1 heat_template_version: 2014-10-16
4 Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
5 server,Dedicated RabbitMQ Server,Group of Nova Computes
8 # TODO(shadower): we should probably use the parameter groups to put
12 # Common parameters (not specific to a role)
15 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
18 CeilometerMeteringSecret:
20 description: Secret shared by the ceilometer services.
25 description: The password for the ceilometer service account.
30 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
34 description: Should be used for arbitrary ips.
38 description: Set to True to enable debugging on all services.
40 DefaultSignalTransport:
42 description: Transport to use for software-config signals.
45 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
48 description: Glance port.
52 description: Protocol to use when connecting to glance, set to https for SSL.
55 default: 'REBUILD_PRESERVE_EPHEMERAL'
56 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
60 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
63 - custom_constraint: nova.keypair
64 NeutronBridgeMappings:
66 The OVS logical->physical bridge mappings to use. See the Neutron
67 documentation for details. Defaults to mapping br-ex - the external
68 bridge on hosts - to a physical name 'datacentre' which can be used
69 to create provider networks (and we use this for the default floating
70 network) - if changing this either use different post-install network
71 scripts or be sure to keep 'datacentre' as a mapping network name.
73 default: "datacentre:br-ex"
74 NeutronControlPlaneID:
77 description: Neutron ID for ctlplane network.
78 NeutronEnableTunnelling:
85 If set, flat networks to configure in neutron plugins. Defaults to
86 'datacentre' to permit external network creation.
89 description: The tenant network type for Neutron, either gre or vxlan.
93 description: The password for the neutron service account, used by neutron agents.
96 NeutronPublicInterface:
98 description: What interface to bridge onto br-ex for network nodes.
100 NeutronPublicInterfaceTag:
103 VLAN tag for creating a public VLAN. The tag will be used to
104 create an access port on the exterior bridge for each control plane node,
105 and that port will be given the IP address returned by neutron from the
106 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
107 overcloud.yaml to include the deployment of VLAN ports to the control
110 NeutronComputeAgentMode:
112 description: Agent mode for the neutron-l3-agent on the compute hosts
116 description: Agent mode for the neutron-l3-agent on the controller hosts
120 description: Whether to configure Neutron Distributed Virtual Routers
122 NeutronMetadataProxySharedSecret:
124 description: Shared secret to prevent spoofing
129 The tunnel types for the Neutron tenant network. To specify multiple
130 values, use a comma separated string, like so: 'gre,vxlan'
132 NeutronMechanismDrivers:
133 default: 'openvswitch'
135 The mechanism drivers for the Neutron tenant network. To specify multiple
136 values, use a comma separated string, like so: 'openvswitch,l2_population'
138 NeutronAllowL3AgentFailover:
140 description: Allow automatic l3-agent failover
144 description: The password for the nova service account, used by nova-api.
150 PublicVirtualFixedIPs:
153 Control the IP allocation for the PublicVirtualInterface port. E.g.
154 [{'ip_address':'1.2.3.4'}]
156 PublicVirtualNetwork:
160 Neutron network to allocate public virtual IP port on.
164 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
167 description: The username for RabbitMQ
171 description: The password for RabbitMQ
177 Rabbit client subscriber parameter to specify
178 an SSL connection to the RabbitMQ host.
182 description: Set rabbit subscriber port, change this if using SSL
184 SnmpdReadonlyUserName:
185 default: ro_snmp_user
186 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
188 SnmpdReadonlyUserPassword:
190 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
195 # Controller-specific params
198 description: The keystone auth secret.
201 CinderLVMLoopDeviceSize:
203 description: The size of the loopback file used by the cinder LVM driver.
207 description: The password for the cinder service account, used by cinder-api.
212 description: The iSCSI helper to use with cinder.
217 controllerExtraConfig:
220 Controller specific configuration to inject into the cluster. Same
221 structure as ExtraConfig.
225 default: overcloud-control
227 - custom_constraint: glance.image
228 OvercloudControlFlavor:
229 description: Flavor for control nodes to request when deploying.
232 - custom_constraint: nova.flavor
233 ControlVirtualInterface:
235 description: Interface where virtual ip will be assigned.
240 Additional configuration to inject into the cluster. The JSON should have
241 the following structure:
244 [{"section": "SECTIONNAME",
246 [{"option": "OPTIONNAME",
257 [{"section": "default",
259 [{"option": "force_config_drive",
266 [{"option": "driver",
267 "value": "nova.cells.rpc_driver.CellsRPCDriver"
276 description: The filepath of the file to use for logging messages from Glance.
