1 heat_template_version: 2014-10-16
4 Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
5 server,Dedicated RabbitMQ Server,Group of Nova Computes
8 # TODO(shadower): we should probably use the parameter groups to put
12 # Common parameters (not specific to a role)
15 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
18 CeilometerMeteringSecret:
20 description: Secret shared by the ceilometer services.
25 description: The password for the ceilometer service account.
30 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
34 description: Should be used for arbitrary ips.
38 description: Set to True to enable debugging on all services.
40 DefaultSignalTransport:
42 description: Transport to use for software-config signals.
45 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
48 description: Glance port.
52 description: Protocol to use when connecting to glance, set to https for SSL.
55 default: 'REBUILD_PRESERVE_EPHEMERAL'
56 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
60 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
63 - custom_constraint: nova.keypair
64 NeutronBridgeMappings:
66 The OVS logical->physical bridge mappings to use. See the Neutron
67 documentation for details. Defaults to mapping br-ex - the external
68 bridge on hosts - to a physical name 'datacentre' which can be used
69 to create provider networks (and we use this for the default floating
70 network) - if changing this either use different post-install network
71 scripts or be sure to keep 'datacentre' as a mapping network name.
73 default: "datacentre:br-ex"
74 NeutronControlPlaneID:
77 description: Neutron ID for ctlplane network.
78 NeutronEnableTunnelling:
85 If set, flat networks to configure in neutron plugins. Defaults to
86 'datacentre' to permit external network creation.
89 description: The tenant network type for Neutron, either gre or vxlan.
93 description: The password for the neutron service account, used by neutron agents.
96 NeutronPublicInterface:
98 description: What interface to bridge onto br-ex for network nodes.
100 NeutronPublicInterfaceTag:
103 VLAN tag for creating a public VLAN. The tag will be used to
104 create an access port on the exterior bridge for each control plane node,
105 and that port will be given the IP address returned by neutron from the
106 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
107 overcloud.yaml to include the deployment of VLAN ports to the control
110 NeutronComputeAgentMode:
112 description: Agent mode for the neutron-l3-agent on the compute hosts
116 description: Agent mode for the neutron-l3-agent on the controller hosts
120 description: Whether to configure Neutron Distributed Virtual Routers
122 NeutronMetadataProxySharedSecret:
124 description: Shared secret to prevent spoofing
129 The tunnel types for the Neutron tenant network. To specify multiple
130 values, use a comma separated string, like so: 'gre,vxlan'
132 NeutronMechanismDrivers:
133 default: 'openvswitch'
135 The mechanism drivers for the Neutron tenant network. To specify multiple
136 values, use a comma separated string, like so: 'openvswitch,l2_population'
138 NeutronAllowL3AgentFailover:
140 description: Allow automatic l3-agent failover
144 description: Whether to enable l3-agent HA
148 description: The password for the nova service account, used by nova-api.
154 PublicVirtualFixedIPs:
157 Control the IP allocation for the PublicVirtualInterface port. E.g.
158 [{'ip_address':'1.2.3.4'}]
160 PublicVirtualNetwork:
164 Neutron network to allocate public virtual IP port on.
168 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
171 description: The username for RabbitMQ
175 description: The password for RabbitMQ
181 Rabbit client subscriber parameter to specify
182 an SSL connection to the RabbitMQ host.
186 description: Set rabbit subscriber port, change this if using SSL
188 SnmpdReadonlyUserName:
189 default: ro_snmp_user
190 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
192 SnmpdReadonlyUserPassword:
194 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
199 # Controller-specific params
202 description: The keystone auth secret.
205 CinderLVMLoopDeviceSize:
207 description: The size of the loopback file used by the cinder LVM driver.
211 description: The password for the cinder service account, used by cinder-api.
216 description: The iSCSI helper to use with cinder.
221 controllerExtraConfig:
224 Controller specific configuration to inject into the cluster. Same
225 structure as ExtraConfig.
229 default: overcloud-control
231 - custom_constraint: glance.image
232 OvercloudControlFlavor:
233 description: Flavor for control nodes to request when deploying.
236 - custom_constraint: nova.flavor
237 ControlVirtualInterface:
239 description: Interface where virtual ip will be assigned.
244 Additional configuration to inject into the cluster. The JSON should have
245 the following structure:
248 [{"section": "SECTIONNAME",
250 [{"option": "OPTIONNAME",
261 [{"section": "default",
263 [{"option": "force_config_drive",
270 [{"option": "driver",
271 "value": "nova.cells.rpc_driver.CellsRPCDriver"
280 description: The filepath of the file to use for logging messages from Glance.
