1 heat_template_version: 2014-10-16
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
205 NeutronL3HA: #FIXME this isn't wired in
207 description: Whether to enable l3-agent HA
211 description: Whether to configure Neutron Distributed Virtual Routers
213 NeutronMetadataProxySharedSecret:
215 description: Shared secret to prevent spoofing
217 NeutronMechanismDrivers:
218 default: 'openvswitch'
220 The mechanism drivers for the Neutron tenant network. To specify multiple
221 values, use a comma separated string, like so: 'openvswitch,l2_population'
223 NeutronAllowL3AgentFailover:
225 description: Allow automatic l3-agent failover
227 NeutronEnableTunnelling:
233 description: If set, flat networks to configure in neutron plugins.
236 description: The tenant network type for Neutron, either gre or vxlan.
238 NeutronNetworkVLANRanges:
239 default: 'datacentre'
241 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
242 Neutron documentation for permitted values. Defaults to permitting any
243 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
247 description: The password for the neutron service account, used by neutron agents.
250 NeutronPublicInterface:
252 description: What interface to bridge onto br-ex for network nodes.
254 NeutronPublicInterfaceTag:
257 VLAN tag for creating a public VLAN. The tag will be used to
258 create an access port on the exterior bridge for each control plane node,
259 and that port will be given the IP address returned by neutron from the
260 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
261 overcloud.yaml to include the deployment of VLAN ports to the control
264 NeutronPublicInterfaceDefaultRoute:
266 description: A custom default route for the NeutronPublicInterface.
268 NeutronPublicInterfaceIP:
270 description: A custom IP address to put onto the NeutronPublicInterface.
272 NeutronPublicInterfaceRawDevice:
274 description: If set, the public interface is a vlan with this device as the raw device.
279 The tunnel types for the Neutron tenant network. To specify multiple
280 values, use a comma separated string, like so: 'gre,vxlan'
284 description: The password for the nova service account, used by nova-api.
290 PublicVirtualInterface:
293 Specifies the interface where the public-facing virtual ip will be assigned.
294 This should be int_public when a VLAN is being used.
298 default: '' # Has to be here because of the ignored empty value bug
301 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
322 SnmpdReadonlyUserName:
323 default: ro_snmp_user
324 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
326 SnmpdReadonlyUserPassword:
328 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
333 description: If set, the contents of an SSL certificate authority file.
337 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
342 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
347 description: A random string to be used as a salt when hashing to determine mappings
353 description: Value of mount_check in Swift account/container/object -server.conf
358 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
361 description: Partition Power to use when building Swift rings
365 description: The password for the swift service account, used by the swift proxy
372 description: How many replicas to use in the swift rings.
375 default: '' # Has to be here because of the ignored empty value bug
376 EnablePackageInstall:
378 description: Set to true to enable package installation via Puppet
384 type: OS::Nova::Server
386 image: {get_param: Image}
387 image_update_policy: {get_param: ImageUpdatePolicy}
388 flavor: {get_param: Flavor}
389 key_name: {get_param: KeyName}
392 user_data_format: SOFTWARE_CONFIG
395 type: OS::TripleO::Net::SoftwareConfig
398 type: OS::TripleO::SoftwareDeployment
400 signal_transport: NO_SIGNAL
401 config: {get_attr: [NetworkConfig, config_id]}
402 server: {get_resource: Controller}
405 interface_name: {get_param: NeutronPublicInterface}
407 ControllerDeployment:
408 type: OS::TripleO::SoftwareDeployment
410 signal_transport: NO_SIGNAL
411 config: {get_resource: ControllerConfig}
412 server: {get_resource: Controller}
414 bootstack_nodeid: {get_attr: [Controller, name]}
415 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
416 controller_virtual_ip: {get_param: VirtualIP}
417 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
418 heat.watch_server_url:
422 - {get_param: VirtualIP}
424 heat.metadata_server_url:
428 - {get_param: VirtualIP}
430 heat.waitcondition_server_url:
434 - {get_param: VirtualIP}
435 - ':8000/v1/waitcondition'
436 admin_password: {get_param: AdminPassword}
437 admin_token: {get_param: AdminToken}
438 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
439 debug: {get_param: Debug}
440 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
441 cinder_password: {get_param: CinderPassword}
442 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