279 GlanceNotifierStrategy:
280 description: Strategy to use for Glance notification queue
285 description: The password for the glance service account, used by the glance services.
290 description: The password for the Heat service account, used by the Heat services.
293 HeatStackDomainAdminPassword:
294 description: Password for heat_domain_admin user.
298 KeystoneCACertificate:
300 description: Keystone self-signed certificate authority certificate.
302 KeystoneSigningCertificate:
304 description: Keystone certificate for verifying token validity.
308 description: Keystone key for signing tokens.
311 KeystoneSSLCertificate:
313 description: Keystone certificate for verifying token validity.
315 KeystoneSSLCertificateKey:
317 description: Keystone key for signing tokens.
320 MysqlInnodbBufferPoolSize:
322 Specifies the size of the buffer pool in megabytes. Setting to
323 zero should be interpreted as "no value" and will defer to the
327 NeutronDnsmasqOptions:
328 default: 'dhcp-option-force=26,1400'
329 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
331 NeutronPublicInterfaceDefaultRoute:
333 description: A custom default route for the NeutronPublicInterface.
335 NeutronPublicInterfaceIP:
337 description: A custom IP address to put onto the NeutronPublicInterface.
339 NeutronPublicInterfaceRawDevice:
341 description: If set, the public interface is a vlan with this device as the raw device.
343 PublicVirtualInterface:
346 Specifies the interface where the public-facing virtual ip will be assigned.
347 This should be int_public when a VLAN is being used.
351 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
356 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
361 description: If set, the contents of an SSL certificate authority file.
365 description: A random string to be used as a salt when hashing to determine mappings in the ring.
370 description: The password for the swift service account, used by the swift proxy services.
375 description: Value of mount_check in Swift account/container/object -server.conf
380 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
383 description: Partition Power to use when building Swift rings
388 description: How many replicas to use in the swift rings.
390 # Compute-specific params
391 CeilometerComputeAgent:
392 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
396 - allowed_values: ['', Present]
400 HypervisorNeutronPhysicalBridge:
403 An OVS bridge to create on each hypervisor. This defaults to br-ex the
404 same as the control plane nodes, as we have a uniform configuration of
405 the openvswitch agent. Typically should not need to be changed.
407 HypervisorNeutronPublicInterface:
409 description: What interface to add to the HypervisorNeutronPhysicalBridge.
411 NeutronNetworkVLANRanges:
412 default: 'datacentre'
414 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
415 Neutron documentation for permitted values. Defaults to permitting any
416 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
420 default: libvirt.LibvirtDriver
421 NovaComputeExtraConfig:
424 NovaCompute specific configuration to inject into the cluster. Same
425 structure as ExtraConfig.
427 NovaComputeLibvirtType:
432 default: overcloud-compute
434 - custom_constraint: glance.image
435 OvercloudComputeFlavor:
436 description: Use this flavor
439 - custom_constraint: nova.flavor
441 # Block storage specific parameters
446 default: overcloud-cinder-volume
448 OvercloudBlockStorageFlavor:
449 description: Flavor for block storage nodes to request when deploying.
452 - custom_constraint: nova.flavor
454 # Object storage specific parameters
458 OvercloudSwiftStorageFlavor:
459 description: Flavor for Swift storage nodes to request when deploying.
