1 description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2 server,Dedicated RabbitMQ Server,Group of Nova Computes
3 heat_template_version: 2013-05-23
7 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The keystone auth secret.
15 CeilometerComputeAgent:
16 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
20 - allowed_values: ['', Present]
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
50 description: Should be used for arbitrary ips.
52 controllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
60 default: overcloud-control
62 - custom_constraint: glance.image
63 ControlVirtualInterface:
65 description: Interface where virtual ip will be assigned.
69 description: Set to True to enable debugging on all services.
71 DefaultSignalTransport:
73 description: Transport to use for software-config signals.
76 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
80 Additional configuration to inject into the cluster. The JSON should have
81 the following structure:
84 [{"section": "SECTIONNAME",
86 [{"option": "OPTIONNAME",
97 [{"section": "default",
99 [{"option": "force_config_drive",
106 [{"option": "driver",
107 "value": "nova.cells.rpc_driver.CellsRPCDriver"
116 description: The filepath of the file to use for logging messages from Glance.
121 description: The password for the glance service account, used by the glance services.
126 description: Glance port.
130 description: Protocol to use when connecting to glance, set to https for SSL.
132 GlanceNotifierStrategy:
133 description: Strategy to use for Glance notification queue
138 description: The password for the Heat service account, used by the Heat services.
141 HeatStackDomainAdminPassword:
142 description: Password for heat_domain_admin user.
146 HypervisorNeutronPhysicalBridge:
149 An OVS bridge to create on each hypervisor. This defaults to br-ex the
150 same as the control plane nodes, as we have a uniform configuration of
151 the openvswitch agent. Typically should not need to be changed.
153 HypervisorNeutronPublicInterface:
155 description: What interface to add to the HypervisorNeutronPhysicalBridge.
158 default: 'REBUILD_PRESERVE_EPHEMERAL'
159 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
163 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
166 - custom_constraint: nova.keypair
167 KeystoneCACertificate:
169 description: Keystone self-signed certificate authority certificate.
171 KeystoneSigningCertificate:
173 description: Keystone certificate for verifying token validity.
177 description: Keystone key for signing tokens.
180 KeystoneSSLCertificate:
182 description: Keystone certificate for verifying token validity.
184 KeystoneSSLCertificateKey:
186 description: Keystone key for signing tokens.
189 LiveUpdateComputeImage:
191 description: The image ID for live-updates to the overcloud compute nodes.
195 description: The IP address for the undercloud Glance API.
200 description: The live-update password for the undercloud Glance API.
202 LiveUpdateTenantName:
204 description: The live-update tenant name for the undercloud Glance API.
208 description: The live-update username for the undercloud Glance API.
210 MysqlInnodbBufferPoolSize:
212 Specifies the size of the buffer pool in megabytes. Setting to
213 zero should be interpreted as "no value" and will defer to the
217 NeutronBridgeMappings:
219 The OVS logical->physical bridge mappings to use. See the Neutron
220 documentation for details. Defaults to mapping br-ex - the external
221 bridge on hosts - to a physical name 'datacentre' which can be used
222 to create provider networks (and we use this for the default floating
223 network) - if changing this either use different post-install network
224 scripts or be sure to keep 'datacentre' as a mapping network name.
226 default: "datacentre:br-ex"
227 NeutronControlPlaneID:
230 description: Neutron ID for ctlplane network.
231 NeutronDnsmasqOptions:
232 default: 'dhcp-option-force=26,1400'
233 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
237 default: 'datacentre'
239 If set, flat networks to configure in neutron plugins. Defaults to
240 'datacentre' to permit external network creation.
243 description: The tenant network type for Neutron, either gre or vxlan.
245 NeutronNetworkVLANRanges:
246 default: 'datacentre'
248 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
249 Neutron documentation for permitted values. Defaults to permitting any
250 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
254 description: The password for the neutron service account, used by neutron agents.
257 NeutronPublicInterface:
259 description: What interface to bridge onto br-ex for network nodes.
261 NeutronPublicInterfaceDefaultRoute:
263 description: A custom default route for the NeutronPublicInterface.
265 NeutronPublicInterfaceIP:
267 description: A custom IP address to put onto the NeutronPublicInterface.
269 NeutronPublicInterfaceRawDevice:
271 description: If set, the public interface is a vlan with this device as the raw device.
