1 heat_template_version: 2014-10-16
4 Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
5 server,Dedicated RabbitMQ Server,Group of Nova Computes
8 # TODO(shadower): we should probably use the parameter groups to put
12 # Common parameters (not specific to a role)
15 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
18 CeilometerMeteringSecret:
20 description: Secret shared by the ceilometer services.
25 description: The password for the ceilometer service account.
30 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
34 description: Should be used for arbitrary ips.
38 description: Set to True to enable debugging on all services.
40 DefaultSignalTransport:
42 description: Transport to use for software-config signals.
45 - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
48 description: Glance port.
52 description: Protocol to use when connecting to glance, set to https for SSL.
55 default: 'REBUILD_PRESERVE_EPHEMERAL'
56 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
60 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
63 - custom_constraint: nova.keypair
64 NeutronBridgeMappings:
66 The OVS logical->physical bridge mappings to use. See the Neutron
67 documentation for details. Defaults to mapping br-ex - the external
68 bridge on hosts - to a physical name 'datacentre' which can be used
69 to create provider networks (and we use this for the default floating
70 network) - if changing this either use different post-install network
71 scripts or be sure to keep 'datacentre' as a mapping network name.
73 default: "datacentre:br-ex"
74 NeutronControlPlaneID:
77 description: Neutron ID for ctlplane network.
78 NeutronEnableTunnelling:
85 If set, flat networks to configure in neutron plugins. Defaults to
86 'datacentre' to permit external network creation.
89 description: The tenant network type for Neutron, either gre or vxlan.
93 description: The password for the neutron service account, used by neutron agents.
96 NeutronPublicInterface:
98 description: What interface to bridge onto br-ex for network nodes.
100 NeutronPublicInterfaceTag:
103 VLAN tag for creating a public VLAN. The tag will be used to
104 create an access port on the exterior bridge for each control plane node,
105 and that port will be given the IP address returned by neutron from the
106 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
107 overcloud.yaml to include the deployment of VLAN ports to the control
110 NeutronComputeAgentMode:
112 description: Agent mode for the neutron-l3-agent on the compute hosts
116 description: Agent mode for the neutron-l3-agent on the controller hosts
120 description: Whether to configure Neutron Distributed Virtual Routers
122 NeutronMetadataProxySharedSecret:
124 description: Shared secret to prevent spoofing
129 The tunnel types for the Neutron tenant network. To specify multiple
130 values, use a comma separated string, like so: 'gre,vxlan'
132 NeutronMechanismDrivers:
133 default: 'openvswitch'
135 The mechanism drivers for the Neutron tenant network. To specify multiple
136 values, use a comma separated string, like so: 'openvswitch,l2_population'
138 NeutronAllowL3AgentFailover:
140 description: Allow automatic l3-agent failover
144 description: The password for the nova service account, used by nova-api.
150 PublicVirtualFixedIPs:
153 Control the IP allocation for the PublicVirtualInterface port. E.g.
154 [{'ip_address':'1.2.3.4'}]
156 PublicVirtualNetwork:
160 Neutron network to allocate public virtual IP port on.
164 description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
167 description: The username for RabbitMQ
171 description: The password for RabbitMQ
177 Rabbit client subscriber parameter to specify
178 an SSL connection to the RabbitMQ host.
182 description: Set rabbit subscriber port, change this if using SSL
184 SnmpdReadonlyUserName:
185 default: ro_snmp_user
186 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
188 SnmpdReadonlyUserPassword:
190 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
195 # Controller-specific params
198 description: The keystone auth secret.
201 CinderLVMLoopDeviceSize:
203 description: The size of the loopback file used by the cinder LVM driver.
207 description: The password for the cinder service account, used by cinder-api.
212 description: The iSCSI helper to use with cinder.
217 controllerExtraConfig:
220 Controller specific configuration to inject into the cluster. Same
221 structure as ExtraConfig.
225 default: overcloud-control
227 - custom_constraint: glance.image
228 OvercloudControlFlavor:
230 description: Flavor for control nodes to request when deploying.
233 - custom_constraint: nova.flavor
234 ControlVirtualInterface:
236 description: Interface where virtual ip will be assigned.
241 Additional configuration to inject into the cluster. The JSON should have
242 the following structure:
245 [{"section": "SECTIONNAME",
247 [{"option": "OPTIONNAME",
258 [{"section": "default",
260 [{"option": "force_config_drive",
267 [{"option": "driver",
268 "value": "nova.cells.rpc_driver.CellsRPCDriver"
277 description: The filepath of the file to use for logging messages from Glance.