283 GlanceNotifierStrategy:
284 description: Strategy to use for Glance notification queue
289 description: The password for the glance service account, used by the glance services.
294 description: The password for the Heat service account, used by the Heat services.
297 HeatStackDomainAdminPassword:
298 description: Password for heat_domain_admin user.
302 KeystoneCACertificate:
304 description: Keystone self-signed certificate authority certificate.
306 KeystoneSigningCertificate:
308 description: Keystone certificate for verifying token validity.
312 description: Keystone key for signing tokens.
315 KeystoneSSLCertificate:
317 description: Keystone certificate for verifying token validity.
319 KeystoneSSLCertificateKey:
321 description: Keystone key for signing tokens.
324 MysqlInnodbBufferPoolSize:
326 Specifies the size of the buffer pool in megabytes. Setting to
327 zero should be interpreted as "no value" and will defer to the
331 NeutronDnsmasqOptions:
332 default: 'dhcp-option-force=26,1400'
333 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
335 NeutronPublicInterfaceDefaultRoute:
337 description: A custom default route for the NeutronPublicInterface.
339 NeutronPublicInterfaceIP:
341 description: A custom IP address to put onto the NeutronPublicInterface.
343 NeutronPublicInterfaceRawDevice:
345 description: If set, the public interface is a vlan with this device as the raw device.
347 PublicVirtualInterface:
350 Specifies the interface where the public-facing virtual ip will be assigned.
351 This should be int_public when a VLAN is being used.
355 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
360 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
365 description: If set, the contents of an SSL certificate authority file.
369 description: A random string to be used as a salt when hashing to determine mappings in the ring.
374 description: The password for the swift service account, used by the swift proxy services.
379 description: Value of mount_check in Swift account/container/object -server.conf
384 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
387 description: Partition Power to use when building Swift rings
392 description: How many replicas to use in the swift rings.
394 # Compute-specific params
395 CeilometerComputeAgent:
396 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
400 - allowed_values: ['', Present]
404 HypervisorNeutronPhysicalBridge:
407 An OVS bridge to create on each hypervisor. This defaults to br-ex the
408 same as the control plane nodes, as we have a uniform configuration of
409 the openvswitch agent. Typically should not need to be changed.
411 HypervisorNeutronPublicInterface:
413 description: What interface to add to the HypervisorNeutronPhysicalBridge.
415 NeutronNetworkVLANRanges:
416 default: 'datacentre'
418 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
419 Neutron documentation for permitted values. Defaults to permitting any
420 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
424 default: libvirt.LibvirtDriver
425 NovaComputeExtraConfig:
428 NovaCompute specific configuration to inject into the cluster. Same
429 structure as ExtraConfig.
431 NovaComputeLibvirtType:
436 default: overcloud-compute
438 - custom_constraint: glance.image
439 OvercloudComputeFlavor:
440 description: Use this flavor
443 - custom_constraint: nova.flavor
445 # Block storage specific parameters
450 default: overcloud-cinder-volume
452 OvercloudBlockStorageFlavor:
453 description: Flavor for block storage nodes to request when deploying.
456 - custom_constraint: nova.flavor
458 # Object storage specific parameters
462 OvercloudSwiftStorageFlavor:
463 description: Flavor for Swift storage nodes to request when deploying.
