1 description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2 server,Dedicated RabbitMQ Server,Group of Nova Computes
3 heat_template_version: 2013-05-23
7 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The keystone auth secret.
15 CeilometerComputeAgent:
16 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
20 - allowed_values: ['', Present]
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
50 description: Should be used for arbitrary ips.
52 controllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
60 default: overcloud-control
61 ControlVirtualInterface:
63 description: Interface where virtual ip will be assigned.
67 description: Set to True to enable debugging on all services.
69 DefaultSignalTransport:
71 description: Transport to use for software-config signals.
74 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
78 Additional configuration to inject into the cluster. The JSON should have
79 the following structure:
82 [{"section": "SECTIONNAME",
84 [{"option": "OPTIONNAME",
95 [{"section": "default",
97 [{"option": "force_config_drive",
104 [{"option": "driver",
105 "value": "nova.cells.rpc_driver.CellsRPCDriver"
114 description: The filepath of the file to use for logging messages from Glance.
119 description: The password for the glance service account, used by the glance services.
124 description: Glance port.
128 description: Protocol to use when connecting to glance, set to https for SSL.
130 GlanceNotifierStrategy:
131 description: Strategy to use for Glance notification queue
136 description: The password for the Heat service account, used by the Heat services.
139 HeatStackDomainAdminPassword:
140 description: Password for heat_domain_admin user.
144 HypervisorNeutronPhysicalBridge:
147 An OVS bridge to create on each hypervisor. This defaults to br-ex the
148 same as the control plane nodes, as we have a uniform configuration of
149 the openvswitch agent. Typically should not need to be changed.
151 HypervisorNeutronPublicInterface:
153 description: What interface to add to the HypervisorNeutronPhysicalBridge.
156 default: 'REBUILD_PRESERVE_EPHEMERAL'
157 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
161 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
163 KeystoneCACertificate:
165 description: Keystone self-signed certificate authority certificate.
167 KeystoneSigningCertificate:
169 description: Keystone certificate for verifying token validity.
173 description: Keystone key for signing tokens.
176 LiveUpdateComputeImage:
178 description: The image ID for live-updates to the overcloud compute nodes.
182 description: The IP address for the undercloud Glance API.
187 description: The live-update password for the undercloud Glance API.
189 LiveUpdateTenantName:
191 description: The live-update tenant name for the undercloud Glance API.
195 description: The live-update username for the undercloud Glance API.
197 MysqlInnodbBufferPoolSize:
199 Specifies the size of the buffer pool in megabytes. Setting to
200 zero should be interpreted as "no value" and will defer to the
204 NeutronBridgeMappings:
206 The OVS logical->physical bridge mappings to use. See the Neutron
207 documentation for details. Defaults to mapping br-ex - the external
208 bridge on hosts - to a physical name 'datacentre' which can be used
209 to create provider networks (and we use this for the default floating
210 network) - if changing this either use different post-install network
211 scripts or be sure to keep 'datacentre' as a mapping network name.
213 default: "datacentre:br-ex"
214 NeutronControlPlaneID:
217 description: Neutron ID for ctlplane network.
218 NeutronDnsmasqOptions:
219 default: 'dhcp-option-force=26,1400'
220 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
224 default: 'datacentre'
226 If set, flat networks to configure in neutron plugins. Defaults to
227 'datacentre' to permit external network creation.
230 description: The tenant network type for Neutron, either gre or vxlan.
232 NeutronNetworkVLANRanges:
233 default: 'datacentre'
235 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
236 Neutron documentation for permitted values. Defaults to permitting any
237 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
241 description: The password for the neutron service account, used by neutron agents.
244 NeutronPublicInterface:
246 description: What interface to bridge onto br-ex for network nodes.
248 NeutronPublicInterfaceDefaultRoute:
250 description: A custom default route for the NeutronPublicInterface.
252 NeutronPublicInterfaceIP:
254 description: A custom IP address to put onto the NeutronPublicInterface.
256 NeutronPublicInterfaceRawDevice:
258 description: If set, the public interface is a vlan with this device as the raw device.
260 NeutronPublicInterfaceTag:
263 VLAN tag for creating a public VLAN. The tag will be used to
264 create an access port on the exterior bridge for each control plane node,
265 and that port will be given the IP address returned by neutron from the
266 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
267 overcloud.yaml to include the deployment of VLAN ports to the control
270 NeutronPublicInterfaceRawDevice:
272 description: If set, the public interface is a vlan with this device as the raw device.
