1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service and db account.
31 CinderEnableNfsBackend:
33 description: Whether to enable or not the NFS backend for Cinder
35 CinderEnableIscsiBackend:
37 description: Whether to enable or not the Iscsi backend for Cinder
39 CinderEnableRbdBackend:
41 description: Whether to enable or not the Rbd backend for Cinder
45 description: The iSCSI helper to use with cinder.
47 CinderLVMLoopDeviceSize:
49 description: The size of the loopback file used by the cinder LVM driver.
51 CinderNfsMountOptions:
54 Mount options for NFS mounts used by Cinder NFS backend. Effective
55 when CinderEnableNfsBackend is true.
60 NFS servers used by Cinder NFS backend. Effective when
61 CinderEnableNfsBackend is true.
62 type: comma_delimited_list
65 description: The password for the cinder service and db account, used by cinder-api.
70 description: Contains parameters to configure Cinder backends. Typically
71 set via parameter_defaults in the resource registry.
75 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
77 ControllerExtraConfig:
80 Controller specific hiera configuration data to inject into the cluster.
82 ControlVirtualInterface:
84 description: Interface where virtual ip will be assigned.
88 description: Set to True to enable debugging on all services.
92 description: Whether to enable fencing in Pacemaker or not.
96 description: Whether to use Galera instead of regular MariaDB.
100 description: Whether to deploy Ceph Storage (OSD) on the Controller
104 description: Whether to enable Swift Storage on the Controller
109 Additional hieradata to inject into the cluster, note that
110 ControllerExtraConfig takes precedence over ExtraConfig.
115 Pacemaker fencing configuration. The JSON should have
116 the following structure:
120 "agent": "AGENT_NAME",
121 "host_mac": "HOST_MAC_ADDRESS",
122 "params": {"PARAM_NAME": "PARAM_VALUE"}
130 "agent": "fence_xvm",
131 "host_mac": "52:54:00:aa:bb:cc",
133 "multicast_address": "225.0.0.12",
134 "port": "baremetal_0",
136 "manage_key_file": true,
137 "key_file": "/etc/fence_xvm.key",
138 "key_file_password": "abcdef"
145 description: Flavor for control nodes to request when deploying.
148 - custom_constraint: nova.flavor
149 GlanceNotifierStrategy:
150 description: Strategy to use for Glance notification queue
154 description: The filepath of the file to use for logging messages from Glance.
159 description: The password for the glance service and db account, used by the glance services.
164 description: Glance port.
168 description: Protocol to use when connecting to glance, set to https for SSL.
172 description: The short name of the Glance backend to use. Should be one
173 of swift, rbd, or file
176 - allowed_values: ['swift', 'file', 'rbd']
179 description: The password for the Heat service and db account, used by the Heat services.
182 HeatStackDomainAdminPassword:
183 description: Password for heat_domain_admin user.
187 HeatAuthEncryptionKey:
188 description: Auth encryption key for heat-engine
191 description: Secret key for Django
195 default: overcloud-control
197 - custom_constraint: glance.image
199 default: 'REBUILD_PRESERVE_EPHEMERAL'
200 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
204 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
207 - custom_constraint: nova.keypair
208 KeystoneCACertificate:
210 description: Keystone self-signed certificate authority certificate.
212 KeystoneSigningCertificate:
214 description: Keystone certificate for verifying token validity.
218 description: Keystone key for signing tokens.
221 KeystoneSSLCertificate:
223 description: Keystone certificate for verifying token validity.
225 KeystoneSSLCertificateKey:
227 description: Keystone key for signing tokens.
230 KeystoneNotificationDriver:
231 description: Comma-separated list of Oslo notification drivers used by Keystone
232 default: ['messaging']
233 type: comma_delimited_list
234 KeystoneNotificationFormat:
235 description: The Keystone notification format
239 - allowed_values: [ 'basic', 'cadf' ]
240 MysqlClusterUniquePart:
241 description: A unique identifier of the MySQL cluster the controller is in.