446 - - 'mysql://cinder:unset@'
447 - {get_param: VirtualIP}
449 glance_port: {get_param: GlancePort}
450 glance_protocol: {get_param: GlanceProtocol}
451 glance_password: {get_param: GlancePassword}
452 glance_swift_store_auth_address: {list_join: ['', ['http://', {get_param: VirtualIP} , ':5000/v2.0']]}
453 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
454 glance_log_file: {get_param: GlanceLogFile}
458 - - 'mysql://glance:unset@'
459 - {get_param: VirtualIP}
461 heat_password: {get_param: HeatPassword}
462 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
466 - - 'mysql://heat:unset@'
467 - {get_param: VirtualIP}
469 keystone_ca_certificate: {get_param: KeystoneCACertificate}
470 keystone_signing_key: {get_param: KeystoneSigningKey}
471 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
472 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
473 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
477 - - 'mysql://keystone:unset@'
478 - {get_param: VirtualIP}
480 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
481 mysql_root_password: {get_param: MysqlRootPassword}
484 template: tripleo-CLUSTER
486 CLUSTER: {get_param: MysqlClusterUniquePart}
487 neutron_flat_networks: {get_param: NeutronFlatNetworks}
488 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
489 neutron_agent_mode: {get_param: NeutronAgentMode}
490 neutron_router_distributed: {get_param: NeutronDVR}
491 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
492 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
493 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
494 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
495 neutron_public_interface: {get_param: NeutronPublicInterface}
496 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
497 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
498 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
499 neutron_tenant_network_type: {get_param: NeutronNetworkType}
500 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
501 neutron_password: {get_param: NeutronPassword}
502 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
506 - - 'mysql://neutron:unset@'
507 - {get_param: VirtualIP}
508 - '/ovs_neutron?charset=utf8'
509 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
510 ceilometer_password: {get_param: CeilometerPassword}
514 - - 'mysql://ceilometer:unset@'
515 - {get_param: VirtualIP}
517 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
518 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
519 nova_password: {get_param: NovaPassword}
523 - - 'mysql://nova:unset@'
524 - {get_param: VirtualIP}
526 rabbit_username: {get_param: RabbitUserName}
527 rabbit_password: {get_param: RabbitPassword}
528 rabbit_cookie: {get_param: RabbitCookie}
529 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
530 rabbit_client_port: {get_param: RabbitClientPort}
533 template: '["server"]'
535 server: {get_param: NtpServer}
536 control_virtual_interface: {get_param: ControlVirtualInterface}
537 public_virtual_interface: {get_param: PublicVirtualInterface}
538 public_virtual_ip: {get_param: PublicVirtualIP}
539 swift_hash_suffix: {get_param: SwiftHashSuffix}
540 swift_password: {get_param: SwiftPassword}
541 swift_part_power: {get_param: SwiftPartPower}
542 swift_replicas: {get_param: SwiftReplicas}
543 swift_min_part_hours: {get_param: SwiftMinPartHours}
544 swift_mount_check: {get_param: SwiftMountCheck}
545 enable_package_install: {get_param: EnablePackageInstall}
547 # Map heat metadata into hiera datafiles
549 type: OS::Heat::StructuredConfig
551 group: os-apply-config
555 - heat_config_%{::deploy_config_name}
558 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
559 - rabbit # provided by allNodesConfig
560 - ceph_cluster # provided by CephClusterConfig
562 - bootstrap_node # provided by BootstrapNodeConfig
566 raw_data: {get_file: hieradata/common.yaml}
568 raw_data: {get_file: hieradata/ceph.yaml}
570 raw_data: {get_file: hieradata/object.yaml}
572 raw_data: {get_file: hieradata/controller.yaml}
573 mapped_data: # data supplied directly to this deployment configuration, etc
574 debug: {get_input: debug}
575 bootstack_nodeid: {get_input: bootstack_nodeid}
576 controller_host: {get_input: controller_host} #local-ipv4
578 swift::proxy::proxy_local_net_ip: {get_input: controller_host}
579 swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip}
580 swift::storage::all::storage_local_net_ip: {get_input: controller_host}
581 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
582 swift::proxy::authtoken::admin_password: {get_input: swift_password}
583 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
584 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
585 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
586 swift_mount_check: {get_input: swift_mount_check}
588 # NOTE(dprince): build_ring support is currently not wired in.
