1 heat_template_version: 2014-10-16
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
205 NeutronL3HA: #FIXME this isn't wired in
207 description: Whether to enable l3-agent HA
211 description: Whether to configure Neutron Distributed Virtual Routers
213 NeutronMetadataProxySharedSecret:
215 description: Shared secret to prevent spoofing
217 NeutronMechanismDrivers:
218 default: 'openvswitch'
220 The mechanism drivers for the Neutron tenant network. To specify multiple
221 values, use a comma separated string, like so: 'openvswitch,l2_population'
223 NeutronAllowL3AgentFailover:
225 description: Allow automatic l3-agent failover
227 NeutronEnableTunnelling:
233 description: If set, flat networks to configure in neutron plugins.
236 description: The tenant network type for Neutron, either gre or vxlan.
238 NeutronNetworkVLANRanges:
239 default: 'datacentre'
241 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
242 Neutron documentation for permitted values. Defaults to permitting any
243 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
247 description: The password for the neutron service account, used by neutron agents.
250 NeutronPublicInterface:
252 description: What interface to bridge onto br-ex for network nodes.
254 NeutronPublicInterfaceTag:
257 VLAN tag for creating a public VLAN. The tag will be used to
258 create an access port on the exterior bridge for each control plane node,
259 and that port will be given the IP address returned by neutron from the
260 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
261 overcloud.yaml to include the deployment of VLAN ports to the control
264 NeutronPublicInterfaceDefaultRoute:
266 description: A custom default route for the NeutronPublicInterface.
268 NeutronPublicInterfaceIP:
270 description: A custom IP address to put onto the NeutronPublicInterface.
272 NeutronPublicInterfaceRawDevice:
274 description: If set, the public interface is a vlan with this device as the raw device.
279 The tunnel types for the Neutron tenant network. To specify multiple
280 values, use a comma separated string, like so: 'gre,vxlan'
284 description: The password for the nova service account, used by nova-api.
290 PublicVirtualInterface:
293 Specifies the interface where the public-facing virtual ip will be assigned.
294 This should be int_public when a VLAN is being used.
298 default: '' # Has to be here because of the ignored empty value bug
301 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
322 SnmpdReadonlyUserName:
323 default: ro_snmp_user
324 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
326 SnmpdReadonlyUserPassword:
328 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
333 description: If set, the contents of an SSL certificate authority file.
337 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
342 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
347 description: A random string to be used as a salt when hashing to determine mappings
353 description: Value of mount_check in Swift account/container/object -server.conf
358 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
361 description: Partition Power to use when building Swift rings
365 description: The password for the swift service account, used by the swift proxy
372 description: How many replicas to use in the swift rings.
375 default: '' # Has to be here because of the ignored empty value bug
376 EnablePackageInstall:
378 description: Set to true to enable package installation via Puppet
384 type: OS::Nova::Server
386 image: {get_param: Image}
387 image_update_policy: {get_param: ImageUpdatePolicy}
388 flavor: {get_param: Flavor}
389 key_name: {get_param: KeyName}
392 user_data_format: SOFTWARE_CONFIG
395 type: OS::TripleO::Net::SoftwareConfig
398 type: OS::TripleO::SoftwareDeployment
400 signal_transport: NO_SIGNAL
401 config: {get_attr: [NetworkConfig, config_id]}
402 server: {get_resource: Controller}
405 interface_name: {get_param: NeutronPublicInterface}
407 ControllerDeployment:
408 type: OS::TripleO::SoftwareDeployment
410 signal_transport: NO_SIGNAL
411 config: {get_resource: ControllerConfig}
412 server: {get_resource: Controller}
414 bootstack_nodeid: {get_attr: [Controller, name]}
415 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
416 controller_virtual_ip: {get_param: VirtualIP}
417 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
418 heat.watch_server_url:
422 - {get_param: VirtualIP}
424 heat.metadata_server_url:
428 - {get_param: VirtualIP}
430 heat.waitcondition_server_url:
434 - {get_param: VirtualIP}
435 - ':8000/v1/waitcondition'
436 admin_password: {get_param: AdminPassword}
437 admin_token: {get_param: AdminToken}
438 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
439 debug: {get_param: Debug}
440 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
441 cinder_password: {get_param: CinderPassword}
442 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
446 - - 'mysql://cinder:unset@'
447 - {get_param: VirtualIP}
449 glance_port: {get_param: GlancePort}
450 glance_protocol: {get_param: GlanceProtocol}
451 glance_password: {get_param: GlancePassword}
452 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
453 glance_log_file: {get_param: GlanceLogFile}
457 - - 'mysql://glance:unset@'
458 - {get_param: VirtualIP}
460 heat_password: {get_param: HeatPassword}
461 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
465 - - 'mysql://heat:unset@'
466 - {get_param: VirtualIP}
468 keystone_ca_certificate: {get_param: KeystoneCACertificate}
469 keystone_signing_key: {get_param: KeystoneSigningKey}
470 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
471 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
472 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
476 - - 'mysql://keystone:unset@'
477 - {get_param: VirtualIP}
