1 description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
2 server,Dedicated RabbitMQ Server,Group of Nova Computes
3 heat_template_version: 2013-05-23
7 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The keystone auth secret.
15 CeilometerComputeAgent:
16 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
20 - allowed_values: ['', Present]
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service account.
33 description: The iSCSI helper to use with cinder.
35 CinderLVMLoopDeviceSize:
37 description: The size of the loopback file used by the cinder LVM driver.
41 description: The password for the cinder service account, used by cinder-api.
46 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
50 description: Should be used for arbitrary ips.
52 controllerExtraConfig:
55 Controller specific configuration to inject into the cluster. Same
56 structure as ExtraConfig.
60 default: overcloud-control
62 - custom_constraint: glance.image
63 ControlVirtualInterface:
65 description: Interface where virtual ip will be assigned.
69 description: Set to True to enable debugging on all services.
71 DefaultSignalTransport:
73 description: Transport to use for software-config signals.
76 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
80 Additional configuration to inject into the cluster. The JSON should have
81 the following structure:
84 [{"section": "SECTIONNAME",
86 [{"option": "OPTIONNAME",
97 [{"section": "default",
99 [{"option": "force_config_drive",
106 [{"option": "driver",
107 "value": "nova.cells.rpc_driver.CellsRPCDriver"
116 description: The filepath of the file to use for logging messages from Glance.
121 description: The password for the glance service account, used by the glance services.
126 description: Glance port.
130 description: Protocol to use when connecting to glance, set to https for SSL.
132 GlanceNotifierStrategy:
133 description: Strategy to use for Glance notification queue
138 description: The password for the Heat service account, used by the Heat services.
141 HeatStackDomainAdminPassword:
142 description: Password for heat_domain_admin user.
146 HypervisorNeutronPhysicalBridge:
149 An OVS bridge to create on each hypervisor. This defaults to br-ex the
150 same as the control plane nodes, as we have a uniform configuration of
151 the openvswitch agent. Typically should not need to be changed.
153 HypervisorNeutronPublicInterface:
155 description: What interface to add to the HypervisorNeutronPhysicalBridge.
158 default: 'REBUILD_PRESERVE_EPHEMERAL'
159 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
163 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
166 - custom_constraint: nova.keypair
167 KeystoneCACertificate:
169 description: Keystone self-signed certificate authority certificate.
171 KeystoneSigningCertificate:
173 description: Keystone certificate for verifying token validity.
177 description: Keystone key for signing tokens.
180 KeystoneSSLCertificate:
182 description: Keystone certificate for verifying token validity.
184 KeystoneSSLCertificateKey:
186 description: Keystone key for signing tokens.
189 MysqlInnodbBufferPoolSize:
191 Specifies the size of the buffer pool in megabytes. Setting to
192 zero should be interpreted as "no value" and will defer to the
196 NeutronBridgeMappings:
198 The OVS logical->physical bridge mappings to use. See the Neutron
199 documentation for details. Defaults to mapping br-ex - the external
200 bridge on hosts - to a physical name 'datacentre' which can be used
201 to create provider networks (and we use this for the default floating
202 network) - if changing this either use different post-install network
203 scripts or be sure to keep 'datacentre' as a mapping network name.
205 default: "datacentre:br-ex"
206 NeutronControlPlaneID:
209 description: Neutron ID for ctlplane network.
210 NeutronDnsmasqOptions:
211 default: 'dhcp-option-force=26,1400'
212 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
216 default: 'datacentre'
218 If set, flat networks to configure in neutron plugins. Defaults to
219 'datacentre' to permit external network creation.
222 description: The tenant network type for Neutron, either gre or vxlan.
224 NeutronNetworkVLANRanges:
225 default: 'datacentre'
227 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
228 Neutron documentation for permitted values. Defaults to permitting any
229 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
233 description: The password for the neutron service account, used by neutron agents.
236 NeutronPublicInterface:
238 description: What interface to bridge onto br-ex for network nodes.
240 NeutronPublicInterfaceDefaultRoute:
242 description: A custom default route for the NeutronPublicInterface.
244 NeutronPublicInterfaceIP:
246 description: A custom IP address to put onto the NeutronPublicInterface.
248 NeutronPublicInterfaceRawDevice:
250 description: If set, the public interface is a vlan with this device as the raw device.
252 NeutronPublicInterfaceTag:
255 VLAN tag for creating a public VLAN. The tag will be used to
256 create an access port on the exterior bridge for each control plane node,
257 and that port will be given the IP address returned by neutron from the
258 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
259 overcloud.yaml to include the deployment of VLAN ports to the control
262 NeutronPublicInterfaceRawDevice:
264 description: If set, the public interface is a vlan with this device as the raw device.
