1 description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2 server,Dedicated RabbitMQ Server,Group of Nova Computes
3 heat_template_version: 2013-05-23
7 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The keystone auth secret.
15 CeilometerComputeAgent:
16 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
20 - allowed_values: ['', Present]
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
50 description: Should be used for arbitrary ips.
52 controllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
60 default: overcloud-control
62 - custom_constraint: glance.image
63 ControlVirtualInterface:
65 description: Interface where virtual ip will be assigned.
69 description: Set to True to enable debugging on all services.
71 DefaultSignalTransport:
73 description: Transport to use for software-config signals.
76 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
80 Additional configuration to inject into the cluster. The JSON should have
81 the following structure:
84 [{"section": "SECTIONNAME",
86 [{"option": "OPTIONNAME",
97 [{"section": "default",
99 [{"option": "force_config_drive",
106 [{"option": "driver",
107 "value": "nova.cells.rpc_driver.CellsRPCDriver"
116 description: The filepath of the file to use for logging messages from Glance.
122 description: Horizon web server port.
125 description: The password for the glance service account, used by the glance services.
130 description: Glance port.
134 description: Protocol to use when connecting to glance, set to https for SSL.
136 GlanceNotifierStrategy:
137 description: Strategy to use for Glance notification queue
142 description: The password for the Heat service account, used by the Heat services.
145 HeatStackDomainAdminPassword:
146 description: Password for heat_domain_admin user.
150 HypervisorNeutronPhysicalBridge:
153 An OVS bridge to create on each hypervisor. This defaults to br-ex the
154 same as the control plane nodes, as we have a uniform configuration of
155 the openvswitch agent. Typically should not need to be changed.
157 HypervisorNeutronPublicInterface:
159 description: What interface to add to the HypervisorNeutronPhysicalBridge.
162 default: 'REBUILD_PRESERVE_EPHEMERAL'
163 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
167 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
170 - custom_constraint: nova.keypair
171 KeystoneCACertificate:
173 description: Keystone self-signed certificate authority certificate.
175 KeystoneSigningCertificate:
177 description: Keystone certificate for verifying token validity.
181 description: Keystone key for signing tokens.
184 KeystoneSSLCertificate:
186 description: Keystone certificate for verifying token validity.
188 KeystoneSSLCertificateKey:
190 description: Keystone key for signing tokens.
193 MysqlInnodbBufferPoolSize:
195 Specifies the size of the buffer pool in megabytes. Setting to
196 zero should be interpreted as "no value" and will defer to the
200 NeutronBridgeMappings:
202 The OVS logical->physical bridge mappings to use. See the Neutron
203 documentation for details. Defaults to mapping br-ex - the external
204 bridge on hosts - to a physical name 'datacentre' which can be used
205 to create provider networks (and we use this for the default floating
206 network) - if changing this either use different post-install network
207 scripts or be sure to keep 'datacentre' as a mapping network name.
209 default: "datacentre:br-ex"
210 NeutronControlPlaneID:
213 description: Neutron ID for ctlplane network.
214 NeutronDnsmasqOptions:
215 default: 'dhcp-option-force=26,1400'
216 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
220 default: 'datacentre'
222 If set, flat networks to configure in neutron plugins. Defaults to
223 'datacentre' to permit external network creation.
226 description: The tenant network type for Neutron, either gre or vxlan.
228 NeutronNetworkVLANRanges:
229 default: 'datacentre'
231 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
232 Neutron documentation for permitted values. Defaults to permitting any
233 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
237 description: The password for the neutron service account, used by neutron agents.
240 NeutronPublicInterface:
242 description: What interface to bridge onto br-ex for network nodes.
244 NeutronPublicInterfaceDefaultRoute:
246 description: A custom default route for the NeutronPublicInterface.
248 NeutronPublicInterfaceIP:
250 description: A custom IP address to put onto the NeutronPublicInterface.
252 NeutronPublicInterfaceRawDevice:
254 description: If set, the public interface is a vlan with this device as the raw device.