243 default: 'unset' # Has to be here because of the ignored empty value bug
244 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
246 # - length: {min: 4, max: 10}
247 MysqlInnodbBufferPoolSize:
249 Specifies the size of the buffer pool in megabytes. Setting to
250 zero should be interpreted as "no value" and will defer to the
255 description: Configures MySQL max_connections config setting
261 default: '' # Has to be here because of the ignored empty value bug
262 NeutronExternalNetworkBridge:
263 description: Name of bridge used for external network traffic.
266 NeutronBridgeMappings:
268 The OVS logical->physical bridge mappings to use. See the Neutron
269 documentation for details. Defaults to mapping br-ex - the external
270 bridge on hosts - to a physical name 'datacentre' which can be used
271 to create provider networks (and we use this for the default floating
272 network) - if changing this either use different post-install network
273 scripts or be sure to keep 'datacentre' as a mapping network name.
275 default: "datacentre:br-ex"
276 NeutronDnsmasqOptions:
277 default: 'dhcp-option-force=26,1400'
278 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
282 description: Agent mode for the neutron-l3-agent on the controller hosts
286 description: Whether to enable l3-agent HA
288 NeutronDhcpAgentsPerNetwork:
291 description: The number of neutron dhcp agents to schedule per network
294 description: Whether to configure Neutron Distributed Virtual Routers
296 NeutronMetadataProxySharedSecret:
298 description: Shared secret to prevent spoofing
300 NeutronMechanismDrivers:
301 default: 'openvswitch'
303 The mechanism drivers for the Neutron tenant network. To specify multiple
304 values, use a comma separated string, like so: 'openvswitch,l2_population'
306 NeutronAllowL3AgentFailover:
308 description: Allow automatic l3-agent failover
310 NeutronEnableTunnelling:
315 default: 'datacentre'
316 description: If set, flat networks to configure in neutron plugins.
319 description: Whether to enable l3-agent HA
323 description: The tenant network type for Neutron, either gre or vxlan.
325 NeutronNetworkVLANRanges:
326 default: 'datacentre'
328 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
329 Neutron documentation for permitted values. Defaults to permitting any
330 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
331 type: comma_delimited_list
334 description: The password for the neutron service and db account, used by neutron agents.
337 NeutronPublicInterface:
339 description: What interface to bridge onto br-ex for network nodes.
341 NeutronPublicInterfaceTag:
344 VLAN tag for creating a public VLAN. The tag will be used to
345 create an access port on the exterior bridge for each control plane node,
346 and that port will be given the IP address returned by neutron from the
347 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
348 overcloud.yaml to include the deployment of VLAN ports to the control
351 NeutronPublicInterfaceDefaultRoute:
353 description: A custom default route for the NeutronPublicInterface.
355 NeutronPublicInterfaceIP:
357 description: A custom IP address to put onto the NeutronPublicInterface.
359 NeutronPublicInterfaceRawDevice:
361 description: If set, the public interface is a vlan with this device as the raw device.
366 The tunnel types for the Neutron tenant network. To specify multiple
367 values, use a comma separated string, like so: 'gre,vxlan'
369 NeutronTunnelIdRanges:
371 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
372 of GRE tunnel IDs that are available for tenant network allocation
373 default: ["1:1000", ]
374 type: comma_delimited_list
377 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
378 of VXLAN VNI IDs that are available for tenant network allocation
379 default: ["1:1000", ]
380 type: comma_delimited_list
383 description: The password for the nova service and db account, used by nova-api.
388 description: Should MongoDb journaling be disabled
395 description: The password for the 'pcsd' user.
396 PublicVirtualInterface:
399 Specifies the interface where the public-facing virtual ip will be assigned.
400 This should be int_public when a VLAN is being used.
402 PublicVirtualIP: # DEPRECATED: use per service settings instead
404 default: '' # Has to be here because of the ignored empty value bug
407 default: '' # Has to be here because of the ignored empty value bug
411 description: The password for RabbitMQ
416 description: The username for RabbitMQ
421 Rabbit client subscriber parameter to specify
422 an SSL connection to the RabbitMQ host.
426 description: Set rabbit subscriber port, change this if using SSL
430 default: '' # Has to be here because of the ignored empty value bug
431 SnmpdReadonlyUserName:
432 default: ro_snmp_user
433 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
435 SnmpdReadonlyUserPassword:
437 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
442 description: If set, the contents of an SSL certificate authority file.