266 NeutronComputeAgentMode:
268 description: Agent mode for the neutron-l3-agent on the compute hosts
272 description: Agent mode for the neutron-l3-agent on the controller hosts
276 description: Whether to configure Neutron Distributed Virtual Routers
278 NeutronMetadataProxySharedSecret:
280 description: Shared secret to prevent spoofing
284 description: The tenant network type for Neutron, either gre or vxlan.
289 The tunnel types for the Neutron tenant network. To specify multiple
290 values, use a comma separated string, like so: 'gre,vxlan'
292 NeutronMechanismDrivers:
293 default: 'openvswitch'
295 The mechanism drivers for the Neutron tenant network. To specify multiple
296 values, use a comma separated string, like so: 'openvswitch,l2_population'
298 NeutronAllowL3AgentFailover:
300 description: Allow automatic l3-agent failover
303 default: libvirt.LibvirtDriver
305 NovaComputeExtraConfig:
308 NovaCompute specific configuration to inject into the cluster. Same
309 structure as ExtraConfig.
311 NovaComputeLibvirtType:
316 default: overcloud-compute
318 - custom_constraint: glance.image
321 description: The password for the nova service account, used by nova-api.
327 OvercloudComputeFlavor:
329 description: Flavor for compute nodes to request when deploying.
332 - custom_constraint: nova.flavor
333 OvercloudControlFlavor:
335 description: Flavor for control nodes to request when deploying.
338 - custom_constraint: nova.flavor
339 PublicVirtualFixedIPs:
342 Control the IP allocation for the PublicVirtualInterface port. E.g.
343 [{'ip_address':'1.2.3.4'}]
345 PublicVirtualInterface:
348 Specifies the interface where the public-facing virtual ip will be assigned.
349 This should be int_public when a VLAN is being used.
351 PublicVirtualNetwork:
355 Neutron network to allocate public virtual IP port on.
359 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
362 description: The password for RabbitMQ
367 description: The username for RabbitMQ
372 Rabbit client subscriber parameter to specify
373 an SSL connection to the RabbitMQ host.
377 description: Set rabbit subscriber port, change this if using SSL
379 SnmpdReadonlyUserName:
380 default: ro_snmp_user
381 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
383 SnmpdReadonlyUserPassword:
385 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
390 type: OS::Neutron::Port
392 name: control_virtual_ip
393 network_id: {get_param: NeutronControlPlaneID}
395 get_param: ControlFixedIPs
396 replacement_policy: AUTO
397 MysqlClusterUniquePart:
398 type: OS::Heat::RandomString
402 type: OS::Heat::RandomString
406 type: OS::Neutron::Port
408 name: public_virtual_ip
409 network: {get_param: PublicVirtualNetwork}
411 get_param: PublicVirtualFixedIPs
412 replacement_policy: AUTO
414 type: OS::Heat::RandomString
418 get_param: RabbitCookieSalt
419 NovaCompute0Deployment:
421 Path: nova-compute-instance.yaml
422 SubKey: resources.NovaCompute0Deployment
424 DefaultSignalTransport:
425 get_param: DefaultSignalTransport
426 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
427 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
428 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
429 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
430 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
434 - - mysql://nova:unset@
435 - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
437 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
441 - - mysql://ceilometer:unset@
442 - *compute_database_host
447 - - mysql://neutron:unset@
448 - *compute_database_host
451 get_param: NeutronNetworkType
453 get_param: NeutronTunnelTypes
454 NeutronEnableTunnelling: "True"
456 get_param: NeutronFlatNetworks
457 NeutronNetworkVLANRanges:
458 get_param: NeutronNetworkVLANRanges
459 NeutronPhysicalBridge:
460 get_param: HypervisorNeutronPhysicalBridge
461 NeutronPublicInterface:
462 get_param: HypervisorNeutronPublicInterface
463 NeutronBridgeMappings:
464 get_param: NeutronBridgeMappings
466 get_param: NeutronDVR
468 get_param: NeutronComputeAgentMode
469 NeutronPublicInterfaceRawDevice:
470 get_param: NeutronPublicInterfaceRawDevice
471 NeutronMechanismDrivers:
472 get_param: NeutronMechanismDrivers
473 NeutronAllowL3AgentFailover:
474 get_param: NeutronAllowL3AgentFailover
475 NovaCompute0AllNodesDeployment:
477 Path: nova-compute-instance.yaml