589 # See: https://review.openstack.org/#/c/109225/
590 tripleo::ringbuilder::build_ring: True
592 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
593 cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper}
594 cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host}
595 cinder::database_connection: {get_input: cinder_dsn}
596 cinder::api::keystone_password: {get_input: cinder_password}
597 cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
598 cinder::api::bind_host: {get_input: controller_host}
599 cinder::rabbit_userid: {get_input: rabbit_username}
600 cinder::rabbit_password: {get_input: rabbit_password}
601 #cinder::debug: {get_input: debug}
603 glance::api::bind_port: {get_input: glance_port}
604 glance::api::bind_host: {get_input: controller_host}
605 glance::api::auth_host: {get_input: controller_virtual_ip}
606 glance::api::registry_host: {get_input: controller_host}
607 glance::api::keystone_password: {get_input: glance_password}
608 # used to construct glance_api_servers
609 glance_port: {get_input: glance_port}
610 glance_protocol: {get_input: glance_protocol}
611 glance_notifier_strategy: {get_input: glance_notifier_strategy}
612 glance_log_file: {get_input: glance_log_file}
613 glance_log_file: {get_input: glance_log_file}
614 glance::api::database_connection: {get_input: glance_dsn}
615 glance::registry::keystone_password: {get_input: glance_password}
616 glance::registry::database_connection: {get_input: glance_dsn}
617 glance::registry::bind_host: {get_input: controller_host}
618 glance::registry::auth_host: {get_input: controller_virtual_ip}
619 glance::backend::swift::swift_store_auth_address: {get_input: glance_swift_store_auth_address}
620 glance::backend::swift::swift_store_user: service:glance
621 glance::backend::swift::swift_store_key: {get_input: glance_password}
623 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
624 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
625 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
626 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
627 heat::engine::auth_encryption_key: unset___________
628 heat::rabbit_userid: {get_input: rabbit_username}
629 heat::rabbit_password: {get_input: rabbit_password}
630 heat::rabbit_host: {get_input: controller_virtual_ip}
631 heat::keystone_host: {get_input: controller_virtual_ip}
632 heat::keystone_password: {get_input: heat_password}
633 heat::api::bind_host: {get_input: controller_host}
634 heat::api_cloudwatch::bind_host: {get_input: controller_host}
635 heat::api_cfn::bind_host: {get_input: controller_host}
636 heat::database_connection: {get_input: heat_dsn}
637 heat::instance_user: heat-admin
640 keystone::admin_token: {get_input: admin_token}
641 keystone_ca_certificate: {get_input: keystone_ca_certificate}
642 keystone_signing_key: {get_input: keystone_signing_key}
643 keystone_signing_certificate: {get_input: keystone_signing_certificate}
644 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
645 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
646 keystone::database_connection: {get_input: keystone_dsn}
647 keystone::public_bind_host: {get_input: controller_host}
648 keystone::admin_bind_host: {get_input: controller_host}
649 #keystone::debug: {get_input: debug}
651 admin_password: {get_input: admin_password}
652 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
653 mysql_root_password: {get_input: mysql_root_password}
654 mysql_cluster_name: {get_input: mysql_cluster_name}
656 neutron::bind_host: {get_input: controller_host}
657 neutron::rabbit_password: {get_input: rabbit_password}
658 neutron::rabbit_user: {get_input: rabbit_user}
659 #neutron::debug: {get_input: debug}
660 neutron::server::auth_host: {get_input: controller_virtual_ip}
661 neutron::server::database_connection: {get_input: neutron_dsn}
662 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
663 neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
664 neutron_flat_networks: {get_input: neutron_flat_networks}