466 - custom_constraint: nova.flavor
468 default: overcloud-swift-storage
474 type: OS::Heat::ResourceGroup
476 count: {get_param: ControllerCount}
478 type: OS::TripleO::Controller
480 AdminPassword: {get_param: AdminPassword}
481 AdminToken: {get_param: AdminToken}
482 CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
483 CeilometerPassword: {get_param: CeilometerPassword}
484 CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
485 CinderPassword: {get_param: CinderPassword}
486 CinderISCSIHelper: {get_param: CinderISCSIHelper}
487 CloudName: {get_param: CloudName}
488 ControlVirtualInterface: {get_param: ControlVirtualInterface}
489 ControllerExtraConfig: {get_param: controllerExtraConfig}
490 ExtraConfig: {get_param: ExtraConfig}
491 Flavor: {get_param: OvercloudControlFlavor}
492 GlancePort: {get_param: GlancePort}
493 GlanceProtocol: {get_param: GlanceProtocol}
494 GlancePassword: {get_param: GlancePassword}
495 GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy}
496 GlanceLogFile: {get_param: GlanceLogFile}
497 HeatPassword: {get_param: HeatPassword}
498 HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
499 Image: {get_param: controllerImage}
500 ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
501 KeyName: {get_param: KeyName}
502 KeystoneCACertificate: {get_param: KeystoneCACertificate}
503 KeystoneSigningCertificate: {get_param: KeystoneSigningCertificate}
504 KeystoneSigningKey: {get_param: KeystoneSigningKey}
505 KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate}
506 KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey}
507 MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
508 MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize}
509 MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
510 NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP}
511 NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
512 NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
513 NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
514 NeutronPublicInterface: {get_param: NeutronPublicInterface}
515 NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute}
516 NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
517 NeutronPassword: {get_param: NeutronPassword}
518 NeutronDnsmasqOptions: {get_param: NeutronDnsmasqOptions}
519 NeutronDVR: {get_param: NeutronDVR}
520 NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
521 NeutronAgentMode: {get_param: NeutronAgentMode}
522 NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
523 NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
524 NeutronL3HA: {get_param: NeutronL3HA}
525 NeutronNetworkType: {get_param: NeutronNetworkType}
526 NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
527 NovaPassword: {get_param: NovaPassword}
528 NtpServer: {get_param: NtpServer}
529 PublicVirtualInterface: {get_param: PublicVirtualInterface}
530 RabbitUserName: {get_param: RabbitUserName}
531 RabbitPassword: {get_param: RabbitPassword}
532 RabbitCookie: {get_attr: [RabbitCookie, value]}
533 RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
534 RabbitClientPort: {get_param: RabbitClientPort}
535 SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
536 SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
537 SSLCertificate: {get_param: SSLCertificate}
538 SSLKey: {get_param: SSLKey}
539 SSLCACertificate: {get_param: SSLCACertificate}
540 SwiftHashSuffix: {get_param: SwiftHashSuffix}
541 SwiftMountCheck: {get_param: SwiftMountCheck}
542 SwiftMinPartHours: {get_param: SwiftMinPartHours}
543 SwiftPartPower: {get_param: SwiftPartPower}
544 SwiftPassword: {get_param: SwiftPassword}
545 SwiftReplicas: { get_param: SwiftReplicas}
546 VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
547 PublicVirtualIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
550 type: OS::Heat::ResourceGroup
552 count: {get_param: ComputeCount}
554 type: OS::TripleO::Compute
556 AdminPassword: {get_param: AdminPassword}
557 CeilometerComputeAgent: {get_param: CeilometerComputeAgent}
558 CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
559 CeilometerPassword: {get_param: CeilometerPassword}
560 ExtraConfig: {get_param: ExtraConfig}
561 Flavor: {get_param: OvercloudComputeFlavor}
562 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
563 GlancePort: {get_param: GlancePort}
564 GlanceProtocol: {get_param: GlanceProtocol}
565 Image: {get_param: NovaImage}
566 ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
567 KeyName: {get_param: KeyName}
568 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
569 NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
570 NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
571 NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
572 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
573 NeutronNetworkType: {get_param: NeutronNetworkType}
574 NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
575 NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
576 NeutronPassword: {get_param: NeutronPassword}
577 NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge}
578 NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface}
579 NeutronDVR: {get_param: NeutronDVR}
580 NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