256 NeutronPublicInterfaceTag:
259 VLAN tag for creating a public VLAN. The tag will be used to
260 create an access port on the exterior bridge for each control plane node,
261 and that port will be given the IP address returned by neutron from the
262 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
263 overcloud.yaml to include the deployment of VLAN ports to the control
266 NeutronComputeAgentMode:
268 description: Agent mode for the neutron-l3-agent on the compute hosts
272 description: Agent mode for the neutron-l3-agent on the controller hosts
276 description: Whether to configure Neutron Distributed Virtual Routers
278 NeutronMetadataProxySharedSecret:
280 description: Shared secret to prevent spoofing
285 The tunnel types for the Neutron tenant network. To specify multiple
286 values, use a comma separated string, like so: 'gre,vxlan'
288 NeutronMechanismDrivers:
289 default: 'openvswitch'
291 The mechanism drivers for the Neutron tenant network. To specify multiple
292 values, use a comma separated string, like so: 'openvswitch,l2_population'
294 NeutronAllowL3AgentFailover:
296 description: Allow automatic l3-agent failover
300 description: Whether to enable l3-agent HA
303 default: libvirt.LibvirtDriver
305 NovaComputeExtraConfig:
308 NovaCompute specific configuration to inject into the cluster. Same
309 structure as ExtraConfig.
311 NovaComputeLibvirtType:
316 default: overcloud-compute
318 - custom_constraint: glance.image
321 description: The password for the nova service account, used by nova-api.
327 OvercloudComputeFlavor:
328 description: Flavor for compute nodes to request when deploying.
331 - custom_constraint: nova.flavor
332 OvercloudControlFlavor:
333 description: Flavor for control nodes to request when deploying.
336 - custom_constraint: nova.flavor
337 PublicVirtualFixedIPs:
340 Control the IP allocation for the PublicVirtualInterface port. E.g.
341 [{'ip_address':'1.2.3.4'}]
343 PublicVirtualInterface:
346 Specifies the interface where the public-facing virtual ip will be assigned.
347 This should be int_public when a VLAN is being used.
349 PublicVirtualNetwork:
353 Neutron network to allocate public virtual IP port on.
357 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
360 description: The password for RabbitMQ
365 description: The username for RabbitMQ
370 Rabbit client subscriber parameter to specify
371 an SSL connection to the RabbitMQ host.
375 description: Set rabbit subscriber port, change this if using SSL
377 SnmpdReadonlyUserName:
378 default: ro_snmp_user
379 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
381 SnmpdReadonlyUserPassword:
383 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
388 type: OS::Neutron::Port
390 name: control_virtual_ip
391 network_id: {get_param: NeutronControlPlaneID}
393 get_param: ControlFixedIPs
394 replacement_policy: AUTO
395 MysqlClusterUniquePart:
396 type: OS::Heat::RandomString
400 type: OS::Heat::RandomString
404 type: OS::Neutron::Port
406 name: public_virtual_ip
407 network: {get_param: PublicVirtualNetwork}
409 get_param: PublicVirtualFixedIPs
410 replacement_policy: AUTO
412 type: OS::Heat::RandomString
416 get_param: RabbitCookieSalt
417 NovaCompute0Deployment:
419 Path: nova-compute-instance.yaml
420 SubKey: resources.NovaCompute0Deployment
422 DefaultSignalTransport:
423 get_param: DefaultSignalTransport
424 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
425 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
426 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
427 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
428 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
429 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
431 get_param: NeutronNetworkType
433 get_param: NeutronTunnelTypes
434 NeutronEnableTunnelling: "True"
436 get_param: NeutronFlatNetworks
437 NeutronNetworkVLANRanges:
438 get_param: NeutronNetworkVLANRanges
439 NeutronPhysicalBridge:
440 get_param: HypervisorNeutronPhysicalBridge
441 NeutronPublicInterface:
442 get_param: HypervisorNeutronPublicInterface
443 NeutronBridgeMappings:
444 get_param: NeutronBridgeMappings
446 get_param: NeutronDVR
448 get_param: NeutronComputeAgentMode
449 NeutronPublicInterfaceRawDevice:
450 get_param: NeutronPublicInterfaceRawDevice
451 NeutronMechanismDrivers:
452 get_param: NeutronMechanismDrivers
453 NeutronAllowL3AgentFailover:
454 get_param: NeutronAllowL3AgentFailover
456 get_param: NeutronL3HA