446 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
451 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
456 description: A random string to be used as a salt when hashing to determine mappings
462 description: Value of mount_check in Swift account/container/object -server.conf
467 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
470 description: Partition Power to use when building Swift rings
474 description: The password for the swift service account, used by the swift proxy
481 description: How many replicas to use in the swift rings.
482 VirtualIP: # DEPRECATED: use per service settings instead
484 default: '' # Has to be here because of the ignored empty value bug
494 KeystonePublicApiVirtualIP:
500 EnablePackageInstall:
502 description: Set to true to enable package installation via Puppet
506 description: Mapping of service_name -> network name. Typically set
507 via parameter_defaults in the resource registry.
513 Setting to a previously unused value during stack-update will trigger
514 package update on all nodes
517 default: '' # Defaults to Heat created hostname
522 type: OS::Nova::Server
524 image: {get_param: Image}
525 image_update_policy: {get_param: ImageUpdatePolicy}
526 flavor: {get_param: Flavor}
527 key_name: {get_param: KeyName}
530 user_data_format: SOFTWARE_CONFIG
531 user_data: {get_resource: NodeUserData}
532 name: {get_param: Hostname}
535 type: OS::TripleO::NodeUserData
538 type: OS::TripleO::Controller::Ports::ExternalPort
540 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
543 type: OS::TripleO::Controller::Ports::InternalApiPort
545 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
548 type: OS::TripleO::Controller::Ports::StoragePort
550 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
553 type: OS::TripleO::Controller::Ports::StorageMgmtPort
555 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
558 type: OS::TripleO::Controller::Ports::TenantPort
560 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
563 type: OS::TripleO::Network::Ports::NetIpMap
565 ExternalIp: {get_attr: [ExternalPort, ip_address]}
566 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
567 StorageIp: {get_attr: [StoragePort, ip_address]}
568 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
569 TenantIp: {get_attr: [TenantPort, ip_address]}
572 type: OS::TripleO::Network::Ports::NetIpMap
574 ExternalIp: {get_attr: [ExternalPort, ip_subnet]}
575 InternalApiIp: {get_attr: [InternalApiPort, ip_subnet]}
576 StorageIp: {get_attr: [StoragePort, ip_subnet]}
577 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]}
578 TenantIp: {get_attr: [TenantPort, ip_subnet]}
581 type: OS::TripleO::Controller::Net::SoftwareConfig
583 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
584 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
585 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
586 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
587 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
590 type: OS::TripleO::SoftwareDeployment
592 config: {get_resource: NetworkConfig}
593 server: {get_resource: Controller}
596 interface_name: {get_param: NeutronPublicInterface}
598 ControllerDeployment:
599 type: OS::TripleO::SoftwareDeployment
600 depends_on: NetworkDeployment
602 config: {get_resource: ControllerConfig}
603 server: {get_resource: Controller}
605 bootstack_nodeid: {get_attr: [Controller, name]}
606 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
607 heat.watch_server_url:
611 - {get_param: HeatApiVirtualIP}
613 heat.metadata_server_url:
617 - {get_param: HeatApiVirtualIP}
619 heat.waitcondition_server_url:
623 - {get_param: HeatApiVirtualIP}
624 - ':8000/v1/waitcondition'
625 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
626 horizon_secret: {get_param: HorizonSecret}
627 admin_password: {get_param: AdminPassword}
628 admin_token: {get_param: AdminToken}
629 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
630 debug: {get_param: Debug}
631 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
632 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
633 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
636 template: "['SERVERS']"
641 - {get_param: CinderNfsServers}
642 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
643 cinder_password: {get_param: CinderPassword}
644 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
645 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
646 cinder_backend_config: {get_param: CinderBackendConfig}
650 - - 'mysql://cinder:'
651 - {get_param: CinderPassword}
653 - {get_param: MysqlVirtualIP}
655 glance_port: {get_param: GlancePort}
656 glance_password: {get_param: GlancePassword}
657 glance_backend: {get_param: GlanceBackend}
658 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
659 glance_log_file: {get_param: GlanceLogFile}
663 - - 'mysql://glance:'
664 - {get_param: GlancePassword}
666 - {get_param: MysqlVirtualIP}
668 heat_password: {get_param: HeatPassword}
669 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
674 - {get_param: HeatPassword}
676 - {get_param: MysqlVirtualIP}
678 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
