1 description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2 server,Dedicated RabbitMQ Server,Group of Nova Computes
3 heat_template_version: 2013-05-23
7 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The keystone auth secret.
15 CeilometerComputeAgent:
16 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
20 - allowed_values: ['', Present]
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
50 description: Should be used for arbitrary ips.
52 controllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
60 default: overcloud-control
62 - custom_constraint: glance.image
63 ControlVirtualInterface:
65 description: Interface where virtual ip will be assigned.
69 description: Set to True to enable debugging on all services.
71 DefaultSignalTransport:
73 description: Transport to use for software-config signals.
76 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
80 Additional configuration to inject into the cluster. The JSON should have
81 the following structure:
84 [{"section": "SECTIONNAME",
86 [{"option": "OPTIONNAME",
97 [{"section": "default",
99 [{"option": "force_config_drive",
106 [{"option": "driver",
107 "value": "nova.cells.rpc_driver.CellsRPCDriver"
116 description: The filepath of the file to use for logging messages from Glance.
121 description: The password for the glance service account, used by the glance services.
126 description: Glance port.
130 description: Protocol to use when connecting to glance, set to https for SSL.
132 GlanceNotifierStrategy:
133 description: Strategy to use for Glance notification queue
138 description: The password for the Heat service account, used by the Heat services.
141 HeatStackDomainAdminPassword:
142 description: Password for heat_domain_admin user.
146 HypervisorNeutronPhysicalBridge:
149 An OVS bridge to create on each hypervisor. This defaults to br-ex the
150 same as the control plane nodes, as we have a uniform configuration of
151 the openvswitch agent. Typically should not need to be changed.
153 HypervisorNeutronPublicInterface:
155 description: What interface to add to the HypervisorNeutronPhysicalBridge.
158 default: 'REBUILD_PRESERVE_EPHEMERAL'
159 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
163 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
166 - custom_constraint: nova.keypair
167 KeystoneCACertificate:
169 description: Keystone self-signed certificate authority certificate.
171 KeystoneSigningCertificate:
173 description: Keystone certificate for verifying token validity.
177 description: Keystone key for signing tokens.
180 KeystoneSSLCertificate:
182 description: Keystone certificate for verifying token validity.
184 KeystoneSSLCertificateKey:
186 description: Keystone key for signing tokens.
189 MysqlInnodbBufferPoolSize:
191 Specifies the size of the buffer pool in megabytes. Setting to
192 zero should be interpreted as "no value" and will defer to the
196 NeutronBridgeMappings:
198 The OVS logical->physical bridge mappings to use. See the Neutron
199 documentation for details. Defaults to mapping br-ex - the external
200 bridge on hosts - to a physical name 'datacentre' which can be used
201 to create provider networks (and we use this for the default floating
202 network) - if changing this either use different post-install network
203 scripts or be sure to keep 'datacentre' as a mapping network name.
205 default: "datacentre:br-ex"
206 NeutronControlPlaneID:
209 description: Neutron ID for ctlplane network.
210 NeutronDnsmasqOptions:
211 default: 'dhcp-option-force=26,1400'
212 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
216 default: 'datacentre'
218 If set, flat networks to configure in neutron plugins. Defaults to
219 'datacentre' to permit external network creation.
222 description: The tenant network type for Neutron, either gre or vxlan.
224 NeutronNetworkVLANRanges:
225 default: 'datacentre'
227 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
228 Neutron documentation for permitted values. Defaults to permitting any
229 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
233 description: The password for the neutron service account, used by neutron agents.
236 NeutronPublicInterface:
238 description: What interface to bridge onto br-ex for network nodes.
240 NeutronPublicInterfaceDefaultRoute:
242 description: A custom default route for the NeutronPublicInterface.
244 NeutronPublicInterfaceIP:
246 description: A custom IP address to put onto the NeutronPublicInterface.
248 NeutronPublicInterfaceRawDevice:
250 description: If set, the public interface is a vlan with this device as the raw device.