280 GlanceNotifierStrategy:
281 description: Strategy to use for Glance notification queue
286 description: The password for the glance service account, used by the glance services.
291 description: The password for the Heat service account, used by the Heat services.
294 HeatStackDomainAdminPassword:
295 description: Password for heat_domain_admin user.
299 KeystoneCACertificate:
301 description: Keystone self-signed certificate authority certificate.
303 KeystoneSigningCertificate:
305 description: Keystone certificate for verifying token validity.
309 description: Keystone key for signing tokens.
312 KeystoneSSLCertificate:
314 description: Keystone certificate for verifying token validity.
316 KeystoneSSLCertificateKey:
318 description: Keystone key for signing tokens.
321 MysqlInnodbBufferPoolSize:
323 Specifies the size of the buffer pool in megabytes. Setting to
324 zero should be interpreted as "no value" and will defer to the
328 NeutronDnsmasqOptions:
329 default: 'dhcp-option-force=26,1400'
330 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead.
332 NeutronPublicInterfaceDefaultRoute:
334 description: A custom default route for the NeutronPublicInterface.
336 NeutronPublicInterfaceIP:
338 description: A custom IP address to put onto the NeutronPublicInterface.
340 NeutronPublicInterfaceRawDevice:
342 description: If set, the public interface is a vlan with this device as the raw device.
344 PublicVirtualInterface:
347 Specifies the interface where the public-facing virtual ip will be assigned.
348 This should be int_public when a VLAN is being used.
352 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
357 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
362 description: If set, the contents of an SSL certificate authority file.
366 description: A random string to be used as a salt when hashing to determine mappings in the ring.
371 description: The password for the swift service account, used by the swift proxy services.
376 description: Partition Power to use when building Swift rings
381 description: How many replicas to use in the swift rings.
383 # Compute-specific params
384 CeilometerComputeAgent:
385 description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
389 - allowed_values: ['', Present]
393 HypervisorNeutronPhysicalBridge:
396 An OVS bridge to create on each hypervisor. This defaults to br-ex the
397 same as the control plane nodes, as we have a uniform configuration of
398 the openvswitch agent. Typically should not need to be changed.
400 HypervisorNeutronPublicInterface:
402 description: What interface to add to the HypervisorNeutronPhysicalBridge.
404 NeutronNetworkVLANRanges:
405 default: 'datacentre'
407 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
408 Neutron documentation for permitted values. Defaults to permitting any
409 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
413 default: libvirt.LibvirtDriver
414 NovaComputeExtraConfig:
417 NovaCompute specific configuration to inject into the cluster. Same
418 structure as ExtraConfig.
420 NovaComputeLibvirtType:
425 default: overcloud-compute
427 - custom_constraint: glance.image
428 OvercloudComputeFlavor:
429 description: Use this flavor
433 - custom_constraint: nova.flavor
435 # Block storage specific parameters
440 default: overcloud-cinder-volume
442 OvercloudBlockStorageFlavor:
444 description: Flavor for block storage nodes to request when deploying.
447 # Object storage specific parameters
451 OvercloudSwiftStorageFlavor:
453 description: Flavor for Swift storage nodes to request when deploying.