679 keystone_ca_certificate: {get_param: KeystoneCACertificate}
680 keystone_signing_key: {get_param: KeystoneSigningKey}
681 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
682 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
683 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
684 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
685 keystone_notification_format: {get_param: KeystoneNotificationFormat}
689 - - 'mysql://keystone:'
690 - {get_param: AdminToken}
692 - {get_param: MysqlVirtualIP}
694 keystone_identity_uri:
698 - {get_param: KeystonePublicApiVirtualIP}
704 - {get_param: KeystonePublicApiVirtualIP}
710 - {get_param: KeystonePublicApiVirtualIP}
711 - ':5000/v2.0/ec2tokens'
712 enable_fencing: {get_param: EnableFencing}
713 enable_galera: {get_param: EnableGalera}
714 enable_ceph_storage: {get_param: EnableCephStorage}
715 enable_swift_storage: {get_param: EnableSwiftStorage}
716 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
717 mysql_max_connections: {get_param: MysqlMaxConnections}
718 mysql_root_password: {get_param: MysqlRootPassword}
721 template: tripleo-CLUSTER
723 CLUSTER: {get_param: MysqlClusterUniquePart}
724 neutron_flat_networks: {get_param: NeutronFlatNetworks}
725 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
726 neutron_agent_mode: {get_param: NeutronAgentMode}
727 neutron_router_distributed: {get_param: NeutronDVR}
728 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
729 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
730 neutron_l3_ha: {get_param: NeutronL3HA}
731 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
732 neutron_network_vlan_ranges:
734 template: "['RANGES']"
739 - {get_param: NeutronNetworkVLANRanges}
740 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
741 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
742 neutron_public_interface: {get_param: NeutronPublicInterface}
743 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
744 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
745 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
746 neutron_tenant_network_type: {get_param: NeutronNetworkType}
747 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
748 neutron_tunnel_id_ranges:
750 template: "['RANGES']"
755 - {get_param: NeutronTunnelIdRanges}
758 template: "['RANGES']"
763 - {get_param: NeutronVniRanges}
764 neutron_password: {get_param: NeutronPassword}
765 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
769 - - 'mysql://neutron:'
770 - {get_param: NeutronPassword}
772 - {get_param: MysqlVirtualIP}
773 - '/ovs_neutron?charset=utf8'
778 - {get_param: NeutronApiVirtualIP}
780 neutron_admin_auth_url:
784 - {get_param: KeystonePublicApiVirtualIP}
786 ceilometer_backend: {get_param: CeilometerBackend}
787 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
788 ceilometer_password: {get_param: CeilometerPassword}
789 ceilometer_coordination_url:
793 - {get_param: RedisVirtualIP}
798 - - 'mysql://ceilometer:unset@'
799 - {get_param: MysqlVirtualIP}
801 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
802 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
803 nova_password: {get_param: NovaPassword}
808 - {get_param: NovaPassword}
810 - {get_param: MysqlVirtualIP}
812 fencing_config: {get_param: FencingConfig}
813 pcsd_password: {get_param: PcsdPassword}
814 rabbit_username: {get_param: RabbitUserName}
815 rabbit_password: {get_param: RabbitPassword}
816 rabbit_cookie: {get_param: RabbitCookie}
817 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
818 rabbit_client_port: {get_param: RabbitClientPort}
819 mongodb_no_journal: {get_param: MongoDbNoJournal}
822 template: '["server"]'
824 server: {get_param: NtpServer}
825 control_virtual_interface: {get_param: ControlVirtualInterface}
826 public_virtual_interface: {get_param: PublicVirtualInterface}
827 swift_hash_suffix: {get_param: SwiftHashSuffix}
828 swift_password: {get_param: SwiftPassword}
829 swift_part_power: {get_param: SwiftPartPower}
830 swift_replicas: {get_param: SwiftReplicas}
831 swift_min_part_hours: {get_param: SwiftMinPartHours}
832 swift_mount_check: {get_param: SwiftMountCheck}
833 enable_package_install: {get_param: EnablePackageInstall}
834 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
835 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
836 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
837 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
838 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
839 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
843 - - {get_param: GlanceProtocol}
845 - {get_param: GlanceApiVirtualIP}
847 - {get_param: GlancePort}
848 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
849 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
850 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
851 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
852 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
853 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
854 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
855 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
856 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