478 SubKey: resources.NovaCompute0AllNodesDeployment
480 AllNodesConfig: {get_resource: allNodesConfig}
483 Path: nova-compute-instance.yaml
484 SubKey: resources.NovaCompute0
485 NovaCompute0Passthrough:
487 Path: nova-compute-instance.yaml
488 SubKey: resources.NovaCompute0Passthrough
490 passthrough_config: {get_param: ExtraConfig}
491 NovaCompute0PassthroughSpecific:
493 Path: nova-compute-instance.yaml
494 SubKey: resources.NovaCompute0PassthroughSpecific
496 passthrough_config_specific: {get_param: NovaComputeExtraConfig}
498 type: OS::Heat::StructuredConfig
500 group: os-apply-config
503 get_param: AdminPassword
505 get_param: AdminToken
508 get_param: NeutronPublicInterfaceIP
520 nodeid: {get_input: bootstack_nodeid}
523 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
528 - - mysql://cinder:unset@
531 debug: {get_param: Debug}
533 get_param: CinderLVMLoopDeviceSize
535 get_param: CinderPassword
537 get_param: CinderISCSIHelper
539 get_input: controller_host
541 bindnetaddr: {get_input: controller_host}
546 ip: {get_attr: [controller0, networks, ctlplane, 0]}
548 stonith_enabled : false
550 quorum_policy : ignore
554 host: {get_input: controller_virtual_ip}
559 - - mysql://glance:unset@
562 debug: {get_param: Debug}
564 get_input: controller_virtual_ip
566 get_param: GlancePort
568 get_param: GlanceProtocol
570 get_param: GlancePassword
571 swift-store-user: service:glance
573 get_param: GlancePassword
575 get_param: GlanceNotifierStrategy
577 get_param: GlanceLogFile
580 get_param: HeatPassword
581 admin_tenant_name: service
583 auth_encryption_key: unset___________
587 - - mysql://heat:unset@
590 debug: {get_param: Debug}
591 stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
592 watch_server_url: {get_input: heat.watch_server_url}
593 metadata_server_url: {get_input: heat.metadata_server_url}
594 waitcondition_server_url: {get_input: heat.waitcondition_server_url}
601 {get_attr: [controller0, name]}
606 - - mysql://keystone:unset@
609 debug: {get_param: Debug}
611 get_input: controller_virtual_ip
612 ca_certificate: {get_param: KeystoneCACertificate}
613 signing_key: {get_param: KeystoneSigningKey}
614 signing_certificate: {get_param: KeystoneSigningCertificate}
616 certificate: {get_param: KeystoneSSLCertificate}
617 certificate_key: {get_param: KeystoneSSLCertificateKey}
619 innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
621 root-password: {get_resource: MysqlRootPassword}
625 ip: {get_attr: [controller0, networks, ctlplane, 0]}
630 - {get_resource: MysqlClusterUniquePart}
632 debug: {get_param: Debug}
633 flat-networks: {get_param: NeutronFlatNetworks}
634 host: {get_input: controller_virtual_ip}
635 metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
636 agent_mode: {get_param: NeutronAgentMode}
637 router_distributed: {get_param: NeutronDVR}
638 mechanism_drivers: {get_param: NeutronMechanismDrivers}
639 allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
641 enable_tunneling: 'True'
643 get_input: controller_host
644 network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
645 bridge_mappings: {get_param: NeutronBridgeMappings}
647 get_param: NeutronPublicInterface
648 public_interface_raw_device:
649 get_param: NeutronPublicInterfaceRawDevice
650 public_interface_route:
651 get_param: NeutronPublicInterfaceDefaultRoute
652 public_interface_tag:
653 get_param: NeutronPublicInterfaceTag
654 physical_bridge: br-ex
656 get_param: NeutronNetworkType
658 get_param: NeutronTunnelTypes
662 - - mysql://neutron:unset@
664 - /ovs_neutron?charset=utf8
666 get_param: NeutronPassword
668 get_param: NeutronDnsmasqOptions
673 - - mysql://ceilometer:unset@
676 debug: {get_param: Debug}
677 metering_secret: {get_param: CeilometerMeteringSecret}
679 get_param: CeilometerPassword
681 export_MIB: UCD-SNMP-MIB
683 get_param: SnmpdReadonlyUserName
684 readonly_user_password:
685 get_param: SnmpdReadonlyUserPassword
687 compute_driver: libvirt.LibvirtDriver
691 - - mysql://nova:unset@
694 default_floating_pool:
696 host: {get_input: controller_virtual_ip}
699 get_param: NovaPassword
701 host: {get_input: controller_virtual_ip}
703 get_param: RabbitUserName
705 get_param: RabbitPassword
710 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
711 rabbit_port: {get_param: RabbitClientPort}
714 - {server: {get_param: NtpServer}, fudge: "stratum 0"}
717 - vrrp_instance_name: VI_CONTROL