273 NeutronPublicInterfaceTag:
276 VLAN tag for creating a public VLAN. The tag will be used to
277 create an access port on the exterior bridge for each control plane node,
278 and that port will be given the IP address returned by neutron from the
279 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
280 overcloud.yaml to include the deployment of VLAN ports to the control
283 NeutronPublicInterfaceRawDevice:
285 description: If set, the public interface is a vlan with this device as the raw device.
287 NeutronComputeAgentMode:
289 description: Agent mode for the neutron-l3-agent on the compute hosts
293 description: Agent mode for the neutron-l3-agent on the controller hosts
297 description: Whether to configure Neutron Distributed Virtual Routers
299 NeutronMetadataProxySharedSecret:
301 description: Shared secret to prevent spoofing
305 description: The tenant network type for Neutron, either gre or vxlan.
310 The tunnel types for the Neutron tenant network. To specify multiple
311 values, use a comma separated string, like so: 'gre,vxlan'
313 NeutronMechanismDrivers:
314 default: 'openvswitch'
316 The mechanism drivers for the Neutron tenant network. To specify multiple
317 values, use a comma separated string, like so: 'openvswitch,l2_population'
319 NeutronAllowL3AgentFailover:
321 description: Allow automatic l3-agent failover
324 default: libvirt.LibvirtDriver
326 NovaComputeExtraConfig:
329 NovaCompute specific configuration to inject into the cluster. Same
330 structure as ExtraConfig.
332 NovaComputeLibvirtType:
337 default: overcloud-compute
339 - custom_constraint: glance.image
342 description: The password for the nova service account, used by nova-api.
348 OvercloudComputeFlavor:
350 description: Flavor for compute nodes to request when deploying.
353 - custom_constraint: nova.flavor
354 OvercloudControlFlavor:
356 description: Flavor for control nodes to request when deploying.
359 - custom_constraint: nova.flavor
360 PublicVirtualFixedIPs:
363 Control the IP allocation for the PublicVirtualInterface port. E.g.
364 [{'ip_address':'1.2.3.4'}]
366 PublicVirtualInterface:
369 Specifies the interface where the public-facing virtual ip will be assigned.
370 This should be int_public when a VLAN is being used.
372 PublicVirtualNetwork:
376 Neutron network to allocate public virtual IP port on.
380 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
383 description: The password for RabbitMQ
388 description: The username for RabbitMQ
393 Rabbit client subscriber parameter to specify
394 an SSL connection to the RabbitMQ host.
398 description: Set rabbit subscriber port, change this if using SSL
400 SnmpdReadonlyUserName:
401 default: ro_snmp_user
402 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
404 SnmpdReadonlyUserPassword:
406 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
411 type: OS::Neutron::Port
413 name: control_virtual_ip
414 network_id: {get_param: NeutronControlPlaneID}
416 get_param: ControlFixedIPs
417 replacement_policy: AUTO
418 MysqlClusterUniquePart:
419 type: OS::Heat::RandomString
423 type: OS::Heat::RandomString
427 type: OS::Neutron::Port
429 name: public_virtual_ip
430 network: {get_param: PublicVirtualNetwork}
432 get_param: PublicVirtualFixedIPs
433 replacement_policy: AUTO
435 type: OS::Heat::RandomString
439 get_param: RabbitCookieSalt
440 NovaCompute0Deployment:
442 Path: nova-compute-instance.yaml
443 SubKey: resources.NovaCompute0Deployment
445 DefaultSignalTransport:
446 get_param: DefaultSignalTransport
447 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
448 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
449 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
450 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
451 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
455 - - mysql://nova:unset@
456 - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
458 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
462 - - mysql://ceilometer:unset@
463 - *compute_database_host
468 - - mysql://neutron:unset@
469 - *compute_database_host
472 get_param: NeutronNetworkType
474 get_param: NeutronTunnelTypes
475 NeutronEnableTunnelling: "True"
477 get_param: NeutronFlatNetworks
478 NeutronNetworkVLANRanges:
479 get_param: NeutronNetworkVLANRanges
480 NeutronPhysicalBridge:
481 get_param: HypervisorNeutronPhysicalBridge
482 NeutronPublicInterface:
483 get_param: HypervisorNeutronPublicInterface
484 NeutronBridgeMappings:
485 get_param: NeutronBridgeMappings
487 get_param: NeutronDVR