857 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
858 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
859 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
860 redis_vip: {get_param: RedisVirtualIP}
861 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
862 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
863 mysql_virtual_ip: {get_param: MysqlVirtualIP}
864 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
865 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
866 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
868 # Map heat metadata into hiera datafiles
870 type: OS::Heat::StructuredConfig
872 group: os-apply-config
876 - heat_config_%{::deploy_config_name}
877 - controller_extraconfig
882 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
883 - ceph_cluster # provided by CephClusterConfig
885 - bootstrap_node # provided by BootstrapNodeConfig
886 - all_nodes # provided by allNodesConfig
887 - vip_data # provided by vip-config
890 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
892 controller_extraconfig:
893 mapped_data: {get_param: ControllerExtraConfig}
895 mapped_data: {get_param: ExtraConfig}
897 raw_data: {get_file: hieradata/common.yaml}
899 raw_data: {get_file: hieradata/ceph.yaml}
901 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
902 ceph::profile::params::public_network: {get_input: ceph_public_network}
903 ceph::mon::public_addr: {get_input: ceph_public_ip}
905 raw_data: {get_file: hieradata/database.yaml}
907 raw_data: {get_file: hieradata/object.yaml}
909 raw_data: {get_file: hieradata/controller.yaml}
910 mapped_data: # data supplied directly to this deployment configuration, etc
911 bootstack_nodeid: {get_input: bootstack_nodeid}
914 enable_fencing: {get_input: enable_fencing}
915 hacluster_pwd: {get_input: pcsd_password}
916 tripleo::fencing::config: {get_input: fencing_config}
919 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
920 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
921 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
922 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
923 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
924 swift::proxy::authtoken::admin_password: {get_input: swift_password}
925 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
926 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
927 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
928 swift_mount_check: {get_input: swift_mount_check}
930 # NOTE(dprince): build_ring support is currently not wired in.
931 # See: https://review.openstack.org/#/c/109225/
932 tripleo::ringbuilder::build_ring: True
935 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
936 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
937 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
938 cinder_nfs_servers: {get_input: cinder_nfs_servers}
939 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
940 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
941 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
942 cinder::database_connection: {get_input: cinder_dsn}
943 cinder::api::keystone_password: {get_input: cinder_password}
944 cinder::api::auth_uri: {get_input: keystone_auth_uri}
945 cinder::api::identity_uri: {get_input: keystone_identity_uri}
946 cinder::api::bind_host: {get_input: cinder_api_network}
947 cinder::rabbit_userid: {get_input: rabbit_username}
948 cinder::rabbit_password: {get_input: rabbit_password}
949 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
950 cinder::rabbit_port: {get_input: rabbit_client_port}
951 cinder::debug: {get_input: debug}
952 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
953 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
954 cinder_backend_config: {get_input: CinderBackendConfig}
955 cinder::db::mysql::password: {get_input: cinder_password}
958 glance::api::bind_port: {get_input: glance_port}
959 glance::api::bind_host: {get_input: glance_api_network}
960 glance::api::auth_uri: {get_input: keystone_auth_uri}
961 glance::api::identity_uri: {get_input: keystone_identity_uri}
962 glance::api::registry_host: {get_input: glance_registry_network}
963 glance::api::keystone_password: {get_input: glance_password}
964 glance::api::debug: {get_input: debug}
965 glance_notifier_strategy: {get_input: glance_notifier_strategy}
966 glance_log_file: {get_input: glance_log_file}
967 glance_log_file: {get_input: glance_log_file}
968 glance::api::database_connection: {get_input: glance_dsn}
969 glance::registry::keystone_password: {get_input: glance_password}
970 glance::registry::database_connection: {get_input: glance_dsn}
971 glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
972 glance::registry::auth_uri: {get_input: keystone_auth_uri}
973 glance::registry::identity_uri: {get_input: keystone_identity_uri}
974 glance::registry::debug: {get_input: debug}
975 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
976 glance::backend::swift::swift_store_user: service:glance
977 glance::backend::swift::swift_store_key: {get_input: glance_password}
978 glance_backend: {get_input: glance_backend}
979 glance::db::mysql::password: {get_input: glance_password}