462 - custom_constraint: nova.flavor
464 default: overcloud-swift-storage
470 type: OS::Heat::ResourceGroup
472 count: {get_param: ControllerCount}
474 type: OS::TripleO::Controller
476 AdminPassword: {get_param: AdminPassword}
477 AdminToken: {get_param: AdminToken}
478 CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
479 CeilometerPassword: {get_param: CeilometerPassword}
480 CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
481 CinderPassword: {get_param: CinderPassword}
482 CinderISCSIHelper: {get_param: CinderISCSIHelper}
483 CloudName: {get_param: CloudName}
484 ControlVirtualInterface: {get_param: ControlVirtualInterface}
485 ControllerExtraConfig: {get_param: controllerExtraConfig}
486 ExtraConfig: {get_param: ExtraConfig}
487 Flavor: {get_param: OvercloudControlFlavor}
488 GlancePort: {get_param: GlancePort}
489 GlanceProtocol: {get_param: GlanceProtocol}
490 GlancePassword: {get_param: GlancePassword}
491 GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy}
492 GlanceLogFile: {get_param: GlanceLogFile}
493 HeatPassword: {get_param: HeatPassword}
494 HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
495 Image: {get_param: controllerImage}
496 ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
497 KeyName: {get_param: KeyName}
498 KeystoneCACertificate: {get_param: KeystoneCACertificate}
499 KeystoneSigningCertificate: {get_param: KeystoneSigningCertificate}
500 KeystoneSigningKey: {get_param: KeystoneSigningKey}
501 KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate}
502 KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey}
503 MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
504 MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize}
505 MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
506 NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP}
507 NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
508 NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
509 NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
510 NeutronPublicInterface: {get_param: NeutronPublicInterface}
511 NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute}
512 NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
513 NeutronPassword: {get_param: NeutronPassword}
514 NeutronDnsmasqOptions: {get_param: NeutronDnsmasqOptions}
515 NeutronDVR: {get_param: NeutronDVR}
516 NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
517 NeutronAgentMode: {get_param: NeutronAgentMode}
518 NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
519 NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
520 NeutronNetworkType: {get_param: NeutronNetworkType}
521 NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
522 NovaPassword: {get_param: NovaPassword}
523 NtpServer: {get_param: NtpServer}
524 PublicVirtualInterface: {get_param: PublicVirtualInterface}
525 RabbitUserName: {get_param: RabbitUserName}
526 RabbitPassword: {get_param: RabbitPassword}
527 RabbitCookie: {get_attr: [RabbitCookie, value]}
528 RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
529 RabbitClientPort: {get_param: RabbitClientPort}
530 SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
531 SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
532 SSLCertificate: {get_param: SSLCertificate}
533 SSLKey: {get_param: SSLKey}
534 SSLCACertificate: {get_param: SSLCACertificate}
535 SwiftHashSuffix: {get_param: SwiftHashSuffix}
536 SwiftMountCheck: {get_param: SwiftMountCheck}
537 SwiftMinPartHours: {get_param: SwiftMinPartHours}
538 SwiftPartPower: {get_param: SwiftPartPower}
539 SwiftPassword: {get_param: SwiftPassword}
540 SwiftReplicas: { get_param: SwiftReplicas}
541 VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
542 PublicVirtualIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
545 type: OS::Heat::ResourceGroup
547 count: {get_param: ComputeCount}
549 type: OS::TripleO::Compute
551 AdminPassword: {get_param: AdminPassword}
552 CeilometerComputeAgent: {get_param: CeilometerComputeAgent}
553 CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
554 CeilometerPassword: {get_param: CeilometerPassword}
555 ExtraConfig: {get_param: ExtraConfig}
556 Flavor: {get_param: OvercloudComputeFlavor}
557 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
558 GlancePort: {get_param: GlancePort}
559 GlanceProtocol: {get_param: GlanceProtocol}
560 Image: {get_param: NovaImage}
561 ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
562 KeyName: {get_param: KeyName}
563 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
564 NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
565 NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
566 NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
567 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
568 NeutronNetworkType: {get_param: NeutronNetworkType}
569 NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
570 NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
571 NeutronPassword: {get_param: NeutronPassword}
572 NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge}
573 NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface}
574 NeutronDVR: {get_param: NeutronDVR}
575 NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