274 NeutronComputeAgentMode:
276 description: Agent mode for the neutron-l3-agent on the compute hosts
280 description: Agent mode for the neutron-l3-agent on the controller hosts
284 description: Whether to configure Neutron Distributed Virtual Routers
286 NeutronMetadataProxySharedSecret:
288 description: Shared secret to prevent spoofing
292 description: The tenant network type for Neutron, either gre or vxlan.
297 The tunnel types for the Neutron tenant network. To specify multiple
298 values, use a comma separated string, like so: 'gre,vxlan'
300 NeutronMechanismDrivers:
301 default: 'openvswitch'
303 The mechanism drivers for the Neutron tenant network. To specify multiple
304 values, use a comma separated string, like so: 'openvswitch,l2_population'
306 NeutronAllowL3AgentFailover:
308 description: Allow automatic l3-agent failover
311 default: libvirt.LibvirtDriver
313 NovaComputeExtraConfig:
316 NovaCompute specific configuration to inject into the cluster. Same
317 structure as ExtraConfig.
319 NovaComputeLibvirtType:
324 default: overcloud-compute
327 description: The password for the nova service account, used by nova-api.
333 OvercloudComputeFlavor:
335 description: Flavor for compute nodes to request when deploying.
337 OvercloudControlFlavor:
339 description: Flavor for control nodes to request when deploying.
341 PublicVirtualFixedIPs:
344 Control the IP allocation for the PublicVirtualInterface port. E.g.
345 [{'ip_address':'1.2.3.4'}]
347 PublicVirtualInterface:
350 Specifies the interface where the public-facing virtual ip will be assigned.
351 This should be int_public when a VLAN is being used.
353 PublicVirtualNetwork:
357 Neutron network to allocate public virtual IP port on.
361 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
364 description: The password for RabbitMQ
369 description: The username for RabbitMQ
371 SnmpdReadonlyUserName:
372 default: ro_snmp_user
373 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
375 SnmpdReadonlyUserPassword:
377 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
382 type: OS::Neutron::Port
384 name: control_virtual_ip
385 network_id: {get_param: NeutronControlPlaneID}
387 get_param: ControlFixedIPs
388 MysqlClusterUniquePart:
389 type: OS::Heat::RandomString
393 type: OS::Heat::RandomString
397 type: OS::Neutron::Port
399 name: public_virtual_ip
400 network: {get_param: PublicVirtualNetwork}
402 get_param: PublicVirtualFixedIPs
404 type: OS::Heat::RandomString
408 get_param: RabbitCookieSalt
409 NovaCompute0Deployment:
411 Path: nova-compute-instance.yaml
412 SubKey: resources.NovaCompute0Deployment
414 DefaultSignalTransport:
415 get_param: DefaultSignalTransport
416 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
417 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
418 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
419 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
420 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
424 - - mysql://nova:unset@
425 - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
427 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
431 - - mysql://ceilometer:unset@
432 - *compute_database_host
437 - - mysql://neutron:unset@
438 - *compute_database_host
441 get_param: NeutronNetworkType
443 get_param: NeutronTunnelTypes
444 NeutronEnableTunnelling: "True"
446 get_param: NeutronFlatNetworks
447 NeutronNetworkVLANRanges:
448 get_param: NeutronNetworkVLANRanges
449 NeutronPhysicalBridge:
450 get_param: HypervisorNeutronPhysicalBridge
451 NeutronPublicInterface:
452 get_param: HypervisorNeutronPublicInterface
453 NeutronBridgeMappings:
454 get_param: NeutronBridgeMappings
456 get_param: NeutronDVR
458 get_param: NeutronComputeAgentMode
459 NeutronPublicInterfaceRawDevice:
460 get_param: NeutronPublicInterfaceRawDevice
461 NeutronMechanismDrivers:
462 get_param: NeutronMechanismDrivers
463 NeutronAllowL3AgentFailover:
464 get_param: NeutronAllowL3AgentFailover
465 NovaCompute0AllNodesDeployment:
467 Path: nova-compute-instance.yaml
468 SubKey: resources.NovaCompute0AllNodesDeployment
470 AllNodesConfig: {get_resource: allNodesConfig}
473 Path: nova-compute-instance.yaml
474 SubKey: resources.NovaCompute0
475 NovaCompute0Passthrough:
477 Path: nova-compute-instance.yaml