479 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
480 mysql_root_password: {get_param: MysqlRootPassword}
483 template: tripleo-CLUSTER
485 CLUSTER: {get_param: MysqlClusterUniquePart}
486 neutron_flat_networks: {get_param: NeutronFlatNetworks}
487 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
488 neutron_agent_mode: {get_param: NeutronAgentMode}
489 neutron_router_distributed: {get_param: NeutronDVR}
490 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
491 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
492 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
493 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
494 neutron_public_interface: {get_param: NeutronPublicInterface}
495 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
496 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
497 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
498 neutron_tenant_network_type: {get_param: NeutronNetworkType}
499 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
500 neutron_password: {get_param: NeutronPassword}
501 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
505 - - 'mysql://neutron:unset@'
506 - {get_param: VirtualIP}
507 - '/ovs_neutron?charset=utf8'
508 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
509 ceilometer_password: {get_param: CeilometerPassword}
513 - - 'mysql://ceilometer:unset@'
514 - {get_param: VirtualIP}
516 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
517 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
518 nova_password: {get_param: NovaPassword}
522 - - 'mysql://nova:unset@'
523 - {get_param: VirtualIP}
525 rabbit_username: {get_param: RabbitUserName}
526 rabbit_password: {get_param: RabbitPassword}
527 rabbit_cookie: {get_param: RabbitCookie}
528 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
529 rabbit_client_port: {get_param: RabbitClientPort}
532 template: '["server"]'
534 server: {get_param: NtpServer}
535 control_virtual_interface: {get_param: ControlVirtualInterface}
536 public_virtual_interface: {get_param: PublicVirtualInterface}
537 public_virtual_ip: {get_param: PublicVirtualIP}
538 swift_hash_suffix: {get_param: SwiftHashSuffix}
539 swift_password: {get_param: SwiftPassword}
540 swift_part_power: {get_param: SwiftPartPower}
541 swift_replicas: {get_param: SwiftReplicas}
542 swift_min_part_hours: {get_param: SwiftMinPartHours}
543 swift_mount_check: {get_param: SwiftMountCheck}
544 enable_package_install: {get_param: EnablePackageInstall}
546 # Map heat metadata into hiera datafiles
548 type: OS::Heat::StructuredConfig
550 group: os-apply-config
554 - heat_config_%{::deploy_config_name}
557 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
558 - rabbit # provided by allNodesConfig
562 raw_data: {get_file: hieradata/common.yaml}
564 raw_data: {get_file: hieradata/object.yaml}
566 raw_data: {get_file: hieradata/controller.yaml}
567 oac_data: # data we map in from other OAC configurations
568 bootstrap_nodeid: bootstrap_host.bootstrap_nodeid
569 mapped_data: # data supplied directly to this deployment configuration, etc
570 debug: {get_input: debug}
571 bootstack_nodeid: {get_input: bootstack_nodeid}
572 controller_host: {get_input: controller_host} #local-ipv4
574 swift::proxy::proxy_local_net_ip: {get_input: controller_host}
575 swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip}
576 swift::storage::all::storage_local_net_ip: {get_input: controller_host}
577 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
578 swift::proxy::authtoken::admin_password: {get_input: swift_password}
579 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
580 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
581 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
582 swift_mount_check: {get_input: swift_mount_check}
584 # NOTE(dprince): build_ring support is currently not wired in.
585 # See: https://review.openstack.org/#/c/109225/
586 tripleo::ringbuilder::build_ring: True
588 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
589 cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper}
590 cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host}
591 cinder::database_connection: {get_input: cinder_dsn}
592 cinder::api::keystone_password: {get_input: cinder_password}
593 cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
594 cinder::api::bind_host: {get_input: controller_host}
595 cinder::rabbit_userid: {get_input: rabbit_username}
596 cinder::rabbit_password: {get_input: rabbit_password}
597 #cinder::debug: {get_input: debug}
599 glance::api::bind_port: {get_input: glance_port}
600 glance::api::bind_host: {get_input: controller_host}
601 glance::api::auth_host: {get_input: controller_virtual_ip}
602 glance::api::registry_host: {get_input: controller_host}
603 glance::api::keystone_password: {get_input: glance_password}
604 # used to construct glance_api_servers
605 glance_port: {get_input: glance_port}
606 glance_protocol: {get_input: glance_protocol}
607 glance_notifier_strategy: {get_input: glance_notifier_strategy}
608 glance_log_file: {get_input: glance_log_file}
609 glance_log_file: {get_input: glance_log_file}
610 glance::api::database_connection: {get_input: glance_dsn}
611 glance::registry::keystone_password: {get_input: glance_password}
612 glance::registry::database_connection: {get_input: glance_dsn}
613 glance::registry::bind_host: {get_input: controller_host}
614 glance::registry::auth_host: {get_input: controller_virtual_ip}
615 glance::backend::swift::swift_store_user: service:glance
616 glance::backend::swift::swift_store_key: {get_input: glance_password}
618 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
619 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
620 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
621 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