718 virtual_router_id: 51
720 get_param: ControlVirtualInterface
723 - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
725 get_param: ControlVirtualInterface
726 - vrrp_instance_name: VI_PUBLIC
727 virtual_router_id: 52
729 get_param: PublicVirtualInterface
732 - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
734 get_param: PublicVirtualInterface
742 get_param: PublicVirtualInterface
746 ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
748 get_param: ControlVirtualInterface
750 ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
752 get_param: PublicVirtualInterface
757 ip: {get_attr: [controller0, networks, ctlplane, 0]}
758 name: {get_attr: [controller0, name]}
760 - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
761 - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
763 - option httpchk GET /
765 - name: keystone_admin
767 - name: keystone_public
777 - name: glance_registry
779 options: # overwrite options as glace_reg needs auth for http req
782 - name: heat_cloudwatch
799 - name: nova_metadata
801 - name: nova_novncproxy
805 options: # overwrite options as ceil needs auth for http req
806 - name: swift_proxy_server
809 - option httpchk GET /info
817 controllerPassthrough:
818 type: OS::Heat::StructuredConfig
820 group: os-apply-config
821 config: {get_input: passthrough_config}
822 controllerPassthroughSpecific:
823 type: OS::Heat::StructuredConfig
825 group: os-apply-config
826 config: {get_input: passthrough_config_specific}
828 type: OS::Nova::Server
831 get_param: controllerImage
833 get_param: ImageUpdatePolicy
835 get_param: OvercloudControlFlavor
840 user_data_format: SOFTWARE_CONFIG
841 controller0AllNodesDeployment:
842 depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0PassthroughSpecific]
843 type: OS::Heat::StructuredDeployment
845 signal_transport: {get_param: DefaultSignalTransport}
846 config: {get_resource: allNodesConfig}
847 server: {get_resource: controller0}
848 controller0Deployment:
849 type: OS::Heat::StructuredDeployment
851 signal_transport: NO_SIGNAL
852 config: {get_resource: controllerConfig}
853 server: {get_resource: controller0}
855 bootstack_nodeid: {get_attr: [controller0, name]}
856 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
857 controller_virtual_ip:
858 {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
859 heat.watch_server_url:
863 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
865 heat.metadata_server_url:
869 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
871 heat.waitcondition_server_url:
875 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
876 - ':8000/v1/waitcondition'
878 type: OS::Heat::StructuredConfig
881 completion-signal: {get_input: deploy_signal_id}
891 - - {get_attr: [NovaCompute0, networks, ctlplane, 0]}
892 - {get_attr: [NovaCompute0, name]}
895 - - {get_attr: [NovaCompute0, name]}
903 - - {get_attr: [BlockStorage0, networks, ctlplane, 0]}
904 - {get_attr: [BlockStorage0, name]}
907 - - {get_attr: [BlockStorage0, name]}
915 - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]}
916 - {get_attr: [SwiftStorage0, name]}
919 - - {get_attr: [SwiftStorage0, name]}
927 - - {get_attr: [controller0, networks, ctlplane, 0]}
928 - {get_attr: [controller0, name]}
931 - - {get_attr: [controller0, name]}
933 - {get_param: CloudName}
940 {get_attr: [controller0, name]}
941 controller0SSLDeployment:
942 type: OS::Heat::StructuredDeployment
944 config: {get_resource: SSLConfig}
945 server: {get_resource: controller0}
946 signal_transport: NO_SIGNAL
948 controller_host: {get_attr: [controller0, networks, ctlplane, 0]}
949 ssl_certificate: {get_param: SSLCertificate}
950 ssl_key: {get_param: SSLKey}
951 ssl_ca_certificate: {get_param: SSLCACertificate}
952 controller0Passthrough:
953 type: OS::Heat::StructuredDeployment
955 config: {get_resource: controllerPassthrough}
956 server: {get_resource: controller0}
957 signal_transport: NO_SIGNAL
959 passthrough_config: {get_param: ExtraConfig}
960 controller0PassthroughSpecific:
961 depends_on: [controller0Passthrough]
962 type: OS::Heat::StructuredDeployment
964 config: {get_resource: controllerPassthroughSpecific}
965 server: {get_resource: controller0}
966 signal_transport: NO_SIGNAL
968 passthrough_config_specific: {get_param: controllerExtraConfig}
971 description: URL for the Overcloud Keystone service
976 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}