1 heat_template_version: 2014-10-16
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
205 NeutronL3HA: #FIXME this isn't wired in
207 description: Whether to enable l3-agent HA
211 description: Whether to configure Neutron Distributed Virtual Routers
213 NeutronMetadataProxySharedSecret:
215 description: Shared secret to prevent spoofing
217 NeutronMechanismDrivers:
218 default: 'openvswitch'
220 The mechanism drivers for the Neutron tenant network. To specify multiple
221 values, use a comma separated string, like so: 'openvswitch,l2_population'
223 NeutronAllowL3AgentFailover:
225 description: Allow automatic l3-agent failover
227 NeutronEnableTunnelling:
233 description: If set, flat networks to configure in neutron plugins.
236 description: The tenant network type for Neutron, either gre or vxlan.
238 NeutronNetworkVLANRanges:
239 default: 'datacentre'
241 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
242 Neutron documentation for permitted values. Defaults to permitting any
243 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
247 description: The password for the neutron service account, used by neutron agents.
250 NeutronPublicInterface:
252 description: What interface to bridge onto br-ex for network nodes.
254 NeutronPublicInterfaceTag:
257 VLAN tag for creating a public VLAN. The tag will be used to
258 create an access port on the exterior bridge for each control plane node,
259 and that port will be given the IP address returned by neutron from the
260 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
261 overcloud.yaml to include the deployment of VLAN ports to the control
264 NeutronPublicInterfaceDefaultRoute:
266 description: A custom default route for the NeutronPublicInterface.
268 NeutronPublicInterfaceIP:
270 description: A custom IP address to put onto the NeutronPublicInterface.
272 NeutronPublicInterfaceRawDevice:
274 description: If set, the public interface is a vlan with this device as the raw device.
279 The tunnel types for the Neutron tenant network. To specify multiple
280 values, use a comma separated string, like so: 'gre,vxlan'
284 description: The password for the nova service account, used by nova-api.
290 PublicVirtualInterface:
293 Specifies the interface where the public-facing virtual ip will be assigned.
294 This should be int_public when a VLAN is being used.
298 default: '' # Has to be here because of the ignored empty value bug
301 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
322 SnmpdReadonlyUserName:
323 default: ro_snmp_user
324 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
326 SnmpdReadonlyUserPassword:
328 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
333 description: If set, the contents of an SSL certificate authority file.
337 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
342 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
347 description: A random string to be used as a salt when hashing to determine mappings
353 description: Value of mount_check in Swift account/container/object -server.conf
358 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
361 description: Partition Power to use when building Swift rings
365 description: The password for the swift service account, used by the swift proxy
372 description: How many replicas to use in the swift rings.
375 default: '' # Has to be here because of the ignored empty value bug
376 EnablePackageInstall:
378 description: Set to true to enable package installation via Puppet
384 type: OS::Nova::Server
386 image: {get_param: Image}
387 image_update_policy: {get_param: ImageUpdatePolicy}
388 flavor: {get_param: Flavor}
389 key_name: {get_param: KeyName}
392 user_data_format: SOFTWARE_CONFIG
395 type: OS::TripleO::Net::SoftwareConfig
398 type: OS::TripleO::SoftwareDeployment
400 signal_transport: NO_SIGNAL
401 config: {get_attr: [NetworkConfig, config_id]}
402 server: {get_resource: Controller}
405 interface_name: {get_param: NeutronPublicInterface}
407 ControllerDeployment:
408 type: OS::TripleO::SoftwareDeployment
410 signal_transport: NO_SIGNAL
411 config: {get_resource: ControllerConfig}
412 server: {get_resource: Controller}
414 bootstack_nodeid: {get_attr: [Controller, name]}
415 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
416 controller_virtual_ip: {get_param: VirtualIP}
417 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
418 heat.watch_server_url:
422 - {get_param: VirtualIP}
424 heat.metadata_server_url:
428 - {get_param: VirtualIP}
430 heat.waitcondition_server_url:
434 - {get_param: VirtualIP}
435 - ':8000/v1/waitcondition'
436 admin_password: {get_param: AdminPassword}
437 admin_token: {get_param: AdminToken}
438 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
439 debug: {get_param: Debug}
440 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
441 cinder_password: {get_param: CinderPassword}
442 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
446 - - 'mysql://cinder:unset@'
447 - {get_param: VirtualIP}
449 glance_port: {get_param: GlancePort}
450 glance_protocol: {get_param: GlanceProtocol}
451 glance_password: {get_param: GlancePassword}
452 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
453 glance_log_file: {get_param: GlanceLogFile}
457 - - 'mysql://glance:unset@'
458 - {get_param: VirtualIP}
460 heat_password: {get_param: HeatPassword}
461 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
465 - - 'mysql://heat:unset@'
466 - {get_param: VirtualIP}
468 keystone_ca_certificate: {get_param: KeystoneCACertificate}
469 keystone_signing_key: {get_param: KeystoneSigningKey}
470 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
471 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
472 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
476 - - 'mysql://keystone:unset@'
477 - {get_param: VirtualIP}
