1 heat_template_version: 2014-10-16
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
205 NeutronL3HA: #FIXME this isn't wired in
207 description: Whether to enable l3-agent HA
211 description: Whether to configure Neutron Distributed Virtual Routers
213 NeutronMetadataProxySharedSecret:
215 description: Shared secret to prevent spoofing
217 NeutronMechanismDrivers:
218 default: 'openvswitch'
220 The mechanism drivers for the Neutron tenant network. To specify multiple
221 values, use a comma separated string, like so: 'openvswitch,l2_population'
223 NeutronAllowL3AgentFailover:
225 description: Allow automatic l3-agent failover
227 NeutronEnableTunnelling:
233 description: If set, flat networks to configure in neutron plugins.
236 description: The tenant network type for Neutron, either gre or vxlan.
238 NeutronNetworkVLANRanges:
239 default: 'datacentre'
241 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
242 Neutron documentation for permitted values. Defaults to permitting any
243 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
247 description: The password for the neutron service account, used by neutron agents.
250 NeutronPublicInterface:
252 description: What interface to bridge onto br-ex for network nodes.
254 NeutronPublicInterfaceTag:
257 VLAN tag for creating a public VLAN. The tag will be used to
258 create an access port on the exterior bridge for each control plane node,
259 and that port will be given the IP address returned by neutron from the
260 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
261 overcloud.yaml to include the deployment of VLAN ports to the control
264 NeutronPublicInterfaceDefaultRoute:
266 description: A custom default route for the NeutronPublicInterface.
268 NeutronPublicInterfaceIP:
270 description: A custom IP address to put onto the NeutronPublicInterface.
272 NeutronPublicInterfaceRawDevice:
274 description: If set, the public interface is a vlan with this device as the raw device.
279 The tunnel types for the Neutron tenant network. To specify multiple
280 values, use a comma separated string, like so: 'gre,vxlan'
284 description: The password for the nova service account, used by nova-api.
290 PublicVirtualInterface:
293 Specifies the interface where the public-facing virtual ip will be assigned.
294 This should be int_public when a VLAN is being used.
298 default: '' # Has to be here because of the ignored empty value bug
301 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
322 SnmpdReadonlyUserName:
323 default: ro_snmp_user
324 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
326 SnmpdReadonlyUserPassword:
328 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
333 description: If set, the contents of an SSL certificate authority file.
337 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
342 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
347 description: A random string to be used as a salt when hashing to determine mappings
353 description: Value of mount_check in Swift account/container/object -server.conf
358 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
361 description: Partition Power to use when building Swift rings
365 description: The password for the swift service account, used by the swift proxy
372 description: How many replicas to use in the swift rings.
375 default: '' # Has to be here because of the ignored empty value bug
376 EnablePackageInstall:
378 description: Set to true to enable package installation via Puppet
384 type: OS::Nova::Server
386 image: {get_param: Image}
387 image_update_policy: {get_param: ImageUpdatePolicy}
388 flavor: {get_param: Flavor}
389 key_name: {get_param: KeyName}
392 user_data_format: SOFTWARE_CONFIG
395 type: OS::TripleO::Net::SoftwareConfig
398 type: OS::TripleO::SoftwareDeployment
400 signal_transport: NO_SIGNAL
401 config: {get_attr: [NetworkConfig, config_id]}
402 server: {get_resource: Controller}
405 interface_name: {get_param: NeutronPublicInterface}
407 ControllerDeployment:
408 type: OS::TripleO::SoftwareDeployment
410 signal_transport: NO_SIGNAL
411 config: {get_resource: ControllerConfig}
412 server: {get_resource: Controller}
414 bootstack_nodeid: {get_attr: [Controller, name]}
415 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
416 controller_virtual_ip: {get_param: VirtualIP}
417 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
418 heat.watch_server_url:
422 - {get_param: VirtualIP}
424 heat.metadata_server_url:
428 - {get_param: VirtualIP}
430 heat.waitcondition_server_url:
434 - {get_param: VirtualIP}
435 - ':8000/v1/waitcondition'
436 admin_password: {get_param: AdminPassword}
437 admin_token: {get_param: AdminToken}
438 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
439 debug: {get_param: Debug}
440 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
441 cinder_password: {get_param: CinderPassword}
442 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
446 - - 'mysql://cinder:unset@'
447 - {get_param: VirtualIP}
449 glance_port: {get_param: GlancePort}
450 glance_protocol: {get_param: GlanceProtocol}
451 glance_password: {get_param: GlancePassword}
452 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
453 glance_log_file: {get_param: GlanceLogFile}
457 - - 'mysql://glance:unset@'
458 - {get_param: VirtualIP}
460 heat_password: {get_param: HeatPassword}
461 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
465 - - 'mysql://heat:unset@'
466 - {get_param: VirtualIP}
468 keystone_ca_certificate: {get_param: KeystoneCACertificate}
469 keystone_signing_key: {get_param: KeystoneSigningKey}
470 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
471 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
472 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
476 - - 'mysql://keystone:unset@'
477 - {get_param: VirtualIP}
479 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