456 default: overcloud-swift-storage
462 type: OS::Heat::ResourceGroup
464 count: {get_param: ControllerCount}
466 type: OS::TripleO::Controller
468 AdminPassword: {get_param: AdminPassword}
469 AdminToken: {get_param: AdminToken}
470 CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
471 CeilometerPassword: {get_param: CeilometerPassword}
472 CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
473 CinderPassword: {get_param: CinderPassword}
474 CinderISCSIHelper: {get_param: CinderISCSIHelper}
475 CloudName: {get_param: CloudName}
476 ControlVirtualInterface: {get_param: ControlVirtualInterface}
477 ControllerExtraConfig: {get_param: controllerExtraConfig}
478 ExtraConfig: {get_param: ExtraConfig}
479 Flavor: {get_param: OvercloudControlFlavor}
480 GlancePort: {get_param: GlancePort}
481 GlanceProtocol: {get_param: GlanceProtocol}
482 GlancePassword: {get_param: GlancePassword}
483 GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy}
484 GlanceLogFile: {get_param: GlanceLogFile}
485 HeatPassword: {get_param: HeatPassword}
486 HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
487 Image: {get_param: controllerImage}
488 ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
489 KeyName: {get_param: KeyName}
490 KeystoneCACertificate: {get_param: KeystoneCACertificate}
491 KeystoneSigningCertificate: {get_param: KeystoneSigningCertificate}
492 KeystoneSigningKey: {get_param: KeystoneSigningKey}
493 KeystoneSSLCertificate: {get_param: KeystoneSSLCertificate}
494 KeystoneSSLCertificateKey: {get_param: KeystoneSSLCertificateKey}
495 MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
496 MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize}
497 MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
498 NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP}
499 NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
500 NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
501 NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
502 NeutronPublicInterface: {get_param: NeutronPublicInterface}
503 NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute}
504 NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
505 NeutronPassword: {get_param: NeutronPassword}
506 NeutronDnsmasqOptions: {get_param: NeutronDnsmasqOptions}
507 NeutronDVR: {get_param: NeutronDVR}
508 NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
509 NeutronAgentMode: {get_param: NeutronAgentMode}
510 NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
511 NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
512 NovaPassword: {get_param: NovaPassword}
513 NtpServer: {get_param: NtpServer}
514 PublicVirtualInterface: {get_param: PublicVirtualInterface}
515 RabbitUserName: {get_param: RabbitUserName}
516 RabbitPassword: {get_param: RabbitPassword}
517 RabbitCookie: {get_attr: [RabbitCookie, value]}
518 RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
519 RabbitClientPort: {get_param: RabbitClientPort}
520 SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
521 SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
522 SSLCertificate: {get_param: SSLCertificate}
523 SSLKey: {get_param: SSLKey}
524 SSLCACertificate: {get_param: SSLCACertificate}
525 SwiftHashSuffix: {get_param: SwiftHashSuffix}
526 SwiftPartPower: {get_param: SwiftPartPower}
527 SwiftPassword: {get_param: SwiftPassword}
528 SwiftReplicas: { get_param: SwiftReplicas}
529 VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
530 PublicVirtualIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
533 type: OS::Heat::ResourceGroup
535 count: {get_param: ComputeCount}
537 type: OS::TripleO::Compute
539 AdminPassword: {get_param: AdminPassword}
540 CeilometerComputeAgent: {get_param: CeilometerComputeAgent}
541 CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
542 CeilometerPassword: {get_param: CeilometerPassword}
543 ExtraConfig: {get_param: ExtraConfig}
544 Flavor: {get_param: OvercloudComputeFlavor}
545 GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
546 GlancePort: {get_param: GlancePort}
547 GlanceProtocol: {get_param: GlanceProtocol}
548 Image: {get_param: NovaImage}
549 ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
550 KeyName: {get_param: KeyName}
551 KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
552 NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
553 NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
554 NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
555 NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
556 NeutronNetworkType: {get_param: NeutronNetworkType}
557 NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
558 NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
559 NeutronPassword: {get_param: NeutronPassword}
560 NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge}
561 NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface}
562 NeutronDVR: {get_param: NeutronDVR}
563 NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret}
564 NeutronAgentMode: {get_param: NeutronComputeAgentMode}
565 NeutronPublicInterfaceRawDevice: {get_param: NeutronPublicInterfaceRawDevice}
566 NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers}
567 NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