479 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
480 mysql_root_password: {get_param: MysqlRootPassword}
483 template: tripleo-CLUSTER
485 CLUSTER: {get_param: MysqlClusterUniquePart}
486 neutron_flat_networks: {get_param: NeutronFlatNetworks}
487 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
488 neutron_agent_mode: {get_param: NeutronAgentMode}
489 neutron_router_distributed: {get_param: NeutronDVR}
490 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
491 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
492 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
493 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
494 neutron_public_interface: {get_param: NeutronPublicInterface}
495 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
496 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
497 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
498 neutron_tenant_network_type: {get_param: NeutronNetworkType}
499 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
500 neutron_password: {get_param: NeutronPassword}
501 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
505 - - 'mysql://neutron:unset@'
506 - {get_param: VirtualIP}
507 - '/ovs_neutron?charset=utf8'
508 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
509 ceilometer_password: {get_param: CeilometerPassword}
513 - - 'mysql://ceilometer:unset@'
514 - {get_param: VirtualIP}
516 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
517 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
518 nova_password: {get_param: NovaPassword}
522 - - 'mysql://nova:unset@'
523 - {get_param: VirtualIP}
525 rabbit_username: {get_param: RabbitUserName}
526 rabbit_password: {get_param: RabbitPassword}
527 rabbit_cookie: {get_param: RabbitCookie}
528 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
529 rabbit_client_port: {get_param: RabbitClientPort}
532 template: '["server"]'
534 server: {get_param: NtpServer}
535 control_virtual_interface: {get_param: ControlVirtualInterface}
536 public_virtual_interface: {get_param: PublicVirtualInterface}
537 public_virtual_ip: {get_param: PublicVirtualIP}
538 swift_hash_suffix: {get_param: SwiftHashSuffix}
539 swift_password: {get_param: SwiftPassword}
540 swift_part_power: {get_param: SwiftPartPower}
541 swift_replicas: {get_param: SwiftReplicas}
542 swift_min_part_hours: {get_param: SwiftMinPartHours}
543 swift_mount_check: {get_param: SwiftMountCheck}
544 enable_package_install: {get_param: EnablePackageInstall}
546 # Map heat metadata into hiera datafiles
548 type: OS::Heat::StructuredConfig
550 group: os-apply-config
554 - heat_config_%{::deploy_config_name}
557 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
558 - rabbit # provided by allNodesConfig
559 - bootstrap_node # provided by BootstrapNodeConfig
563 raw_data: {get_file: hieradata/common.yaml}
565 raw_data: {get_file: hieradata/object.yaml}
567 raw_data: {get_file: hieradata/controller.yaml}
568 mapped_data: # data supplied directly to this deployment configuration, etc
569 debug: {get_input: debug}
570 bootstack_nodeid: {get_input: bootstack_nodeid}
571 controller_host: {get_input: controller_host} #local-ipv4
573 swift::proxy::proxy_local_net_ip: {get_input: controller_host}
574 swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip}
575 swift::storage::all::storage_local_net_ip: {get_input: controller_host}
576 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
577 swift::proxy::authtoken::admin_password: {get_input: swift_password}
578 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
579 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
580 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
581 swift_mount_check: {get_input: swift_mount_check}
583 # NOTE(dprince): build_ring support is currently not wired in.
584 # See: https://review.openstack.org/#/c/109225/
585 tripleo::ringbuilder::build_ring: True
587 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
588 cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper}
589 cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host}
590 cinder::database_connection: {get_input: cinder_dsn}
591 cinder::api::keystone_password: {get_input: cinder_password}
592 cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
593 cinder::api::bind_host: {get_input: controller_host}
594 cinder::rabbit_userid: {get_input: rabbit_username}
595 cinder::rabbit_password: {get_input: rabbit_password}
596 #cinder::debug: {get_input: debug}
598 glance::api::bind_port: {get_input: glance_port}
599 glance::api::bind_host: {get_input: controller_host}
600 glance::api::auth_host: {get_input: controller_virtual_ip}
601 glance::api::registry_host: {get_input: controller_host}
602 glance::api::keystone_password: {get_input: glance_password}
603 # used to construct glance_api_servers
604 glance_port: {get_input: glance_port}
605 glance_protocol: {get_input: glance_protocol}
606 glance_notifier_strategy: {get_input: glance_notifier_strategy}
607 glance_log_file: {get_input: glance_log_file}
608 glance_log_file: {get_input: glance_log_file}
609 glance::api::database_connection: {get_input: glance_dsn}
610 glance::registry::keystone_password: {get_input: glance_password}
611 glance::registry::database_connection: {get_input: glance_dsn}
612 glance::registry::bind_host: {get_input: controller_host}
613 glance::registry::auth_host: {get_input: controller_virtual_ip}
614 glance::backend::swift::swift_store_user: service:glance
615 glance::backend::swift::swift_store_key: {get_input: glance_password}
617 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
618 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
619 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
620 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
621 heat::engine::auth_encryption_key: unset___________
