1 description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2 server,Dedicated RabbitMQ Server,Group of Nova Computes
3 heat_template_version: 2013-05-23
7 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The keystone auth secret.
15 CeilometerComputeAgent:
16 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
20 - allowed_values: ['', Present]
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
50 description: Should be used for arbitrary ips.
52 controllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
60 default: overcloud-control
62 - custom_constraint: glance.image
63 ControlVirtualInterface:
65 description: Interface where virtual ip will be assigned.
69 description: Set to True to enable debugging on all services.
71 DefaultSignalTransport:
73 description: Transport to use for software-config signals.
76 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
80 Additional configuration to inject into the cluster. The JSON should have
81 the following structure:
84 [{"section": "SECTIONNAME",
86 [{"option": "OPTIONNAME",
97 [{"section": "default",
99 [{"option": "force_config_drive",
106 [{"option": "driver",
107 "value": "nova.cells.rpc_driver.CellsRPCDriver"
116 description: The filepath of the file to use for logging messages from Glance.
122 description: Horizon web server port.
125 description: The password for the glance service account, used by the glance services.
130 description: Glance port.
134 description: Protocol to use when connecting to glance, set to https for SSL.
136 GlanceNotifierStrategy:
137 description: Strategy to use for Glance notification queue
142 description: The password for the Heat service account, used by the Heat services.
145 HeatStackDomainAdminPassword:
146 description: Password for heat_domain_admin user.
150 HypervisorNeutronPhysicalBridge:
153 An OVS bridge to create on each hypervisor. This defaults to br-ex the
154 same as the control plane nodes, as we have a uniform configuration of
155 the openvswitch agent. Typically should not need to be changed.
157 HypervisorNeutronPublicInterface:
159 description: What interface to add to the HypervisorNeutronPhysicalBridge.
162 default: 'REBUILD_PRESERVE_EPHEMERAL'
163 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
167 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
170 - custom_constraint: nova.keypair
171 KeystoneCACertificate:
173 description: Keystone self-signed certificate authority certificate.
175 KeystoneSigningCertificate:
177 description: Keystone certificate for verifying token validity.
181 description: Keystone key for signing tokens.
184 KeystoneSSLCertificate:
186 description: Keystone certificate for verifying token validity.
188 KeystoneSSLCertificateKey:
190 description: Keystone key for signing tokens.
193 MysqlInnodbBufferPoolSize:
195 Specifies the size of the buffer pool in megabytes. Setting to
196 zero should be interpreted as "no value" and will defer to the
200 NeutronBridgeMappings:
202 The OVS logical->physical bridge mappings to use. See the Neutron
203 documentation for details. Defaults to mapping br-ex - the external
204 bridge on hosts - to a physical name 'datacentre' which can be used
205 to create provider networks (and we use this for the default floating
206 network) - if changing this either use different post-install network
207 scripts or be sure to keep 'datacentre' as a mapping network name.
209 default: "datacentre:br-ex"
210 NeutronControlPlaneID:
213 description: Neutron ID for ctlplane network.
214 NeutronDnsmasqOptions:
215 default: 'dhcp-option-force=26,1400'
216 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
220 default: 'datacentre'
222 If set, flat networks to configure in neutron plugins. Defaults to
223 'datacentre' to permit external network creation.
226 description: The tenant network type for Neutron, either gre or vxlan.
228 NeutronNetworkVLANRanges:
229 default: 'datacentre'
231 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
232 Neutron documentation for permitted values. Defaults to permitting any
233 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
237 description: The password for the neutron service account, used by neutron agents.
240 NeutronPublicInterface:
242 description: What interface to bridge onto br-ex for network nodes.
244 NeutronPublicInterfaceDefaultRoute:
246 description: A custom default route for the NeutronPublicInterface.
248 NeutronPublicInterfaceIP:
250 description: A custom IP address to put onto the NeutronPublicInterface.
252 NeutronPublicInterfaceRawDevice:
254 description: If set, the public interface is a vlan with this device as the raw device.