568 NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
569 NovaComputeDriver: {get_param: NovaComputeDriver}
570 NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig}
571 NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType}
572 NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
573 NovaPassword: {get_param: NovaPassword}
574 NtpServer: {get_param: NtpServer}
575 RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
576 RabbitPassword: {get_param: RabbitPassword}
577 RabbitUserName: {get_param: RabbitUserName}
578 SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
579 SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
583 - - mysql://nova:unset@
584 - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
589 - - mysql://ceilometer:unset@
590 - *compute_database_host
595 - - mysql://neutron:unset@
596 - *compute_database_host
600 type: OS::Heat::ResourceGroup
602 count: {get_param: BlockStorageCount}
604 type: OS::TripleO::BlockStorage
606 AdminPassword: {get_param: AdminPassword}
607 Image: {get_param: BlockStorageImage}
608 CinderISCSIHelper: {get_param: CinderISCSIHelper}
609 CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
610 CinderPassword: {get_param: CinderPassword}
611 VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
612 KeyName: {get_param: KeyName}
613 NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
614 NeutronNetworkType: {get_param: NeutronNetworkType}
615 NeutronPassword: {get_param: NeutronPassword}
616 NeutronPublicInterface: {get_param: NeutronPublicInterface}
617 Flavor: {get_param: OvercloudBlockStorageFlavor}
618 RabbitPassword: {get_param: RabbitPassword}
619 RabbitUserName: {get_param: RabbitUserName}
622 type: OS::Heat::ResourceGroup
624 count: {get_param: ObjectStorageCount}
626 type: OS::TripleO::ObjectStorage
628 ControllerIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
629 KeyName: {get_param: KeyName}
630 NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
631 NeutronNetworkType: {get_param: NeutronNetworkType}
632 Flavor: {get_param: OvercloudSwiftStorageFlavor}
633 HashSuffix: {get_param: SwiftHashSuffix}
634 PartPower: {get_param: SwiftPartPower}
635 Password: {get_param: SwiftPassword}
636 Image: {get_param: SwiftStorageImage}
637 Replicas: { get_param: SwiftReplicas}
641 type: OS::Heat::StructuredConfig
644 completion-signal: {get_input: deploy_signal_id}
650 - {get_attr: [Compute, hosts_entry]}
653 - {get_attr: [Controller, hosts_entry]}
656 - {get_attr: [BlockStorage, hosts_entry]}
659 - {get_attr: [ObjectStorage, hosts_entry]}
664 - {get_attr: [Controller, hostname]}
667 type: OS::Heat::RandomString
671 MysqlClusterUniquePart:
672 type: OS::Heat::RandomString
677 type: OS::Heat::RandomString
680 salt: {get_param: RabbitCookieSalt}
683 type: OS::Neutron::Port
685 name: control_virtual_ip
686 network_id: {get_param: NeutronControlPlaneID}
687 fixed_ips: {get_param: ControlFixedIPs}
688 replacement_policy: AUTO
691 type: OS::Neutron::Port
693 name: public_virtual_ip
694 network: {get_param: PublicVirtualNetwork}
695 fixed_ips: {get_param: PublicVirtualFixedIPs}
696 replacement_policy: AUTO
698 ControllerBootstrapNodeConfig:
699 type: OS::Heat::StructuredConfig
701 group: os-apply-config
704 bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]}
706 ControllerBootstrapNodeDeployment:
707 type: OS::Heat::StructuredDeployments
709 config: {get_resource: ControllerBootstrapNodeConfig}
710 servers: {get_attr: [Controller, attributes, nova_server_resource]}
711 signal_transport: NO_SIGNAL
713 ControllerSwiftDeployment:
714 type: OS::Heat::StructuredDeployments
716 config: {get_resource: SwiftDevicesAndProxyConfig}
717 servers: {get_attr: [Controller, attributes, nova_server_resource]}
718 signal_transport: NO_SIGNAL
720 ObjectStorageSwiftDeployment:
721 type: OS::Heat::StructuredDeployments
723 config: {get_resource: SwiftDevicesAndProxyConfig}
724 servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]}
725 signal_transport: NO_SIGNAL
727 SwiftDevicesAndProxyConfig:
728 type: OS::Heat::StructuredConfig
730 group: os-apply-config
738 - {get_attr: [Controller, swift_device]}
741 - {get_attr: [ObjectStorage, swift_device]}
745 - {get_attr: [Controller, swift_proxy_memcache]}
747 ControllerClusterConfig:
748 type: OS::Heat::StructuredConfig
752 nodes: {get_attr: [Controller, corosync_node]}
756 nodes: {get_attr: [Controller, hostname]}
758 nodes: {get_attr: [Controller, corosync_node]}
760 nodes: {get_attr: [Controller, corosync_node]}
762 ControllerClusterDeployment:
763 type: OS::Heat::StructuredDeployments
765 config: {get_resource: ControllerClusterConfig}
766 servers: {get_attr: [Controller, attributes, nova_server_resource]}
767 signal_transport: NO_SIGNAL
769 ControllerAllNodesDeployment:
770 type: OS::Heat::StructuredDeployments
772 config: {get_resource: allNodesConfig}
773 servers: {get_attr: [Controller, attributes, nova_server_resource]}
775 ComputeAllNodesDeployment:
776 type: OS::Heat::StructuredDeployments
778 config: {get_resource: allNodesConfig}
779 servers: {get_attr: [Compute, attributes, nova_server_resource]}
784 description: URL for the Overcloud Keystone service
789 - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}