576 NeutronAgentMode: {get_param: NeutronComputeAgentMode}
577 NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
578 NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
579 NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
580 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
581 NovaComputeDriver: {get_param: NovaComputeDriver}
582 NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig}
583 NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType}
584 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
585 NovaPassword: {get_param: NovaPassword}
586 NtpServer: {get_param: NtpServer}
587 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
588 RabbitPassword: {get_param: RabbitPassword}
589 RabbitUserName: {get_param: RabbitUserName}
590 SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
591 SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
594 type: OS::Heat::ResourceGroup
596 count: {get_param: BlockStorageCount}
598 type: OS::TripleO::BlockStorage
600 AdminPassword: {get_param: AdminPassword}
601 Image: {get_param: BlockStorageImage}
602 CinderISCSIHelper: {get_param: CinderISCSIHelper}
603 CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
604 CinderPassword: {get_param: CinderPassword}
605 VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
606 KeyName: {get_param: KeyName}
607 Flavor: {get_param: OvercloudBlockStorageFlavor}
608 RabbitPassword: {get_param: RabbitPassword}
609 RabbitUserName: {get_param: RabbitUserName}
612 type: OS::Heat::ResourceGroup
614 count: {get_param: ObjectStorageCount}
616 type: OS::TripleO::ObjectStorage
618 ControllerIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
619 KeyName: {get_param: KeyName}
620 NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
621 NeutronNetworkType: {get_param: NeutronNetworkType}
622 Flavor: {get_param: OvercloudSwiftStorageFlavor}
623 HashSuffix: {get_param: SwiftHashSuffix}
624 MountCheck: {get_param: SwiftMountCheck}
625 MinPartHours: {get_param: SwiftMinPartHours}
626 PartPower: {get_param: SwiftPartPower}
627 Password: {get_param: SwiftPassword}
628 Image: {get_param: SwiftStorageImage}
629 Replicas: { get_param: SwiftReplicas}
633 type: OS::Heat::StructuredConfig
636 completion-signal: {get_input: deploy_signal_id}
642 - {get_attr: [Compute, hosts_entry]}
645 - {get_attr: [Controller, hosts_entry]}
648 - {get_attr: [BlockStorage, hosts_entry]}
651 - {get_attr: [ObjectStorage, hosts_entry]}
656 - {get_attr: [Controller, hostname]}
658 net.ipv4.tcp_keepalive_time: 5
659 net.ipv4.tcp_keepalive_probes: 5
660 net.ipv4.tcp_keepalive_intvl: 1
663 type: OS::Heat::RandomString
667 MysqlClusterUniquePart:
668 type: OS::Heat::RandomString
673 type: OS::Heat::RandomString
676 salt: {get_param: RabbitCookieSalt}
679 type: OS::Neutron::Port
681 name: control_virtual_ip
682 network_id: {get_param: NeutronControlPlaneID}
683 fixed_ips: {get_param: ControlFixedIPs}
684 replacement_policy: AUTO
687 type: OS::Neutron::Port
689 name: public_virtual_ip
690 network: {get_param: PublicVirtualNetwork}
691 fixed_ips: {get_param: PublicVirtualFixedIPs}
692 replacement_policy: AUTO
694 ControllerBootstrapNodeConfig:
695 type: OS::Heat::StructuredConfig
697 group: os-apply-config
700 bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]}
702 ControllerBootstrapNodeDeployment:
703 type: OS::Heat::StructuredDeployments
705 config: {get_resource: ControllerBootstrapNodeConfig}
706 servers: {get_attr: [Controller, attributes, nova_server_resource]}
707 signal_transport: NO_SIGNAL
709 ControllerSwiftDeployment:
710 type: OS::Heat::StructuredDeployments
712 config: {get_resource: SwiftDevicesAndProxyConfig}
713 servers: {get_attr: [Controller, attributes, nova_server_resource]}
714 signal_transport: NO_SIGNAL
716 ObjectStorageSwiftDeployment:
717 type: OS::Heat::StructuredDeployments
719 config: {get_resource: SwiftDevicesAndProxyConfig}
720 servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
721 signal_transport: NO_SIGNAL
723 SwiftDevicesAndProxyConfig:
724 type: OS::Heat::StructuredConfig
726 group: os-apply-config
734 - {get_attr: [Controller, swift_device]}
737 - {get_attr: [ObjectStorage, swift_device]}
741 - {get_attr: [Controller, swift_proxy_memcache]}
743 ControllerClusterConfig:
744 type: OS::Heat::StructuredConfig
748 nodes: {get_attr: [Controller, corosync_node]}
752 nodes: {get_attr: [Controller, hostname]}
754 nodes: {get_attr: [Controller, corosync_node]}
756 nodes: {get_attr: [Controller, corosync_node]}
758 ControllerClusterDeployment:
759 type: OS::Heat::StructuredDeployments
761 config: {get_resource: ControllerClusterConfig}
762 servers: {get_attr: [Controller, attributes, nova_server_resource]}
763 signal_transport: NO_SIGNAL
765 ControllerAllNodesDeployment:
766 type: OS::Heat::StructuredDeployments
768 config: {get_resource: allNodesConfig}
769 servers: {get_attr: [Controller, attributes, nova_server_resource]}
771 ComputeAllNodesDeployment:
772 type: OS::Heat::StructuredDeployments
774 config: {get_resource: allNodesConfig}
775 servers: {get_attr: [Compute, attributes, nova_server_resource]}
780 description: URL for the Overcloud Keystone service
785 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}