256 NeutronPublicInterfaceTag:
259 VLAN tag for creating a public VLAN. The tag will be used to
260 create an access port on the exterior bridge for each control plane node,
261 and that port will be given the IP address returned by neutron from the
262 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
263 overcloud.yaml to include the deployment of VLAN ports to the control
266 NeutronComputeAgentMode:
268 description: Agent mode for the neutron-l3-agent on the compute hosts
272 description: Agent mode for the neutron-l3-agent on the controller hosts
276 description: Whether to configure Neutron Distributed Virtual Routers
278 NeutronMetadataProxySharedSecret:
280 description: Shared secret to prevent spoofing
285 The tunnel types for the Neutron tenant network. To specify multiple
286 values, use a comma separated string, like so: 'gre,vxlan'
288 NeutronMechanismDrivers:
289 default: 'openvswitch'
291 The mechanism drivers for the Neutron tenant network. To specify multiple
292 values, use a comma separated string, like so: 'openvswitch,l2_population'
294 NeutronAllowL3AgentFailover:
296 description: Allow automatic l3-agent failover
299 default: libvirt.LibvirtDriver
301 NovaComputeExtraConfig:
304 NovaCompute specific configuration to inject into the cluster. Same
305 structure as ExtraConfig.
307 NovaComputeLibvirtType:
312 default: overcloud-compute
314 - custom_constraint: glance.image
317 description: The password for the nova service account, used by nova-api.
323 OvercloudComputeFlavor:
324 description: Flavor for compute nodes to request when deploying.
327 - custom_constraint: nova.flavor
328 OvercloudControlFlavor:
329 description: Flavor for control nodes to request when deploying.
332 - custom_constraint: nova.flavor
333 PublicVirtualFixedIPs:
336 Control the IP allocation for the PublicVirtualInterface port. E.g.
337 [{'ip_address':'1.2.3.4'}]
339 PublicVirtualInterface:
342 Specifies the interface where the public-facing virtual ip will be assigned.
343 This should be int_public when a VLAN is being used.
345 PublicVirtualNetwork:
349 Neutron network to allocate public virtual IP port on.
353 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
356 description: The password for RabbitMQ
361 description: The username for RabbitMQ
366 Rabbit client subscriber parameter to specify
367 an SSL connection to the RabbitMQ host.
371 description: Set rabbit subscriber port, change this if using SSL
373 SnmpdReadonlyUserName:
374 default: ro_snmp_user
375 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
377 SnmpdReadonlyUserPassword:
379 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
384 type: OS::Neutron::Port
386 name: control_virtual_ip
387 network_id: {get_param: NeutronControlPlaneID}
389 get_param: ControlFixedIPs
390 replacement_policy: AUTO
391 MysqlClusterUniquePart:
392 type: OS::Heat::RandomString
396 type: OS::Heat::RandomString
400 type: OS::Neutron::Port
402 name: public_virtual_ip
403 network: {get_param: PublicVirtualNetwork}
405 get_param: PublicVirtualFixedIPs
406 replacement_policy: AUTO
408 type: OS::Heat::RandomString
412 get_param: RabbitCookieSalt
413 NovaCompute0Deployment:
415 Path: nova-compute-instance.yaml
416 SubKey: resources.NovaCompute0Deployment
418 DefaultSignalTransport:
419 get_param: DefaultSignalTransport
420 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
421 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
422 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
423 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
424 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
428 - - mysql://nova:unset@
429 - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
431 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
435 - - mysql://ceilometer:unset@
436 - *compute_database_host
441 - - mysql://neutron:unset@
442 - *compute_database_host
445 get_param: NeutronNetworkType
447 get_param: NeutronTunnelTypes
448 NeutronEnableTunnelling: "True"
450 get_param: NeutronFlatNetworks
451 NeutronNetworkVLANRanges:
452 get_param: NeutronNetworkVLANRanges
453 NeutronPhysicalBridge:
454 get_param: HypervisorNeutronPhysicalBridge
455 NeutronPublicInterface:
456 get_param: HypervisorNeutronPublicInterface
457 NeutronBridgeMappings:
458 get_param: NeutronBridgeMappings
460 get_param: NeutronDVR
462 get_param: NeutronComputeAgentMode
463 NeutronPublicInterfaceRawDevice:
464 get_param: NeutronPublicInterfaceRawDevice
465 NeutronMechanismDrivers:
466 get_param: NeutronMechanismDrivers