622 heat::rabbit_userid: {get_input: rabbit_username}
623 heat::rabbit_password: {get_input: rabbit_password}
624 heat::rabbit_host: {get_input: controller_virtual_ip}
625 heat::keystone_host: {get_input: controller_virtual_ip}
626 heat::keystone_password: {get_input: heat_password}
627 heat::api::bind_host: {get_input: controller_host}
628 heat::api_cloudwatch::bind_host: {get_input: controller_host}
629 heat::api_cfn::bind_host: {get_input: controller_host}
630 heat::database_connection: {get_input: heat_dsn}
633 keystone::admin_token: {get_input: admin_token}
634 keystone_ca_certificate: {get_input: keystone_ca_certificate}
635 keystone_signing_key: {get_input: keystone_signing_key}
636 keystone_signing_certificate: {get_input: keystone_signing_certificate}
637 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
638 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
639 keystone::database_connection: {get_input: keystone_dsn}
640 keystone::public_bind_host: {get_input: controller_host}
641 keystone::admin_bind_host: {get_input: controller_host}
642 #keystone::debug: {get_input: debug}
644 admin_password: {get_input: admin_password}
645 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
646 mysql_root_password: {get_input: mysql_root_password}
647 mysql_cluster_name: {get_input: mysql_cluster_name}
649 neutron::bind_host: {get_input: controller_host}
650 neutron::rabbit_password: {get_input: rabbit_password}
651 neutron::rabbit_user: {get_input: rabbit_user}
652 #neutron::debug: {get_input: debug}
653 neutron::server::auth_host: {get_input: controller_virtual_ip}
654 neutron::server::database_connection: {get_input: neutron_dsn}
655 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
656 neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
657 neutron_flat_networks: {get_input: neutron_flat_networks}
658 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
659 neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip}
660 neutron_agent_mode: {get_input: neutron_agent_mode}
661 neutron_router_distributed: {get_input: neutron_router_distributed}
662 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
663 neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
664 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
665 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
666 neutron_public_interface: {get_input: neutron_public_interface}
667 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
668 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
669 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
670 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
671 neutron_tunnel_types: {get_input: neutron_tunnel_types}
672 neutron::server::auth_password: {get_input: neutron_password}
673 neutron::agents::metadata::auth_password: {get_input: neutron_password}
674 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
675 neutron_dsn: {get_input: neutron_dsn}
677 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
678 ceilometer::rabbit_userid: {get_input: rabbit_username}
679 ceilometer::rabbit_password: {get_input: rabbit_password}
680 ceilometer::rabbit_host: {get_input: controller_virtual_ip}
681 ceilometer::api::host: {get_input: controller_host}
682 ceilometer::api::keystone_password: {get_input: ceilometer_password}
683 ceilometer::api::keystone_host: {get_input: controller_virtual_ip}
684 ceilometer::db::database_connection: {get_input: ceilometer_dsn}
685 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
686 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
687 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
689 nova::rabbit_userid: {get_input: rabbit_username}
690 nova::rabbit_password: {get_input: rabbit_password}
691 nova::api::auth_host: {get_input: controller_virtual_ip}
692 nova::api::api_bind_address: {get_input: controller_host}
693 nova::api::metadata_listen: {get_input: controller_host}
694 nova::api::admin_password: {get_input: nova_password}
695 nova::database_connection: {get_input: nova_dsn}
696 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
698 rabbit_username: {get_input: rabbit_username}
699 rabbit_password: {get_input: rabbit_password}
700 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
701 rabbit_client_port: {get_input: rabbit_client_port}
702 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
704 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
705 ntp::servers: {get_input: ntp_servers}
706 control_virtual_interface: {get_input: control_virtual_interface}
707 controller_virtual_ip: {get_input: controller_virtual_ip}
708 public_virtual_interface: {get_input: public_virtual_interface}
709 public_virtual_ip: {get_input: public_virtual_ip}
710 enable_package_install: {get_input: enable_package_install}
714 description: IP address of the server in the ctlplane network
715 value: {get_attr: [Controller, networks, ctlplane, 0]}
717 description: Hostname of the server
718 value: {get_attr: [Controller, name]}
721 Node object in the format {ip: ..., name: ...} format that the corosync
724 ip: {get_attr: [Controller, networks, ctlplane, 0]}
725 name: {get_attr: [Controller, name]}
728 Server's IP address and hostname in the /etc/hosts format
731 template: IP HOST HOST.novalocal CLOUDNAME
733 IP: {get_attr: [Controller, networks, ctlplane, 0]}
734 HOST: {get_attr: [Controller, name]}
735 CLOUDNAME: {get_param: CloudName}
736 nova_server_resource:
737 description: Heat resource handle for the Nova compute server
739 {get_resource: Controller}
741 description: Swift device formatted for swift-ring-builder
744 template: 'r1z1-IP:%PORT%/d1'
746 IP: {get_attr: [Controller, networks, ctlplane, 0]}
747 swift_proxy_memcache:
748 description: Swift proxy-memcache value
753 IP: {get_attr: [Controller, networks, ctlplane, 0]}