489 get_param: NeutronComputeAgentMode
490 NeutronPublicInterfaceRawDevice:
491 get_param: NeutronPublicInterfaceRawDevice
492 NeutronMechanismDrivers:
493 get_param: NeutronMechanismDrivers
494 NeutronAllowL3AgentFailover:
495 get_param: NeutronAllowL3AgentFailover
496 NovaCompute0AllNodesDeployment:
498 Path: nova-compute-instance.yaml
499 SubKey: resources.NovaCompute0AllNodesDeployment
501 AllNodesConfig: {get_resource: allNodesConfig}
504 Path: nova-compute-instance.yaml
505 SubKey: resources.NovaCompute0
506 NovaCompute0Passthrough:
508 Path: nova-compute-instance.yaml
509 SubKey: resources.NovaCompute0Passthrough
511 passthrough_config: {get_param: ExtraConfig}
512 NovaCompute0PassthroughSpecific:
514 Path: nova-compute-instance.yaml
515 SubKey: resources.NovaCompute0PassthroughSpecific
517 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
519 type: OS::Heat::StructuredConfig
521 group: os-apply-config
524 get_param: AdminPassword
526 get_param: AdminToken
529 get_param: NeutronPublicInterfaceIP
541 nodeid: {get_input: bootstack_nodeid}
544 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
549 - - mysql://cinder:unset@
552 debug: {get_param: Debug}
554 get_param: CinderLVMLoopDeviceSize
556 get_param: CinderPassword
558 get_param: CinderISCSIHelper
560 get_input: controller_host
562 bindnetaddr: {get_input: controller_host}
567 ip: {get_attr: [controller0, networks, ctlplane, 0]}
569 stonith_enabled : false
571 quorum_policy : ignore
575 host: {get_input: controller_virtual_ip}
580 - - mysql://glance:unset@
583 debug: {get_param: Debug}
585 get_input: controller_virtual_ip
587 get_param: GlancePort
589 get_param: GlanceProtocol
591 get_param: GlancePassword
592 swift-store-user: service:glance
594 get_param: GlancePassword
596 get_param: GlanceNotifierStrategy
598 get_param: GlanceLogFile
601 get_param: HeatPassword
602 admin_tenant_name: service
604 auth_encryption_key: unset___________
608 - - mysql://heat:unset@
611 debug: {get_param: Debug}
612 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
613 watch_server_url: {get_input: heat.watch_server_url}
614 metadata_server_url: {get_input: heat.metadata_server_url}
615 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
622 {get_attr: [controller0, name]}
627 - - mysql://keystone:unset@
630 debug: {get_param: Debug}
632 get_input: controller_virtual_ip
633 ca_certificate: {get_param: KeystoneCACertificate}
634 signing_key: {get_param: KeystoneSigningKey}
635 signing_certificate: {get_param: KeystoneSigningCertificate}
637 certificate: {get_param: KeystoneSSLCertificate}
638 certificate_key: {get_param: KeystoneSSLCertificateKey}
640 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
642 root-password: {get_resource: MysqlRootPassword}
646 ip: {get_attr: [controller0, networks, ctlplane, 0]}
651 - {get_resource: MysqlClusterUniquePart}
653 debug: {get_param: Debug}
654 flat-networks: {get_param: NeutronFlatNetworks}
655 host: {get_input: controller_virtual_ip}
656 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
657 agent_mode: {get_param: NeutronAgentMode}
658 router_distributed: {get_param: NeutronDVR}
659 mechanism_drivers: {get_param: NeutronMechanismDrivers}
660 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
662 enable_tunneling: 'True'
664 get_input: controller_host
665 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
666 bridge_mappings: {get_param: NeutronBridgeMappings}
668 get_param: NeutronPublicInterface
669 public_interface_raw_device:
670 get_param: NeutronPublicInterfaceRawDevice
671 public_interface_route:
672 get_param: NeutronPublicInterfaceDefaultRoute
673 public_interface_tag:
674 get_param: NeutronPublicInterfaceTag
675 physical_bridge: br-ex
677 get_param: NeutronNetworkType
679 get_param: NeutronTunnelTypes
683 - - mysql://neutron:unset@
685 - /ovs_neutron?charset=utf8
687 get_param: NeutronPassword
689 get_param: NeutronDnsmasqOptions
694 - - mysql://ceilometer:unset@
697 debug: {get_param: Debug}
698 metering_secret: {get_param: CeilometerMeteringSecret}
700 get_param: CeilometerPassword
702 export_MIB: UCD-SNMP-MIB
704 get_param: SnmpdReadonlyUserName
705 readonly_user_password:
706 get_param: SnmpdReadonlyUserPassword
708 compute_driver: libvirt.LibvirtDriver
712 - - mysql://nova:unset@
715 default_floating_pool:
717 host: {get_input: controller_virtual_ip}
720 get_param: NovaPassword
722 host: {get_input: controller_virtual_ip}
724 get_param: RabbitUserName
726 get_param: RabbitPassword