478 SubKey: resources.NovaCompute0Passthrough
480 passthrough_config: {get_param: ExtraConfig}
481 NovaCompute0PassthroughSpecific:
483 Path: nova-compute-instance.yaml
484 SubKey: resources.NovaCompute0PassthroughSpecific
486 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
488 type: OS::Heat::StructuredConfig
490 group: os-apply-config
493 get_param: AdminPassword
495 get_param: AdminToken
498 get_param: NeutronPublicInterfaceIP
510 nodeid: {get_input: bootstack_nodeid}
513 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
518 - - mysql://cinder:unset@
521 debug: {get_param: Debug}
523 get_param: CinderLVMLoopDeviceSize
525 get_param: CinderPassword
527 get_param: CinderISCSIHelper
529 get_input: controller_host
531 bindnetaddr: {get_input: controller_host}
536 ip: {get_attr: [controller0, networks, ctlplane, 0]}
538 stonith_enabled : false
540 quorum_policy : ignore
544 host: {get_input: controller_virtual_ip}
549 - - mysql://glance:unset@
552 debug: {get_param: Debug}
554 get_input: controller_virtual_ip
556 get_param: GlancePort
558 get_param: GlanceProtocol
560 get_param: GlancePassword
561 swift-store-user: service:glance
563 get_param: GlancePassword
565 get_param: GlanceNotifierStrategy
567 get_param: GlanceLogFile
570 get_param: HeatPassword
571 admin_tenant_name: service
573 auth_encryption_key: unset___________
577 - - mysql://heat:unset@
580 debug: {get_param: Debug}
581 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
582 watch_server_url: {get_input: heat.watch_server_url}
583 metadata_server_url: {get_input: heat.metadata_server_url}
584 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
591 {get_attr: [controller0, name]}
596 - - mysql://keystone:unset@
599 debug: {get_param: Debug}
601 get_input: controller_virtual_ip
602 ca_certificate: {get_param: KeystoneCACertificate}
603 signing_key: {get_param: KeystoneSigningKey}
604 signing_certificate: {get_param: KeystoneSigningCertificate}
606 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
608 root-password: {get_resource: MysqlRootPassword}
612 ip: {get_attr: [controller0, networks, ctlplane, 0]}
617 - {get_resource: MysqlClusterUniquePart}
619 debug: {get_param: Debug}
620 flat-networks: {get_param: NeutronFlatNetworks}
621 host: {get_input: controller_virtual_ip}
622 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
623 agent_mode: {get_param: NeutronAgentMode}
624 router_distributed: {get_param: NeutronDVR}
625 mechanism_drivers: {get_param: NeutronMechanismDrivers}
626 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
628 enable_tunneling: 'True'
630 get_input: controller_host
631 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
632 bridge_mappings: {get_param: NeutronBridgeMappings}
634 get_param: NeutronPublicInterface
635 public_interface_raw_device:
636 get_param: NeutronPublicInterfaceRawDevice
637 public_interface_route:
638 get_param: NeutronPublicInterfaceDefaultRoute
639 public_interface_tag:
640 get_param: NeutronPublicInterfaceTag
641 physical_bridge: br-ex
643 get_param: NeutronNetworkType
645 get_param: NeutronTunnelTypes
649 - - mysql://neutron:unset@
651 - /ovs_neutron?charset=utf8
653 get_param: NeutronPassword
655 get_param: NeutronDnsmasqOptions
660 - - mysql://ceilometer:unset@
663 debug: {get_param: Debug}
664 metering_secret: {get_param: CeilometerMeteringSecret}
666 get_param: CeilometerPassword
668 export_MIB: UCD-SNMP-MIB
670 get_param: SnmpdReadonlyUserName
671 readonly_user_password:
672 get_param: SnmpdReadonlyUserPassword
674 compute_driver: libvirt.LibvirtDriver
678 - - mysql://nova:unset@
681 default_floating_pool:
683 host: {get_input: controller_virtual_ip}
686 get_param: NovaPassword
688 host: {get_input: controller_virtual_ip}
690 get_param: RabbitUserName
692 get_param: RabbitPassword
699 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
702 - vrrp_instance_name: VI_CONTROL
703 virtual_router_id: 51
705 get_param: ControlVirtualInterface
708 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
710 get_param: ControlVirtualInterface
711 - vrrp_instance_name: VI_PUBLIC
712 virtual_router_id: 52
714 get_param: PublicVirtualInterface
717 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
719 get_param: PublicVirtualInterface
727 get_param: PublicVirtualInterface