467 NeutronAllowL3AgentFailover:
468 get_param: NeutronAllowL3AgentFailover
469 NovaCompute0AllNodesDeployment:
471 Path: nova-compute-instance.yaml
472 SubKey: resources.NovaCompute0AllNodesDeployment
474 AllNodesConfig: {get_resource: allNodesConfig}
477 Path: nova-compute-instance.yaml
478 SubKey: resources.NovaCompute0
479 NovaCompute0Passthrough:
481 Path: nova-compute-instance.yaml
482 SubKey: resources.NovaCompute0Passthrough
484 passthrough_config: {get_param: ExtraConfig}
485 NovaCompute0PassthroughSpecific:
487 Path: nova-compute-instance.yaml
488 SubKey: resources.NovaCompute0PassthroughSpecific
490 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
492 type: OS::Heat::StructuredConfig
494 group: os-apply-config
497 get_param: AdminPassword
499 get_param: AdminToken
502 get_param: NeutronPublicInterfaceIP
514 nodeid: {get_input: bootstack_nodeid}
517 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
522 - - mysql://cinder:unset@
525 debug: {get_param: Debug}
527 get_param: CinderLVMLoopDeviceSize
529 get_param: CinderPassword
531 get_param: CinderISCSIHelper
533 get_input: controller_host
535 bindnetaddr: {get_input: controller_host}
540 ip: {get_attr: [controller0, networks, ctlplane, 0]}
542 stonith_enabled : false
544 quorum_policy : ignore
548 host: {get_input: controller_virtual_ip}
553 - - mysql://glance:unset@
556 debug: {get_param: Debug}
558 get_input: controller_virtual_ip
560 get_param: GlancePort
562 get_param: GlanceProtocol
564 get_param: GlancePassword
565 swift-store-user: service:glance
567 get_param: GlancePassword
569 get_param: GlanceNotifierStrategy
571 get_param: GlanceLogFile
574 get_param: HeatPassword
575 admin_tenant_name: service
577 auth_encryption_key: unset___________
581 - - mysql://heat:unset@
584 debug: {get_param: Debug}
585 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
586 watch_server_url: {get_input: heat.watch_server_url}
587 metadata_server_url: {get_input: heat.metadata_server_url}
588 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
590 port: {get_param: HorizonPort}
596 {get_attr: [controller0, name]}
601 - - mysql://keystone:unset@
604 debug: {get_param: Debug}
606 get_input: controller_virtual_ip
607 ca_certificate: {get_param: KeystoneCACertificate}
608 signing_key: {get_param: KeystoneSigningKey}
609 signing_certificate: {get_param: KeystoneSigningCertificate}
611 certificate: {get_param: KeystoneSSLCertificate}
612 certificate_key: {get_param: KeystoneSSLCertificateKey}
614 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
616 root-password: {get_resource: MysqlRootPassword}
620 ip: {get_attr: [controller0, networks, ctlplane, 0]}
625 - {get_resource: MysqlClusterUniquePart}
627 debug: {get_param: Debug}
628 flat-networks: {get_param: NeutronFlatNetworks}
629 host: {get_input: controller_virtual_ip}
630 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
631 agent_mode: {get_param: NeutronAgentMode}
632 router_distributed: {get_param: NeutronDVR}
633 mechanism_drivers: {get_param: NeutronMechanismDrivers}
634 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
636 enable_tunneling: 'True'
638 get_input: controller_host
639 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
640 bridge_mappings: {get_param: NeutronBridgeMappings}
642 get_param: NeutronPublicInterface
643 public_interface_raw_device:
644 get_param: NeutronPublicInterfaceRawDevice
645 public_interface_route:
646 get_param: NeutronPublicInterfaceDefaultRoute
647 public_interface_tag:
648 get_param: NeutronPublicInterfaceTag
649 physical_bridge: br-ex
651 get_param: NeutronNetworkType
653 get_param: NeutronTunnelTypes
657 - - mysql://neutron:unset@
659 - /ovs_neutron?charset=utf8
661 get_param: NeutronPassword
663 get_param: NeutronDnsmasqOptions
668 - - mysql://ceilometer:unset@
671 debug: {get_param: Debug}
672 metering_secret: {get_param: CeilometerMeteringSecret}
674 get_param: CeilometerPassword
676 export_MIB: UCD-SNMP-MIB
678 get_param: SnmpdReadonlyUserName
679 readonly_user_password:
680 get_param: SnmpdReadonlyUserPassword
682 compute_driver: libvirt.LibvirtDriver
686 - - mysql://nova:unset@
689 default_floating_pool:
691 host: {get_input: controller_virtual_ip}
694 get_param: NovaPassword
696 host: {get_input: controller_virtual_ip}
698 get_param: RabbitUserName
700 get_param: RabbitPassword
705 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
706 rabbit_port: {get_param: RabbitClientPort}
709 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