480 mysql_root_password: {get_param: MysqlRootPassword}
483 template: tripleo-CLUSTER
485 CLUSTER: {get_param: MysqlClusterUniquePart}
486 neutron_flat_networks: {get_param: NeutronFlatNetworks}
487 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
488 neutron_agent_mode: {get_param: NeutronAgentMode}
489 neutron_router_distributed: {get_param: NeutronDVR}
490 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
491 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
492 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
493 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
494 neutron_public_interface: {get_param: NeutronPublicInterface}
495 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
496 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
497 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
498 neutron_tenant_network_type: {get_param: NeutronNetworkType}
499 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
500 neutron_password: {get_param: NeutronPassword}
501 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
505 - - 'mysql://neutron:unset@'
506 - {get_param: VirtualIP}
507 - '/ovs_neutron?charset=utf8'
508 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
509 ceilometer_password: {get_param: CeilometerPassword}
513 - - 'mysql://ceilometer:unset@'
514 - {get_param: VirtualIP}
516 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
517 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
518 nova_password: {get_param: NovaPassword}
522 - - 'mysql://nova:unset@'
523 - {get_param: VirtualIP}
525 rabbit_username: {get_param: RabbitUserName}
526 rabbit_password: {get_param: RabbitPassword}
527 rabbit_cookie: {get_param: RabbitCookie}
528 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
529 rabbit_client_port: {get_param: RabbitClientPort}
532 template: '["server"]'
534 server: {get_param: NtpServer}
535 control_virtual_interface: {get_param: ControlVirtualInterface}
536 public_virtual_interface: {get_param: PublicVirtualInterface}
537 public_virtual_ip: {get_param: PublicVirtualIP}
538 swift_hash_suffix: {get_param: SwiftHashSuffix}
539 swift_password: {get_param: SwiftPassword}
540 swift_part_power: {get_param: SwiftPartPower}
541 swift_replicas: {get_param: SwiftReplicas}
542 swift_min_part_hours: {get_param: SwiftMinPartHours}
543 swift_mount_check: {get_param: SwiftMountCheck}
544 enable_package_install: {get_param: EnablePackageInstall}
546 # Map heat metadata into hiera datafiles
548 type: OS::Heat::StructuredConfig
550 group: os-apply-config
554 - heat_config_%{::deploy_config_name}
557 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
558 - rabbit # provided by allNodesConfig
559 - ceph_cluster # provided by CephClusterConfig
561 - bootstrap_node # provided by BootstrapNodeConfig
565 raw_data: {get_file: hieradata/common.yaml}
567 raw_data: {get_file: hieradata/ceph.yaml}
569 raw_data: {get_file: hieradata/object.yaml}
571 raw_data: {get_file: hieradata/controller.yaml}
572 mapped_data: # data supplied directly to this deployment configuration, etc
573 debug: {get_input: debug}
574 bootstack_nodeid: {get_input: bootstack_nodeid}
575 controller_host: {get_input: controller_host} #local-ipv4
577 swift::proxy::proxy_local_net_ip: {get_input: controller_host}
578 swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip}
579 swift::storage::all::storage_local_net_ip: {get_input: controller_host}
580 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
581 swift::proxy::authtoken::admin_password: {get_input: swift_password}
582 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
583 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
584 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
585 swift_mount_check: {get_input: swift_mount_check}
587 # NOTE(dprince): build_ring support is currently not wired in.
588 # See: https://review.openstack.org/#/c/109225/
589 tripleo::ringbuilder::build_ring: True
591 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
592 cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper}
593 cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host}
594 cinder::database_connection: {get_input: cinder_dsn}
595 cinder::api::keystone_password: {get_input: cinder_password}
596 cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
597 cinder::api::bind_host: {get_input: controller_host}
598 cinder::rabbit_userid: {get_input: rabbit_username}
599 cinder::rabbit_password: {get_input: rabbit_password}
600 #cinder::debug: {get_input: debug}
602 glance::api::bind_port: {get_input: glance_port}
603 glance::api::bind_host: {get_input: controller_host}
604 glance::api::auth_host: {get_input: controller_virtual_ip}
605 glance::api::registry_host: {get_input: controller_host}
606 glance::api::keystone_password: {get_input: glance_password}
607 # used to construct glance_api_servers
608 glance_port: {get_input: glance_port}
609 glance_protocol: {get_input: glance_protocol}
610 glance_notifier_strategy: {get_input: glance_notifier_strategy}
611 glance_log_file: {get_input: glance_log_file}
612 glance_log_file: {get_input: glance_log_file}
613 glance::api::database_connection: {get_input: glance_dsn}
614 glance::registry::keystone_password: {get_input: glance_password}
615 glance::registry::database_connection: {get_input: glance_dsn}
616 glance::registry::bind_host: {get_input: controller_host}
617 glance::registry::auth_host: {get_input: controller_virtual_ip}
618 glance::backend::swift::swift_store_user: service:glance
619 glance::backend::swift::swift_store_key: {get_input: glance_password}
621 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
622 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
623 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
624 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
625 heat::engine::auth_encryption_key: unset___________