581 NeutronAgentMode: {get_param: NeutronComputeAgentMode}
582 NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
583 NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
584 NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
585 NeutronL3HA: {get_param: NeutronL3HA}
586 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
587 NovaComputeDriver: {get_param: NovaComputeDriver}
588 NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig}
589 NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType}
590 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
591 NovaPassword: {get_param: NovaPassword}
592 NtpServer: {get_param: NtpServer}
593 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
594 RabbitPassword: {get_param: RabbitPassword}
595 RabbitUserName: {get_param: RabbitUserName}
596 SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
597 SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
600 type: OS::Heat::ResourceGroup
602 count: {get_param: BlockStorageCount}
604 type: OS::TripleO::BlockStorage
606 AdminPassword: {get_param: AdminPassword}
607 Image: {get_param: BlockStorageImage}
608 CinderISCSIHelper: {get_param: CinderISCSIHelper}
609 CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
610 CinderPassword: {get_param: CinderPassword}
611 VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
612 KeyName: {get_param: KeyName}
613 Flavor: {get_param: OvercloudBlockStorageFlavor}
614 RabbitPassword: {get_param: RabbitPassword}
615 RabbitUserName: {get_param: RabbitUserName}
618 type: OS::Heat::ResourceGroup
620 count: {get_param: ObjectStorageCount}
622 type: OS::TripleO::ObjectStorage
624 ControllerIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
625 KeyName: {get_param: KeyName}
626 NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
627 NeutronNetworkType: {get_param: NeutronNetworkType}
628 Flavor: {get_param: OvercloudSwiftStorageFlavor}
629 HashSuffix: {get_param: SwiftHashSuffix}
630 MountCheck: {get_param: SwiftMountCheck}
631 MinPartHours: {get_param: SwiftMinPartHours}
632 PartPower: {get_param: SwiftPartPower}
633 Password: {get_param: SwiftPassword}
634 Image: {get_param: SwiftStorageImage}
635 Replicas: { get_param: SwiftReplicas}
639 type: OS::Heat::StructuredConfig
642 completion-signal: {get_input: deploy_signal_id}
648 - {get_attr: [Compute, hosts_entry]}
651 - {get_attr: [Controller, hosts_entry]}
654 - {get_attr: [BlockStorage, hosts_entry]}
657 - {get_attr: [ObjectStorage, hosts_entry]}
662 - {get_attr: [Controller, hostname]}
664 net.ipv4.tcp_keepalive_time: 5
665 net.ipv4.tcp_keepalive_probes: 5
666 net.ipv4.tcp_keepalive_intvl: 1
669 type: OS::Heat::RandomString
673 MysqlClusterUniquePart:
674 type: OS::Heat::RandomString
679 type: OS::Heat::RandomString
682 salt: {get_param: RabbitCookieSalt}
685 type: OS::Neutron::Port
687 name: control_virtual_ip
688 network_id: {get_param: NeutronControlPlaneID}
689 fixed_ips: {get_param: ControlFixedIPs}
690 replacement_policy: AUTO
693 type: OS::Neutron::Port
695 name: public_virtual_ip
696 network: {get_param: PublicVirtualNetwork}
697 fixed_ips: {get_param: PublicVirtualFixedIPs}
698 replacement_policy: AUTO
700 ControllerBootstrapNodeConfig:
701 type: OS::Heat::StructuredConfig
703 group: os-apply-config
706 bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]}
708 ControllerBootstrapNodeDeployment:
709 type: OS::Heat::StructuredDeployments
711 config: {get_resource: ControllerBootstrapNodeConfig}
712 servers: {get_attr: [Controller, attributes, nova_server_resource]}
713 signal_transport: NO_SIGNAL
715 ControllerSwiftDeployment:
716 type: OS::Heat::StructuredDeployments
718 config: {get_resource: SwiftDevicesAndProxyConfig}
719 servers: {get_attr: [Controller, attributes, nova_server_resource]}
720 signal_transport: NO_SIGNAL
722 ObjectStorageSwiftDeployment:
723 type: OS::Heat::StructuredDeployments
725 config: {get_resource: SwiftDevicesAndProxyConfig}
726 servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
727 signal_transport: NO_SIGNAL
729 SwiftDevicesAndProxyConfig:
730 type: OS::Heat::StructuredConfig
732 group: os-apply-config
740 - {get_attr: [Controller, swift_device]}
743 - {get_attr: [ObjectStorage, swift_device]}
747 - {get_attr: [Controller, swift_proxy_memcache]}
749 ControllerClusterConfig:
750 type: OS::Heat::StructuredConfig
754 nodes: {get_attr: [Controller, corosync_node]}
758 nodes: {get_attr: [Controller, hostname]}
760 nodes: {get_attr: [Controller, corosync_node]}
762 nodes: {get_attr: [Controller, corosync_node]}
764 ControllerClusterDeployment:
765 type: OS::Heat::StructuredDeployments
767 config: {get_resource: ControllerClusterConfig}
768 servers: {get_attr: [Controller, attributes, nova_server_resource]}
769 signal_transport: NO_SIGNAL
771 ControllerAllNodesDeployment:
772 type: OS::Heat::StructuredDeployments
774 config: {get_resource: allNodesConfig}
775 servers: {get_attr: [Controller, attributes, nova_server_resource]}
777 ComputeAllNodesDeployment:
778 type: OS::Heat::StructuredDeployments
780 config: {get_resource: allNodesConfig}
781 servers: {get_attr: [Compute, attributes, nova_server_resource]}
786 description: URL for the Overcloud Keystone service
791 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}