252 NeutronPublicInterfaceTag:
255 VLAN tag for creating a public VLAN. The tag will be used to
256 create an access port on the exterior bridge for each control plane node,
257 and that port will be given the IP address returned by neutron from the
258 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
259 overcloud.yaml to include the deployment of VLAN ports to the control
262 NeutronComputeAgentMode:
264 description: Agent mode for the neutron-l3-agent on the compute hosts
268 description: Agent mode for the neutron-l3-agent on the controller hosts
272 description: Whether to configure Neutron Distributed Virtual Routers
274 NeutronMetadataProxySharedSecret:
276 description: Shared secret to prevent spoofing
281 The tunnel types for the Neutron tenant network. To specify multiple
282 values, use a comma separated string, like so: 'gre,vxlan'
284 NeutronMechanismDrivers:
285 default: 'openvswitch'
287 The mechanism drivers for the Neutron tenant network. To specify multiple
288 values, use a comma separated string, like so: 'openvswitch,l2_population'
290 NeutronAllowL3AgentFailover:
292 description: Allow automatic l3-agent failover
295 default: libvirt.LibvirtDriver
297 NovaComputeExtraConfig:
300 NovaCompute specific configuration to inject into the cluster. Same
301 structure as ExtraConfig.
303 NovaComputeLibvirtType:
308 default: overcloud-compute
310 - custom_constraint: glance.image
313 description: The password for the nova service account, used by nova-api.
319 OvercloudComputeFlavor:
321 description: Flavor for compute nodes to request when deploying.
324 - custom_constraint: nova.flavor
325 OvercloudControlFlavor:
327 description: Flavor for control nodes to request when deploying.
330 - custom_constraint: nova.flavor
331 PublicVirtualFixedIPs:
334 Control the IP allocation for the PublicVirtualInterface port. E.g.
335 [{'ip_address':'1.2.3.4'}]
337 PublicVirtualInterface:
340 Specifies the interface where the public-facing virtual ip will be assigned.
341 This should be int_public when a VLAN is being used.
343 PublicVirtualNetwork:
347 Neutron network to allocate public virtual IP port on.
351 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
354 description: The password for RabbitMQ
359 description: The username for RabbitMQ
364 Rabbit client subscriber parameter to specify
365 an SSL connection to the RabbitMQ host.
369 description: Set rabbit subscriber port, change this if using SSL
371 SnmpdReadonlyUserName:
372 default: ro_snmp_user
373 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
375 SnmpdReadonlyUserPassword:
377 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
382 type: OS::Neutron::Port
384 name: control_virtual_ip
385 network_id: {get_param: NeutronControlPlaneID}
387 get_param: ControlFixedIPs
388 replacement_policy: AUTO
389 MysqlClusterUniquePart:
390 type: OS::Heat::RandomString
394 type: OS::Heat::RandomString
398 type: OS::Neutron::Port
400 name: public_virtual_ip
401 network: {get_param: PublicVirtualNetwork}
403 get_param: PublicVirtualFixedIPs
404 replacement_policy: AUTO
406 type: OS::Heat::RandomString
410 get_param: RabbitCookieSalt
411 NovaCompute0Deployment:
413 Path: nova-compute-instance.yaml
414 SubKey: resources.NovaCompute0Deployment
416 DefaultSignalTransport:
417 get_param: DefaultSignalTransport
418 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
419 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
420 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
421 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
422 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
426 - - mysql://nova:unset@
427 - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
429 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
433 - - mysql://ceilometer:unset@
434 - *compute_database_host
439 - - mysql://neutron:unset@
440 - *compute_database_host
443 get_param: NeutronNetworkType
445 get_param: NeutronTunnelTypes
446 NeutronEnableTunnelling: "True"
448 get_param: NeutronFlatNetworks
449 NeutronNetworkVLANRanges:
450 get_param: NeutronNetworkVLANRanges
451 NeutronPhysicalBridge:
452 get_param: HypervisorNeutronPhysicalBridge
453 NeutronPublicInterface:
454 get_param: HypervisorNeutronPublicInterface
455 NeutronBridgeMappings:
456 get_param: NeutronBridgeMappings
458 get_param: NeutronDVR
460 get_param: NeutronComputeAgentMode
461 NeutronPublicInterfaceRawDevice:
462 get_param: NeutronPublicInterfaceRawDevice