626 heat::rabbit_userid: {get_input: rabbit_username}
627 heat::rabbit_password: {get_input: rabbit_password}
628 heat::rabbit_host: {get_input: controller_virtual_ip}
629 heat::keystone_host: {get_input: controller_virtual_ip}
630 heat::keystone_password: {get_input: heat_password}
631 heat::api::bind_host: {get_input: controller_host}
632 heat::api_cloudwatch::bind_host: {get_input: controller_host}
633 heat::api_cfn::bind_host: {get_input: controller_host}
634 heat::database_connection: {get_input: heat_dsn}
635 heat::instance_user: heat-admin
638 keystone::admin_token: {get_input: admin_token}
639 keystone_ca_certificate: {get_input: keystone_ca_certificate}
640 keystone_signing_key: {get_input: keystone_signing_key}
641 keystone_signing_certificate: {get_input: keystone_signing_certificate}
642 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
643 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
644 keystone::database_connection: {get_input: keystone_dsn}
645 keystone::public_bind_host: {get_input: controller_host}
646 keystone::admin_bind_host: {get_input: controller_host}
647 #keystone::debug: {get_input: debug}
649 admin_password: {get_input: admin_password}
650 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
651 mysql_root_password: {get_input: mysql_root_password}
652 mysql_cluster_name: {get_input: mysql_cluster_name}
654 neutron::bind_host: {get_input: controller_host}
655 neutron::rabbit_password: {get_input: rabbit_password}
656 neutron::rabbit_user: {get_input: rabbit_user}
657 #neutron::debug: {get_input: debug}
658 neutron::server::auth_host: {get_input: controller_virtual_ip}
659 neutron::server::database_connection: {get_input: neutron_dsn}
660 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
661 neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
662 neutron_flat_networks: {get_input: neutron_flat_networks}
663 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
664 neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip}
665 neutron_agent_mode: {get_input: neutron_agent_mode}
666 neutron_router_distributed: {get_input: neutron_router_distributed}
667 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
668 neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
669 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
670 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
671 neutron_public_interface: {get_input: neutron_public_interface}
672 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
673 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
674 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
675 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
676 neutron_tunnel_types: {get_input: neutron_tunnel_types}
677 neutron::server::auth_password: {get_input: neutron_password}
678 neutron::agents::metadata::auth_password: {get_input: neutron_password}
679 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
680 neutron_dsn: {get_input: neutron_dsn}
682 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
683 ceilometer::rabbit_userid: {get_input: rabbit_username}
684 ceilometer::rabbit_password: {get_input: rabbit_password}
685 ceilometer::rabbit_host: {get_input: controller_virtual_ip}
686 ceilometer::api::host: {get_input: controller_host}
687 ceilometer::api::keystone_password: {get_input: ceilometer_password}
688 ceilometer::api::keystone_host: {get_input: controller_virtual_ip}
689 ceilometer::db::database_connection: {get_input: ceilometer_dsn}
690 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
691 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
692 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
694 nova::rabbit_userid: {get_input: rabbit_username}
695 nova::rabbit_password: {get_input: rabbit_password}
696 nova::api::auth_host: {get_input: controller_virtual_ip}
697 nova::api::api_bind_address: {get_input: controller_host}
698 nova::api::metadata_listen: {get_input: controller_host}
699 nova::api::admin_password: {get_input: nova_password}
700 nova::database_connection: {get_input: nova_dsn}
701 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
703 rabbit_username: {get_input: rabbit_username}
704 rabbit_password: {get_input: rabbit_password}
705 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
706 rabbit_client_port: {get_input: rabbit_client_port}
707 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
709 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
710 ntp::servers: {get_input: ntp_servers}
711 control_virtual_interface: {get_input: control_virtual_interface}
712 controller_virtual_ip: {get_input: controller_virtual_ip}
713 public_virtual_interface: {get_input: public_virtual_interface}
714 public_virtual_ip: {get_input: public_virtual_ip}
715 enable_package_install: {get_input: enable_package_install}
719 description: IP address of the server in the ctlplane network
720 value: {get_attr: [Controller, networks, ctlplane, 0]}
722 description: Hostname of the server
723 value: {get_attr: [Controller, name]}
726 Node object in the format {ip: ..., name: ...} format that the corosync
729 ip: {get_attr: [Controller, networks, ctlplane, 0]}
730 name: {get_attr: [Controller, name]}
733 Server's IP address and hostname in the /etc/hosts format
736 template: IP HOST HOST.novalocal CLOUDNAME
738 IP: {get_attr: [Controller, networks, ctlplane, 0]}
739 HOST: {get_attr: [Controller, name]}
740 CLOUDNAME: {get_param: CloudName}
741 nova_server_resource:
742 description: Heat resource handle for the Nova compute server
744 {get_resource: Controller}
746 description: Swift device formatted for swift-ring-builder
749 template: 'r1z1-IP:%PORT%/d1'
751 IP: {get_attr: [Controller, networks, ctlplane, 0]}
752 swift_proxy_memcache:
753 description: Swift proxy-memcache value
758 IP: {get_attr: [Controller, networks, ctlplane, 0]}