982 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
983 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
984 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
985 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
986 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
987 heat::rabbit_userid: {get_input: rabbit_username}
988 heat::rabbit_password: {get_input: rabbit_password}
989 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
990 heat::rabbit_port: {get_input: rabbit_client_port}
991 heat::auth_uri: {get_input: keystone_auth_uri}
992 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
993 heat::identity_uri: {get_input: keystone_identity_uri}
994 heat::keystone_password: {get_input: heat_password}
995 heat::api::bind_host: {get_input: heat_api_network}
996 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
997 heat::api_cfn::bind_host: {get_input: heat_api_network}
998 heat::database_connection: {get_input: heat_dsn}
999 heat::debug: {get_input: debug}
1000 heat::db::mysql::password: {get_input: heat_password}
1003 keystone::admin_token: {get_input: admin_token}
1004 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1005 keystone_signing_key: {get_input: keystone_signing_key}
1006 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1007 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1008 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1009 keystone::database_connection: {get_input: keystone_dsn}
1010 keystone::public_bind_host: {get_input: keystone_public_api_network}
1011 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1012 keystone::debug: {get_input: debug}
1013 keystone::db::mysql::password: {get_input: admin_token}
1014 keystone::rabbit_userid: {get_input: rabbit_username}
1015 keystone::rabbit_password: {get_input: rabbit_password}
1016 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1017 keystone::rabbit_port: {get_input: rabbit_client_port}
1018 keystone::notification_driver: {get_input: keystone_notification_driver}
1019 keystone::notification_format: {get_input: keystone_notification_format}
1021 mongodb::server::bind_ip: {get_input: mongo_db_network}
1022 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1024 admin_password: {get_input: admin_password}
1025 enable_galera: {get_input: enable_galera}
1026 enable_ceph_storage: {get_input: enable_ceph_storage}
1027 enable_swift_storage: {get_input: enable_swift_storage}
1028 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1029 mysql_max_connections: {get_input: mysql_max_connections}
1030 mysql::server::root_password: {get_input: mysql_root_password}
1031 mysql_cluster_name: {get_input: mysql_cluster_name}
1032 mysql_bind_host: {get_input: mysql_network}
1033 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1036 neutron::bind_host: {get_input: neutron_api_network}
1037 neutron::rabbit_password: {get_input: rabbit_password}
1038 neutron::rabbit_user: {get_input: rabbit_user}
1039 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1040 neutron::rabbit_port: {get_input: rabbit_client_port}
1041 neutron::debug: {get_input: debug}
1042 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1043 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1044 neutron::server::database_connection: {get_input: neutron_dsn}
1045 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1046 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1047 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1048 neutron_flat_networks: {get_input: neutron_flat_networks}
1049 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1050 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1051 neutron_agent_mode: {get_input: neutron_agent_mode}
1052 neutron_router_distributed: {get_input: neutron_router_distributed}
1053 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1054 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1055 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1056 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1057 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1058 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1059 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1060 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1061 neutron_public_interface: {get_input: neutron_public_interface}
1062 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1063 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1064 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1065 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1066 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1067 neutron::server::auth_password: {get_input: neutron_password}
1068 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1069 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1070 neutron_dsn: {get_input: neutron_dsn}
1071 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1072 neutron::db::mysql::password: {get_input: neutron_password}
1075 ceilometer_backend: {get_input: ceilometer_backend}
1076 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1077 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1078 ceilometer::rabbit_userid: {get_input: rabbit_username}