622 heat::engine::auth_encryption_key: unset___________
623 heat::rabbit_userid: {get_input: rabbit_username}
624 heat::rabbit_password: {get_input: rabbit_password}
625 heat::rabbit_host: {get_input: controller_virtual_ip}
626 heat::keystone_host: {get_input: controller_virtual_ip}
627 heat::keystone_password: {get_input: heat_password}
628 heat::api::bind_host: {get_input: controller_host}
629 heat::api_cloudwatch::bind_host: {get_input: controller_host}
630 heat::api_cfn::bind_host: {get_input: controller_host}
631 heat::database_connection: {get_input: heat_dsn}
634 keystone::admin_token: {get_input: admin_token}
635 keystone_ca_certificate: {get_input: keystone_ca_certificate}
636 keystone_signing_key: {get_input: keystone_signing_key}
637 keystone_signing_certificate: {get_input: keystone_signing_certificate}
638 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
639 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
640 keystone::database_connection: {get_input: keystone_dsn}
641 keystone::public_bind_host: {get_input: controller_host}
642 keystone::admin_bind_host: {get_input: controller_host}
643 #keystone::debug: {get_input: debug}
645 admin_password: {get_input: admin_password}
646 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
647 mysql_root_password: {get_input: mysql_root_password}
648 mysql_cluster_name: {get_input: mysql_cluster_name}
650 neutron::bind_host: {get_input: controller_host}
651 neutron::rabbit_password: {get_input: rabbit_password}
652 neutron::rabbit_user: {get_input: rabbit_user}
653 #neutron::debug: {get_input: debug}
654 neutron::server::auth_host: {get_input: controller_virtual_ip}
655 neutron::server::database_connection: {get_input: neutron_dsn}
656 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
657 neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
658 neutron_flat_networks: {get_input: neutron_flat_networks}
659 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
660 neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip}
661 neutron_agent_mode: {get_input: neutron_agent_mode}
662 neutron_router_distributed: {get_input: neutron_router_distributed}
663 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
664 neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
665 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
666 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
667 neutron_public_interface: {get_input: neutron_public_interface}
668 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
669 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
670 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
671 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
672 neutron_tunnel_types: {get_input: neutron_tunnel_types}
673 neutron::server::auth_password: {get_input: neutron_password}
674 neutron::agents::metadata::auth_password: {get_input: neutron_password}
675 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
676 neutron_dsn: {get_input: neutron_dsn}
678 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
679 ceilometer::rabbit_userid: {get_input: rabbit_username}
680 ceilometer::rabbit_password: {get_input: rabbit_password}
681 ceilometer::rabbit_host: {get_input: controller_virtual_ip}
682 ceilometer::api::host: {get_input: controller_host}
683 ceilometer::api::keystone_password: {get_input: ceilometer_password}
684 ceilometer::api::keystone_host: {get_input: controller_virtual_ip}
685 ceilometer::db::database_connection: {get_input: ceilometer_dsn}
686 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
687 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
688 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
690 nova::rabbit_userid: {get_input: rabbit_username}
691 nova::rabbit_password: {get_input: rabbit_password}
692 nova::api::auth_host: {get_input: controller_virtual_ip}
693 nova::api::api_bind_address: {get_input: controller_host}
694 nova::api::metadata_listen: {get_input: controller_host}
695 nova::api::admin_password: {get_input: nova_password}
696 nova::database_connection: {get_input: nova_dsn}
697 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
699 rabbit_username: {get_input: rabbit_username}
700 rabbit_password: {get_input: rabbit_password}
701 rabbit_cookie: {get_input: rabbit_cookie}
702 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
703 rabbit_client_port: {get_input: rabbit_client_port}
705 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
706 ntp::servers: {get_input: ntp_servers}
707 control_virtual_interface: {get_input: control_virtual_interface}
708 controller_virtual_ip: {get_input: controller_virtual_ip}
709 public_virtual_interface: {get_input: public_virtual_interface}
710 public_virtual_ip: {get_input: public_virtual_ip}
711 enable_package_install: {get_input: enable_package_install}
715 description: IP address of the server in the ctlplane network
716 value: {get_attr: [Controller, networks, ctlplane, 0]}
718 description: Hostname of the server
719 value: {get_attr: [Controller, name]}
722 Node object in the format {ip: ..., name: ...} format that the corosync
725 ip: {get_attr: [Controller, networks, ctlplane, 0]}
726 name: {get_attr: [Controller, name]}
729 Server's IP address and hostname in the /etc/hosts format
732 template: IP HOST HOST.novalocal CLOUDNAME
734 IP: {get_attr: [Controller, networks, ctlplane, 0]}
735 HOST: {get_attr: [Controller, name]}
736 CLOUDNAME: {get_param: CloudName}
737 nova_server_resource:
738 description: Heat resource handle for the Nova compute server
740 {get_resource: Controller}
742 description: Swift device formatted for swift-ring-builder
745 template: 'r1z1-IP:%PORT%/d1'
747 IP: {get_attr: [Controller, networks, ctlplane, 0]}
748 swift_proxy_memcache:
749 description: Swift proxy-memcache value
754 IP: {get_attr: [Controller, networks, ctlplane, 0]}