712 - vrrp_instance_name: VI_CONTROL
713 virtual_router_id: 51
715 get_param: ControlVirtualInterface
718 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
720 get_param: ControlVirtualInterface
721 - vrrp_instance_name: VI_PUBLIC
722 virtual_router_id: 52
724 get_param: PublicVirtualInterface
727 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
729 get_param: PublicVirtualInterface
737 get_param: PublicVirtualInterface
741 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
743 get_param: ControlVirtualInterface
745 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
747 get_param: PublicVirtualInterface
752 ip: {get_attr: [controller0, networks, ctlplane, 0]}
753 name: {get_attr: [controller0, name]}
755 - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
756 - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
758 - option httpchk GET /
760 - name: keystone_admin
762 - name: keystone_public
772 - name: glance_registry
774 options: # overwrite options as glace_reg needs auth for http req
777 - name: heat_cloudwatch
794 - name: nova_metadata
796 - name: nova_novncproxy
800 options: # overwrite options as ceil needs auth for http req
801 - name: swift_proxy_server
804 - option httpchk GET /info
813 controllerPassthrough:
814 type: OS::Heat::StructuredConfig
816 group: os-apply-config
817 config: {get_input: passthrough_config}
818 controllerPassthroughSpecific:
819 type: OS::Heat::StructuredConfig
821 group: os-apply-config
822 config: {get_input: passthrough_config_specific}
824 type: OS::Nova::Server
827 get_param: controllerImage
829 get_param: ImageUpdatePolicy
831 get_param: OvercloudControlFlavor
836 user_data_format: SOFTWARE_CONFIG
837 controller0AllNodesDeployment:
838 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
839 type: OS::Heat::StructuredDeployment
841 signal_transport: {get_param: DefaultSignalTransport}
842 config: {get_resource: allNodesConfig}
843 server: {get_resource: controller0}
844 controller0Deployment:
845 type: OS::Heat::StructuredDeployment
847 signal_transport: NO_SIGNAL
848 config: {get_resource: controllerConfig}
849 server: {get_resource: controller0}
851 bootstack_nodeid: {get_attr: [controller0, name]}
852 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
853 controller_virtual_ip:
854 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
855 heat.watch_server_url:
859 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
861 heat.metadata_server_url:
865 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
867 heat.waitcondition_server_url:
871 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
872 - ':8000/v1/waitcondition'
874 type: OS::Heat::StructuredConfig
877 completion-signal: {get_input: deploy_signal_id}
887 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
888 - {get_attr: [NovaCompute0, name]}
891 - - {get_attr: [NovaCompute0, name]}
899 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
900 - {get_attr: [BlockStorage0, name]}
903 - - {get_attr: [BlockStorage0, name]}
911 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
912 - {get_attr: [SwiftStorage0, name]}
915 - - {get_attr: [SwiftStorage0, name]}
923 - - {get_attr: [controller0, networks, ctlplane, 0]}
924 - {get_attr: [controller0, name]}
927 - - {get_attr: [controller0, name]}
929 - {get_param: CloudName}
936 {get_attr: [controller0, name]}
938 net.ipv4.tcp_keepalive_time: 5
939 net.ipv4.tcp_keepalive_probes: 5
940 net.ipv4.tcp_keepalive_intvl: 1
941 controller0SSLDeployment:
942 type: OS::Heat::StructuredDeployment
944 config: {get_resource: SSLConfig}
945 server: {get_resource: controller0}
946 signal_transport: NO_SIGNAL
948 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
949 ssl_certificate: {get_param: SSLCertificate}
950 ssl_key: {get_param: SSLKey}
951 ssl_ca_certificate: {get_param: SSLCACertificate}
952 controller0Passthrough:
953 type: OS::Heat::StructuredDeployment
955 config: {get_resource: controllerPassthrough}
956 server: {get_resource: controller0}
957 signal_transport: NO_SIGNAL
959 passthrough_config: {get_param: ExtraConfig}
960 controller0PassthroughSpecific:
961 depends_on: [controller0Passthrough]
962 type: OS::Heat::StructuredDeployment
964 config: {get_resource: controllerPassthroughSpecific}
965 server: {get_resource: controller0}
966 signal_transport: NO_SIGNAL
968 passthrough_config_specific: {get_param: controllerExtraConfig}
971 description: URL for the Overcloud Keystone service
976 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}