457 NovaCompute0AllNodesDeployment:
459 Path: nova-compute-instance.yaml
460 SubKey: resources.NovaCompute0AllNodesDeployment
462 AllNodesConfig: {get_resource: allNodesConfig}
465 Path: nova-compute-instance.yaml
466 SubKey: resources.NovaCompute0
467 NovaCompute0Passthrough:
469 Path: nova-compute-instance.yaml
470 SubKey: resources.NovaCompute0Passthrough
472 passthrough_config: {get_param: ExtraConfig}
473 NovaCompute0PassthroughSpecific:
475 Path: nova-compute-instance.yaml
476 SubKey: resources.NovaCompute0PassthroughSpecific
478 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
480 type: OS::Heat::StructuredConfig
482 group: os-apply-config
485 get_param: AdminPassword
487 get_param: AdminToken
490 get_param: NeutronPublicInterfaceIP
502 nodeid: {get_input: bootstack_nodeid}
505 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
510 - - mysql://cinder:unset@
513 debug: {get_param: Debug}
515 get_param: CinderLVMLoopDeviceSize
517 get_param: CinderPassword
519 get_param: CinderISCSIHelper
521 get_input: controller_host
523 bindnetaddr: {get_input: controller_host}
528 ip: {get_attr: [controller0, networks, ctlplane, 0]}
530 stonith_enabled : false
532 quorum_policy : ignore
536 host: {get_input: controller_virtual_ip}
541 - - mysql://glance:unset@
544 debug: {get_param: Debug}
546 get_input: controller_virtual_ip
548 get_param: GlancePort
550 get_param: GlanceProtocol
552 get_param: GlancePassword
553 swift-store-user: service:glance
555 get_param: GlancePassword
557 get_param: GlanceNotifierStrategy
559 get_param: GlanceLogFile
562 get_param: HeatPassword
563 admin_tenant_name: service
565 auth_encryption_key: unset___________
569 - - mysql://heat:unset@
572 debug: {get_param: Debug}
573 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
574 watch_server_url: {get_input: heat.watch_server_url}
575 metadata_server_url: {get_input: heat.metadata_server_url}
576 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
578 port: {get_param: HorizonPort}
584 {get_attr: [controller0, name]}
589 - - mysql://keystone:unset@
592 debug: {get_param: Debug}
594 get_input: controller_virtual_ip
595 ca_certificate: {get_param: KeystoneCACertificate}
596 signing_key: {get_param: KeystoneSigningKey}
597 signing_certificate: {get_param: KeystoneSigningCertificate}
599 certificate: {get_param: KeystoneSSLCertificate}
600 certificate_key: {get_param: KeystoneSSLCertificateKey}
602 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
604 root-password: {get_resource: MysqlRootPassword}
608 ip: {get_attr: [controller0, networks, ctlplane, 0]}
613 - {get_resource: MysqlClusterUniquePart}
615 debug: {get_param: Debug}
616 flat-networks: {get_param: NeutronFlatNetworks}
617 host: {get_input: controller_virtual_ip}
618 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
619 agent_mode: {get_param: NeutronAgentMode}
620 router_distributed: {get_param: NeutronDVR}
621 mechanism_drivers: {get_param: NeutronMechanismDrivers}
622 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
623 l3_ha: {get_param: NeutronL3HA}
625 enable_tunneling: 'True'
627 get_input: controller_host
628 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
629 bridge_mappings: {get_param: NeutronBridgeMappings}
631 get_param: NeutronPublicInterface
632 public_interface_raw_device:
633 get_param: NeutronPublicInterfaceRawDevice
634 public_interface_route:
635 get_param: NeutronPublicInterfaceDefaultRoute
636 public_interface_tag:
637 get_param: NeutronPublicInterfaceTag
638 physical_bridge: br-ex
640 get_param: NeutronNetworkType
642 get_param: NeutronTunnelTypes
646 - - mysql://neutron:unset@
648 - /ovs_neutron?charset=utf8
650 get_param: NeutronPassword
652 get_param: NeutronDnsmasqOptions
657 - - mysql://ceilometer:unset@
660 debug: {get_param: Debug}
661 metering_secret: {get_param: CeilometerMeteringSecret}
663 get_param: CeilometerPassword
665 export_MIB: UCD-SNMP-MIB
667 get_param: SnmpdReadonlyUserName
668 readonly_user_password:
669 get_param: SnmpdReadonlyUserPassword
671 compute_driver: libvirt.LibvirtDriver
675 - - mysql://nova:unset@
678 default_floating_pool:
680 host: {get_input: controller_virtual_ip}
683 get_param: NovaPassword
685 host: {get_input: controller_virtual_ip}
687 get_param: RabbitUserName
689 get_param: RabbitPassword
694 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
695 rabbit_port: {get_param: RabbitClientPort}
698 - {server: {get_param: NtpServer}}
701 - vrrp_instance_name: VI_CONTROL