731 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
732 rabbit_port: {get_param: RabbitClientPort}
735 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
738 - vrrp_instance_name: VI_CONTROL
739 virtual_router_id: 51
741 get_param: ControlVirtualInterface
744 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
746 get_param: ControlVirtualInterface
747 - vrrp_instance_name: VI_PUBLIC
748 virtual_router_id: 52
750 get_param: PublicVirtualInterface
753 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
755 get_param: PublicVirtualInterface
763 get_param: PublicVirtualInterface
767 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
769 get_param: ControlVirtualInterface
771 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
773 get_param: PublicVirtualInterface
778 ip: {get_attr: [controller0, networks, ctlplane, 0]}
779 name: {get_attr: [controller0, name]}
781 - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
782 - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
784 - option httpchk GET /
786 - name: keystone_admin
788 - name: keystone_public
798 - name: glance_registry
800 options: # overwrite options as glace_reg needs auth for http req
803 - name: heat_cloudwatch
820 - name: nova_metadata
822 - name: nova_novncproxy
826 options: # overwrite options as ceil needs auth for http req
827 - name: swift_proxy_server
830 - option httpchk GET /info
839 controllerPassthrough:
840 type: OS::Heat::StructuredConfig
842 group: os-apply-config
843 config: {get_input: passthrough_config}
844 controllerPassthroughSpecific:
845 type: OS::Heat::StructuredConfig
847 group: os-apply-config
848 config: {get_input: passthrough_config_specific}
850 type: OS::Nova::Server
853 get_param: controllerImage
855 get_param: ImageUpdatePolicy
857 get_param: OvercloudControlFlavor
862 user_data_format: SOFTWARE_CONFIG
863 controller0AllNodesDeployment:
864 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
865 type: OS::Heat::StructuredDeployment
867 signal_transport: {get_param: DefaultSignalTransport}
868 config: {get_resource: allNodesConfig}
869 server: {get_resource: controller0}
870 controller0Deployment:
871 type: OS::Heat::StructuredDeployment
873 signal_transport: NO_SIGNAL
874 config: {get_resource: controllerConfig}
875 server: {get_resource: controller0}
877 bootstack_nodeid: {get_attr: [controller0, name]}
878 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
879 controller_virtual_ip:
880 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
881 heat.watch_server_url:
885 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
887 heat.metadata_server_url:
891 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
893 heat.waitcondition_server_url:
897 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
898 - ':8000/v1/waitcondition'
900 type: OS::Heat::StructuredConfig
903 completion-signal: {get_input: deploy_signal_id}
913 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
914 - {get_attr: [NovaCompute0, name]}
917 - - {get_attr: [NovaCompute0, name]}
925 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
926 - {get_attr: [BlockStorage0, name]}
929 - - {get_attr: [BlockStorage0, name]}
937 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
938 - {get_attr: [SwiftStorage0, name]}
941 - - {get_attr: [SwiftStorage0, name]}
949 - - {get_attr: [controller0, networks, ctlplane, 0]}
950 - {get_attr: [controller0, name]}
953 - - {get_attr: [controller0, name]}
955 - {get_param: CloudName}
962 {get_attr: [controller0, name]}
963 controller0SSLDeployment:
964 type: OS::Heat::StructuredDeployment
966 config: {get_resource: SSLConfig}
967 server: {get_resource: controller0}
968 signal_transport: NO_SIGNAL
970 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
971 ssl_certificate: {get_param: SSLCertificate}
972 ssl_key: {get_param: SSLKey}
973 ssl_ca_certificate: {get_param: SSLCACertificate}
974 controller0Passthrough:
975 type: OS::Heat::StructuredDeployment
977 config: {get_resource: controllerPassthrough}
978 server: {get_resource: controller0}
979 signal_transport: NO_SIGNAL
981 passthrough_config: {get_param: ExtraConfig}
982 controller0PassthroughSpecific:
983 depends_on: [controller0Passthrough]
984 type: OS::Heat::StructuredDeployment
986 config: {get_resource: controllerPassthroughSpecific}
987 server: {get_resource: controller0}
988 signal_transport: NO_SIGNAL
990 passthrough_config_specific: {get_param: controllerExtraConfig}
993 description: URL for the Overcloud Keystone service
998 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}