: unset
51     Description: The password for the nova service account, used by nova-api.
52     Type: String
53   PowerUserName:
54     Default: stack
55     Description: What username to ssh to the virtual power host with.
56     Type: String
57   notcomputeImage:
58     Type: String
59     Default: overcloud-control
60 Resources:
61   AccessPolicy:
62     Properties:
63       AllowedResources:
64       - notcompute
65       - notcomputeConfig
66     Type: OS::Heat::AccessPolicy
67   ComputeAccessPolicy:
68     Properties:
69       AllowedResources:
70       - NovaCompute0
71       - NovaCompute0Config
72     Type: OS::Heat::AccessPolicy
73   Key:
74     Properties:
75       UserName:
76         Ref: User
77     Type: AWS::IAM::AccessKey
78   ComputeKey:
79     Properties:
80       UserName:
81         Ref: ComputeUser
82     Type: AWS::IAM::AccessKey
83   ComputeUser:
84     Properties:
85       Policies:
86       - Ref: ComputeAccessPolicy
87     Type: AWS::IAM::User
88   NovaCompute0Config:
89     Type: FileInclude
90     Path: nova-compute-instance.yaml
91     SubKey: Resources.NovaCompute0Config
92     Parameters:
93         NovaApiHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
94         KeystoneHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
95         RabbitHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
96         NeutronHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
97         GlanceHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
98         NovaDSN: {"Fn::Join": ['', ['mysql://nova:unset@', {"Fn::GetAtt": [notcompute, PrivateIp]}, '/nova']]}
99         NeutronDSN: {"Fn::Join": ['', ['mysql://neutron:unset@', {"Fn::GetAtt": [notcompute, PrivateIp]}, '/neutron']]}
100         NeutronNetworkType: "gre"
101         NeutronEnableTunnelling: "True"
102         NeutronNetworkVLANRanges: ""
103         NeutronBridgeMappings: ""
104         RabbitPassword: "guest"
105   NovaCompute0:
106     Type: FileInclude
107     Path: nova-compute-instance.yaml
108     SubKey: Resources.NovaCompute0
109   User:
110     Properties:
111       Policies:
112       - Ref: AccessPolicy
113     Type: AWS::IAM::User
114   notcomputeConfig:
115     Type: AWS::AutoScaling::LaunchConfiguration
116     Properties:
117       ImageId: '0'
118       InstanceType: '0'
119     Metadata:
120       OpenStack::Heat::Stack: {}
121       Openstack::ImageBuilder::Elements:
122       - boot-stack
123       - heat-cfntools
124       - heat-localip
125       - neutron-network-node
126       admin-password:
127         Ref: AdminPassword
128       admin-token:
129         Ref: AdminToken
130       cinder:
131         db: mysql://cinder:unset@localhost/cinder
132         volume_size_mb: '5000'
133         service-password:
134           Ref: CinderPassword
135       controller-address:
136         Fn::GetAtt:
137           - notcompute
138           - PrivateIp
139       db-password: unset
140       glance:
141         db: mysql://glance:unset@localhost/glance
142         host:
143           Fn::GetAtt:
144             - notcompute
145             - PrivateIp
146         service-password:
147           Ref: GlancePassword
148       os-collect-config:
149         cfn:
150           access_key_id:
151             Ref: Key
152           path: notcomputeConfig.Metadata
153           secret_access_key:
154             Fn::GetAtt:
155             - Key
156             - SecretAccessKey
157           stack_name:
158             Ref: AWS::StackName
159       heat:
160         admin_password:
161           Ref: HeatPassword
162         admin_tenant_name: service
163         admin_user: heat
164         auth_encryption_key: unset___________
165         db: mysql://heat:unset@localhost/heat
166         heat_watch_server_url:
167           Fn::Join:
168             - ''
169             - - 'http://'
170               - Fn::GetAtt:
171                   - notcompute
172                   - PrivateIp
173               - ':8003'
174         metadata_server_url:
175           Fn::Join:
176             - ''
177             - - 'http://'
178               - Fn::GetAtt:
179                   - notcompute
180                   - PrivateIp
181               - ':8000'
182         waitcondition_server_url:
183           Fn::Join:
184             - ''
185             - - 'http://'
186               - Fn::GetAtt:
187                   - notcompute
188                   - PrivateIp
189               - ':8000/v1/waitcondition'
190       interfaces:
191         control: eth0
192       keystone:
193         db: mysql://keystone:unset@localhost/keystone
194         host:
195           Fn::GetAtt:
196             - notcompute
197             - PrivateIp
198       nova:
199         compute_driver: libvirt.LibvirtDriver
200         db: mysql://nova:unset@localhost/nova
201         host:
202           Fn::GetAtt:
203             - notcompute
204             - PrivateIp
205         metadata-proxy: true
206         service-password:
207           Ref: NovaPassword
208       neutron:
209         host:
210           Fn::GetAtt:
211             - notcompute
212             - PrivateIp
213         metadata_proxy_shared_secret: unset
214         ovs:
215           enable_tunneling: 'True'
216           local_ip:
217             Fn::GetAtt:
218               - notcompute
219               - PrivateIp
220           public_interface: eth0
221           physical_bridge: br-ex
222           tenant_network_type: gre
223         ovs_db: mysql://neutron:unset@localhost/ovs_neutron?charset=utf8
224         service-password:
225           Ref: NeutronPassword
226       rabbit:
227         host:
228           Fn::GetAtt:
229             - notcompute
230             - PrivateIp
231         password: guest
232   notcompute:
233     Type: OS::Nova::Server
234     Properties:
235       image:
236         Ref: notcomputeImage
237       flavor:
238         Ref: Flavor
239       key_name:
240         Ref: KeyName
241     Metadata:
242       os-collect-config:
243         cfn:
244           access_key_id:
245             Ref: Key
246           path: notcomputeConfig.Metadata
247           secret_access_key:
248             Fn::GetAtt:
249             - Key
250             - SecretAccessKey
251           stack_name:
252             Ref: AWS::StackName