463 NeutronMechanismDrivers:
464 get_param: NeutronMechanismDrivers
465 NeutronAllowL3AgentFailover:
466 get_param: NeutronAllowL3AgentFailover
467 NovaCompute0AllNodesDeployment:
469 Path: nova-compute-instance.yaml
470 SubKey: resources.NovaCompute0AllNodesDeployment
472 AllNodesConfig: {get_resource: allNodesConfig}
475 Path: nova-compute-instance.yaml
476 SubKey: resources.NovaCompute0
477 NovaCompute0Passthrough:
479 Path: nova-compute-instance.yaml
480 SubKey: resources.NovaCompute0Passthrough
482 passthrough_config: {get_param: ExtraConfig}
483 NovaCompute0PassthroughSpecific:
485 Path: nova-compute-instance.yaml
486 SubKey: resources.NovaCompute0PassthroughSpecific
488 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
490 type: OS::Heat::StructuredConfig
492 group: os-apply-config
495 get_param: AdminPassword
497 get_param: AdminToken
500 get_param: NeutronPublicInterfaceIP
512 nodeid: {get_input: bootstack_nodeid}
515 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
520 - - mysql://cinder:unset@
523 debug: {get_param: Debug}
525 get_param: CinderLVMLoopDeviceSize
527 get_param: CinderPassword
529 get_param: CinderISCSIHelper
531 get_input: controller_host
533 bindnetaddr: {get_input: controller_host}
538 ip: {get_attr: [controller0, networks, ctlplane, 0]}
540 stonith_enabled : false
542 quorum_policy : ignore
546 host: {get_input: controller_virtual_ip}
551 - - mysql://glance:unset@
554 debug: {get_param: Debug}
556 get_input: controller_virtual_ip
558 get_param: GlancePort
560 get_param: GlanceProtocol
562 get_param: GlancePassword
563 swift-store-user: service:glance
565 get_param: GlancePassword
567 get_param: GlanceNotifierStrategy
569 get_param: GlanceLogFile
572 get_param: HeatPassword
573 admin_tenant_name: service
575 auth_encryption_key: unset___________
579 - - mysql://heat:unset@
582 debug: {get_param: Debug}
583 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
584 watch_server_url: {get_input: heat.watch_server_url}
585 metadata_server_url: {get_input: heat.metadata_server_url}
586 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
593 {get_attr: [controller0, name]}
598 - - mysql://keystone:unset@
601 debug: {get_param: Debug}
603 get_input: controller_virtual_ip
604 ca_certificate: {get_param: KeystoneCACertificate}
605 signing_key: {get_param: KeystoneSigningKey}
606 signing_certificate: {get_param: KeystoneSigningCertificate}
608 certificate: {get_param: KeystoneSSLCertificate}
609 certificate_key: {get_param: KeystoneSSLCertificateKey}
611 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
613 root-password: {get_resource: MysqlRootPassword}
617 ip: {get_attr: [controller0, networks, ctlplane, 0]}
622 - {get_resource: MysqlClusterUniquePart}
624 debug: {get_param: Debug}
625 flat-networks: {get_param: NeutronFlatNetworks}
626 host: {get_input: controller_virtual_ip}
627 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
628 agent_mode: {get_param: NeutronAgentMode}
629 router_distributed: {get_param: NeutronDVR}
630 mechanism_drivers: {get_param: NeutronMechanismDrivers}
631 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
633 enable_tunneling: 'True'
635 get_input: controller_host
636 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
637 bridge_mappings: {get_param: NeutronBridgeMappings}
639 get_param: NeutronPublicInterface
640 public_interface_raw_device:
641 get_param: NeutronPublicInterfaceRawDevice
642 public_interface_route:
643 get_param: NeutronPublicInterfaceDefaultRoute
644 public_interface_tag:
645 get_param: NeutronPublicInterfaceTag
646 physical_bridge: br-ex
648 get_param: NeutronNetworkType
650 get_param: NeutronTunnelTypes
654 - - mysql://neutron:unset@
656 - /ovs_neutron?charset=utf8
658 get_param: NeutronPassword
660 get_param: NeutronDnsmasqOptions
665 - - mysql://ceilometer:unset@
668 debug: {get_param: Debug}
669 metering_secret: {get_param: CeilometerMeteringSecret}
671 get_param: CeilometerPassword
673 export_MIB: UCD-SNMP-MIB
675 get_param: SnmpdReadonlyUserName
676 readonly_user_password:
677 get_param: SnmpdReadonlyUserPassword
679 compute_driver: libvirt.LibvirtDriver
683 - - mysql://nova:unset@
686 default_floating_pool:
688 host: {get_input: controller_virtual_ip}
691 get_param: NovaPassword
693 host: {get_input: controller_virtual_ip}
695 get_param: RabbitUserName
697 get_param: RabbitPassword
702 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
703 rabbit_port: {get_param: RabbitClientPort}