665 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
666 neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip}
667 neutron_agent_mode: {get_input: neutron_agent_mode}
668 neutron_router_distributed: {get_input: neutron_router_distributed}
669 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
670 neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
671 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
672 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
673 neutron_public_interface: {get_input: neutron_public_interface}
674 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
675 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
676 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
677 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
678 neutron_tunnel_types: {get_input: neutron_tunnel_types}
679 neutron::server::auth_password: {get_input: neutron_password}
680 neutron::agents::metadata::auth_password: {get_input: neutron_password}
681 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
682 neutron_dsn: {get_input: neutron_dsn}
684 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
685 ceilometer::rabbit_userid: {get_input: rabbit_username}
686 ceilometer::rabbit_password: {get_input: rabbit_password}
687 ceilometer::rabbit_host: {get_input: controller_virtual_ip}
688 ceilometer::api::host: {get_input: controller_host}
689 ceilometer::api::keystone_password: {get_input: ceilometer_password}
690 ceilometer::api::keystone_host: {get_input: controller_virtual_ip}
691 ceilometer::db::database_connection: {get_input: ceilometer_dsn}
692 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
693 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
694 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
696 nova::rabbit_userid: {get_input: rabbit_username}
697 nova::rabbit_password: {get_input: rabbit_password}
698 nova::api::auth_host: {get_input: controller_virtual_ip}
699 nova::api::api_bind_address: {get_input: controller_host}
700 nova::api::metadata_listen: {get_input: controller_host}
701 nova::api::admin_password: {get_input: nova_password}
702 nova::database_connection: {get_input: nova_dsn}
703 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
705 rabbit_username: {get_input: rabbit_username}
706 rabbit_password: {get_input: rabbit_password}
707 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
708 rabbit_client_port: {get_input: rabbit_client_port}
709 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
711 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
712 ntp::servers: {get_input: ntp_servers}
713 control_virtual_interface: {get_input: control_virtual_interface}
714 controller_virtual_ip: {get_input: controller_virtual_ip}
715 public_virtual_interface: {get_input: public_virtual_interface}
716 public_virtual_ip: {get_input: public_virtual_ip}
717 enable_package_install: {get_input: enable_package_install}
721 description: IP address of the server in the ctlplane network
722 value: {get_attr: [Controller, networks, ctlplane, 0]}
724 description: Hostname of the server
725 value: {get_attr: [Controller, name]}
728 Node object in the format {ip: ..., name: ...} format that the corosync
731 ip: {get_attr: [Controller, networks, ctlplane, 0]}
732 name: {get_attr: [Controller, name]}
735 Server's IP address and hostname in the /etc/hosts format
738 template: IP HOST HOST.novalocal CLOUDNAME
740 IP: {get_attr: [Controller, networks, ctlplane, 0]}
741 HOST: {get_attr: [Controller, name]}
742 CLOUDNAME: {get_param: CloudName}
743 nova_server_resource:
744 description: Heat resource handle for the Nova compute server
746 {get_resource: Controller}
748 description: Swift device formatted for swift-ring-builder
751 template: 'r1z1-IP:%PORT%/d1'
753 IP: {get_attr: [Controller, networks, ctlplane, 0]}
754 swift_proxy_memcache:
755 description: Swift proxy-memcache value
760 IP: {get_attr: [Controller, networks, ctlplane, 0]}