702 virtual_router_id: 51
704 get_param: ControlVirtualInterface
707 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
709 get_param: ControlVirtualInterface
710 - vrrp_instance_name: VI_PUBLIC
711 virtual_router_id: 52
713 get_param: PublicVirtualInterface
716 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
718 get_param: PublicVirtualInterface
726 get_param: PublicVirtualInterface
730 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
732 get_param: ControlVirtualInterface
734 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
736 get_param: PublicVirtualInterface
741 ip: {get_attr: [controller0, networks, ctlplane, 0]}
742 name: {get_attr: [controller0, name]}
744 - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
745 - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
747 - option httpchk GET /
749 - name: keystone_admin
751 - name: keystone_public
761 - name: glance_registry
763 options: # overwrite options as glace_reg needs auth for http req
766 - name: heat_cloudwatch
783 - name: nova_metadata
785 - name: nova_novncproxy
789 options: # overwrite options as ceil needs auth for http req
790 - name: swift_proxy_server
793 - option httpchk GET /info
802 controllerPassthrough:
803 type: OS::Heat::StructuredConfig
805 group: os-apply-config
806 config: {get_input: passthrough_config}
807 controllerPassthroughSpecific:
808 type: OS::Heat::StructuredConfig
810 group: os-apply-config
811 config: {get_input: passthrough_config_specific}
813 type: OS::Nova::Server
816 get_param: controllerImage
818 get_param: ImageUpdatePolicy
820 get_param: OvercloudControlFlavor
825 user_data_format: SOFTWARE_CONFIG
826 controller0AllNodesDeployment:
827 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
828 type: OS::Heat::StructuredDeployment
830 signal_transport: {get_param: DefaultSignalTransport}
831 config: {get_resource: allNodesConfig}
832 server: {get_resource: controller0}
833 controller0Deployment:
834 type: OS::Heat::StructuredDeployment
836 signal_transport: NO_SIGNAL
837 config: {get_resource: controllerConfig}
838 server: {get_resource: controller0}
840 bootstack_nodeid: {get_attr: [controller0, name]}
841 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
842 controller_virtual_ip:
843 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
844 heat.watch_server_url:
848 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
850 heat.metadata_server_url:
854 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
856 heat.waitcondition_server_url:
860 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
861 - ':8000/v1/waitcondition'
863 type: OS::Heat::StructuredConfig
866 completion-signal: {get_input: deploy_signal_id}
876 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
877 - {get_attr: [NovaCompute0, name]}
880 - - {get_attr: [NovaCompute0, name]}
888 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
889 - {get_attr: [BlockStorage0, name]}
892 - - {get_attr: [BlockStorage0, name]}
900 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
901 - {get_attr: [SwiftStorage0, name]}
904 - - {get_attr: [SwiftStorage0, name]}
912 - - {get_attr: [controller0, networks, ctlplane, 0]}
913 - {get_attr: [controller0, name]}
916 - - {get_attr: [controller0, name]}
918 - {get_param: CloudName}
925 {get_attr: [controller0, name]}
927 net.ipv4.tcp_keepalive_time: 5
928 net.ipv4.tcp_keepalive_probes: 5
929 net.ipv4.tcp_keepalive_intvl: 1
930 controller0SSLDeployment:
931 type: OS::Heat::StructuredDeployment
933 config: {get_resource: SSLConfig}
934 server: {get_resource: controller0}
935 signal_transport: NO_SIGNAL
937 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
938 ssl_certificate: {get_param: SSLCertificate}
939 ssl_key: {get_param: SSLKey}
940 ssl_ca_certificate: {get_param: SSLCACertificate}
941 controller0Passthrough:
942 type: OS::Heat::StructuredDeployment
944 config: {get_resource: controllerPassthrough}
945 server: {get_resource: controller0}
946 signal_transport: NO_SIGNAL
948 passthrough_config: {get_param: ExtraConfig}
949 controller0PassthroughSpecific:
950 depends_on: [controller0Passthrough]
951 type: OS::Heat::StructuredDeployment
953 config: {get_resource: controllerPassthroughSpecific}
954 server: {get_resource: controller0}
955 signal_transport: NO_SIGNAL
957 passthrough_config_specific: {get_param: controllerExtraConfig}
960 description: URL for the Overcloud Keystone service
965 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}