706 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
709 - vrrp_instance_name: VI_CONTROL
710 virtual_router_id: 51
712 get_param: ControlVirtualInterface
715 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
717 get_param: ControlVirtualInterface
718 - vrrp_instance_name: VI_PUBLIC
719 virtual_router_id: 52
721 get_param: PublicVirtualInterface
724 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
726 get_param: PublicVirtualInterface
734 get_param: PublicVirtualInterface
738 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
740 get_param: ControlVirtualInterface
742 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
744 get_param: PublicVirtualInterface
749 ip: {get_attr: [controller0, networks, ctlplane, 0]}
750 name: {get_attr: [controller0, name]}
752 - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
753 - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
755 - option httpchk GET /
757 - name: keystone_admin
759 - name: keystone_public
769 - name: glance_registry
771 options: # overwrite options as glace_reg needs auth for http req
774 - name: heat_cloudwatch
791 - name: nova_metadata
793 - name: nova_novncproxy
797 options: # overwrite options as ceil needs auth for http req
798 - name: swift_proxy_server
801 - option httpchk GET /info
810 controllerPassthrough:
811 type: OS::Heat::StructuredConfig
813 group: os-apply-config
814 config: {get_input: passthrough_config}
815 controllerPassthroughSpecific:
816 type: OS::Heat::StructuredConfig
818 group: os-apply-config
819 config: {get_input: passthrough_config_specific}
821 type: OS::Nova::Server
824 get_param: controllerImage
826 get_param: ImageUpdatePolicy
828 get_param: OvercloudControlFlavor
833 user_data_format: SOFTWARE_CONFIG
834 controller0AllNodesDeployment:
835 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
836 type: OS::Heat::StructuredDeployment
838 signal_transport: {get_param: DefaultSignalTransport}
839 config: {get_resource: allNodesConfig}
840 server: {get_resource: controller0}
841 controller0Deployment:
842 type: OS::Heat::StructuredDeployment
844 signal_transport: NO_SIGNAL
845 config: {get_resource: controllerConfig}
846 server: {get_resource: controller0}
848 bootstack_nodeid: {get_attr: [controller0, name]}
849 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
850 controller_virtual_ip:
851 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
852 heat.watch_server_url:
856 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
858 heat.metadata_server_url:
862 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
864 heat.waitcondition_server_url:
868 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
869 - ':8000/v1/waitcondition'
871 type: OS::Heat::StructuredConfig
874 completion-signal: {get_input: deploy_signal_id}
884 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
885 - {get_attr: [NovaCompute0, name]}
888 - - {get_attr: [NovaCompute0, name]}
896 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
897 - {get_attr: [BlockStorage0, name]}
900 - - {get_attr: [BlockStorage0, name]}
908 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
909 - {get_attr: [SwiftStorage0, name]}
912 - - {get_attr: [SwiftStorage0, name]}
920 - - {get_attr: [controller0, networks, ctlplane, 0]}
921 - {get_attr: [controller0, name]}
924 - - {get_attr: [controller0, name]}
926 - {get_param: CloudName}
933 {get_attr: [controller0, name]}
934 controller0SSLDeployment:
935 type: OS::Heat::StructuredDeployment
937 config: {get_resource: SSLConfig}
938 server: {get_resource: controller0}
939 signal_transport: NO_SIGNAL
941 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
942 ssl_certificate: {get_param: SSLCertificate}
943 ssl_key: {get_param: SSLKey}
944 ssl_ca_certificate: {get_param: SSLCACertificate}
945 controller0Passthrough:
946 type: OS::Heat::StructuredDeployment
948 config: {get_resource: controllerPassthrough}
949 server: {get_resource: controller0}
950 signal_transport: NO_SIGNAL
952 passthrough_config: {get_param: ExtraConfig}
953 controller0PassthroughSpecific:
954 depends_on: [controller0Passthrough]
955 type: OS::Heat::StructuredDeployment
957 config: {get_resource: controllerPassthroughSpecific}
958 server: {get_resource: controller0}
959 signal_transport: NO_SIGNAL
961 passthrough_config_specific: {get_param: controllerExtraConfig}
964 description: URL for the Overcloud Keystone service
969 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}