1079 ceilometer::rabbit_password: {get_input: rabbit_password}
1080 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1081 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1082 ceilometer::debug: {get_input: debug}
1083 ceilometer::api::host: {get_input: ceilometer_api_network}
1084 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1085 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1086 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1087 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1088 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1089 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1090 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1091 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1092 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1095 nova::rabbit_userid: {get_input: rabbit_username}
1096 nova::rabbit_password: {get_input: rabbit_password}
1097 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1098 nova::rabbit_port: {get_input: rabbit_client_port}
1099 nova::debug: {get_input: debug}
1100 nova::api::auth_uri: {get_input: keystone_auth_uri}
1101 nova::api::identity_uri: {get_input: keystone_identity_uri}
1102 nova::api::api_bind_address: {get_input: nova_api_network}
1103 nova::api::metadata_listen: {get_input: nova_metadata_network}
1104 nova::api::admin_password: {get_input: nova_password}
1105 nova::database_connection: {get_input: nova_dsn}
1106 nova::glance_api_servers: {get_input: glance_api_servers}
1107 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1108 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1109 nova::network::neutron::neutron_url: {get_input: neutron_url}
1110 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1111 nova::vncproxy::host: {get_input: nova_api_network}
1112 nova::db::mysql::password: {get_input: nova_password}
1115 apache::ip: {get_input: horizon_network}
1116 horizon::django_debug: {get_input: debug}
1117 horizon::secret_key: {get_input: horizon_secret}
1118 horizon::bind_address: {get_input: horizon_network}
1119 horizon::keystone_url: {get_input: keystone_auth_uri}
1122 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1123 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1125 redis::bind: {get_input: redis_network}
1126 redis_vip: {get_input: redis_vip}
1128 memcached::listen_ip: {get_input: memcached_network}
1129 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1130 ntp::servers: {get_input: ntp_servers}
1131 control_virtual_interface: {get_input: control_virtual_interface}
1132 public_virtual_interface: {get_input: public_virtual_interface}
1133 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1134 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1135 tripleo::packages::enable_install: {get_input: enable_package_install}
1137 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1138 ControllerExtraConfigPre:
1139 depends_on: ControllerDeployment
1140 type: OS::TripleO::ControllerExtraConfigPre
1142 server: {get_resource: Controller}
1145 type: OS::TripleO::Tasks::PackageUpdate
1148 type: OS::Heat::SoftwareDeployment
1150 config: {get_resource: UpdateConfig}
1151 server: {get_resource: Controller}
1154 get_param: UpdateIdentifier
1158 description: IP address of the server in the ctlplane network
1159 value: {get_attr: [Controller, networks, ctlplane, 0]}
1160 external_ip_address:
1161 description: IP address of the server in the external network
1162 value: {get_attr: [ExternalPort, ip_address]}
1163 internal_api_ip_address:
1164 description: IP address of the server in the internal_api network
1165 value: {get_attr: [InternalApiPort, ip_address]}
1167 description: IP address of the server in the storage network
1168 value: {get_attr: [StoragePort, ip_address]}
1169 storage_mgmt_ip_address:
1170 description: IP address of the server in the storage_mgmt network
1171 value: {get_attr: [StorageMgmtPort, ip_address]}
1173 description: IP address of the server in the tenant network
1174 value: {get_attr: [TenantPort, ip_address]}
1176 description: Hostname of the server
1177 value: {get_attr: [Controller, name]}
1180 Node object in the format {ip: ..., name: ...} format that the corosync
1183 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1184 name: {get_attr: [Controller, name]}
1187 Server's IP address and hostname in the /etc/hosts format
1190 template: IP HOST.localdomain HOST CLOUDNAME
1192 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1193 HOST: {get_attr: [Controller, name]}
1194 CLOUDNAME: {get_param: CloudName}
1195 nova_server_resource:
1196 description: Heat resource handle for the Nova compute server
1198 {get_resource: Controller}
1200 description: Swift device formatted for swift-ring-builder
1203 template: 'r1z1-IP:%PORT%/d1'
1205 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1206 swift_proxy_memcache:
1207 description: Swift proxy-memcache value
1210 template: "IP:11211"
1212 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1214 description: identifier which changes if the controller configuration may need re-applying
1218 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1219 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}