731 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
733 get_param: ControlVirtualInterface
735 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
737 get_param: PublicVirtualInterface
742 ip: {get_attr: [controller0, networks, ctlplane, 0]}
743 name: {get_attr: [controller0, name]}
745 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
747 - name: keystone_admin
749 net_binds: &public_binds
750 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
751 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
752 - name: keystone_public
754 net_binds: *public_binds
757 net_binds: *public_binds
760 net_binds: *public_binds
763 net_binds: *public_binds
766 net_binds: *public_binds
767 - name: glance_registry
769 net_binds: *public_binds
772 net_binds: *public_binds
773 - name: heat_cloudwatch
775 net_binds: *public_binds
778 net_binds: *public_binds
790 net_binds: *public_binds
791 - name: nova_metadata
793 net_binds: *public_binds
794 - name: nova_novncproxy
796 net_binds: *public_binds
799 net_binds: *public_binds
800 - name: swift_proxy_server
802 net_binds: *public_binds
808 controllerPassthrough:
809 type: OS::Heat::StructuredConfig
811 group: os-apply-config
812 config: {get_input: passthrough_config}
813 controllerPassthroughSpecific:
814 type: OS::Heat::StructuredConfig
816 group: os-apply-config
817 config: {get_input: passthrough_config_specific}
819 type: OS::Nova::Server
822 get_param: controllerImage
824 get_param: ImageUpdatePolicy
826 get_param: OvercloudControlFlavor
831 user_data_format: SOFTWARE_CONFIG
832 controller0AllNodesDeployment:
833 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
834 type: OS::Heat::StructuredDeployment
836 signal_transport: {get_param: DefaultSignalTransport}
837 config: {get_resource: allNodesConfig}
838 server: {get_resource: controller0}
839 controller0Deployment:
840 type: OS::Heat::StructuredDeployment
842 signal_transport: NO_SIGNAL
843 config: {get_resource: controllerConfig}
844 server: {get_resource: controller0}
846 bootstack_nodeid: {get_attr: [controller0, name]}
847 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
848 controller_virtual_ip:
849 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
850 heat.watch_server_url:
854 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
856 heat.metadata_server_url:
860 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
862 heat.waitcondition_server_url:
866 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
867 - ':8000/v1/waitcondition'
869 type: OS::Heat::StructuredConfig
872 completion-signal: {get_input: deploy_signal_id}
882 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
883 - {get_attr: [NovaCompute0, name]}
886 - - {get_attr: [NovaCompute0, name]}
894 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
895 - {get_attr: [BlockStorage0, name]}
898 - - {get_attr: [BlockStorage0, name]}
906 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
907 - {get_attr: [SwiftStorage0, name]}
910 - - {get_attr: [SwiftStorage0, name]}
918 - - {get_attr: [controller0, networks, ctlplane, 0]}
919 - {get_attr: [controller0, name]}
922 - - {get_attr: [controller0, name]}
924 - {get_param: CloudName}
931 {get_attr: [controller0, name]}
932 controller0SSLDeployment:
933 type: OS::Heat::StructuredDeployment
935 config: {get_resource: SSLConfig}
936 server: {get_resource: controller0}
937 signal_transport: NO_SIGNAL
939 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
940 ssl_certificate: {get_param: SSLCertificate}
941 ssl_key: {get_param: SSLKey}
942 ssl_ca_certificate: {get_param: SSLCACertificate}
943 controller0Passthrough:
944 type: OS::Heat::StructuredDeployment
946 config: {get_resource: controllerPassthrough}
947 server: {get_resource: controller0}
948 signal_transport: NO_SIGNAL
950 passthrough_config: {get_param: ExtraConfig}
951 controller0PassthroughSpecific:
952 depends_on: [controller0Passthrough]
953 type: OS::Heat::StructuredDeployment
955 config: {get_resource: controllerPassthroughSpecific}
956 server: {get_resource: controller0}
957 signal_transport: NO_SIGNAL
959 passthrough_config_specific: {get_param: controllerExtraConfig}
962 description: URL for the Overcloud Keystone service
967 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}