1 heat_template_version: 2014-10-16
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
134 default: overcloud-control
136 - custom_constraint: glance.image
138 default: 'REBUILD_PRESERVE_EPHEMERAL'
139 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
143 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
146 - custom_constraint: nova.keypair
147 KeystoneCACertificate:
149 description: Keystone self-signed certificate authority certificate.
151 KeystoneSigningCertificate:
153 description: Keystone certificate for verifying token validity.
157 description: Keystone key for signing tokens.
160 KeystoneSSLCertificate:
162 description: Keystone certificate for verifying token validity.
164 KeystoneSSLCertificateKey:
166 description: Keystone key for signing tokens.
169 MysqlClusterUniquePart:
170 description: A unique identifier of the MySQL cluster the controller is in.
172 default: 'unset' # Has to be here because of the ignored empty value bug
173 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
175 # - length: {min: 4, max: 10}
176 MysqlInnodbBufferPoolSize:
178 Specifies the size of the buffer pool in megabytes. Setting to
179 zero should be interpreted as "no value" and will defer to the
186 default: '' # Has to be here because of the ignored empty value bug
187 NeutronBridgeMappings:
189 The OVS logical->physical bridge mappings to use. See the Neutron
190 documentation for details. Defaults to mapping br-ex - the external
191 bridge on hosts - to a physical name 'datacentre' which can be used
192 to create provider networks (and we use this for the default floating
193 network) - if changing this either use different post-install network
194 scripts or be sure to keep 'datacentre' as a mapping network name.
197 NeutronDnsmasqOptions:
198 default: 'dhcp-option-force=26,1400'
199 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
203 description: Agent mode for the neutron-l3-agent on the controller hosts
205 NeutronL3HA: #FIXME this isn't wired in
207 description: Whether to enable l3-agent HA
211 description: Whether to configure Neutron Distributed Virtual Routers
213 NeutronMetadataProxySharedSecret:
215 description: Shared secret to prevent spoofing
217 NeutronMechanismDrivers:
218 default: 'openvswitch'
220 The mechanism drivers for the Neutron tenant network. To specify multiple
221 values, use a comma separated string, like so: 'openvswitch,l2_population'
223 NeutronAllowL3AgentFailover:
225 description: Allow automatic l3-agent failover
227 NeutronEnableTunnelling:
233 description: If set, flat networks to configure in neutron plugins.
236 description: The tenant network type for Neutron, either gre or vxlan.
238 NeutronNetworkVLANRanges:
239 default: 'datacentre'
241 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
242 Neutron documentation for permitted values. Defaults to permitting any
243 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
247 description: The password for the neutron service account, used by neutron agents.
250 NeutronPublicInterface:
252 description: What interface to bridge onto br-ex for network nodes.
254 NeutronPublicInterfaceTag:
257 VLAN tag for creating a public VLAN. The tag will be used to
258 create an access port on the exterior bridge for each control plane node,
259 and that port will be given the IP address returned by neutron from the
260 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
261 overcloud.yaml to include the deployment of VLAN ports to the control
264 NeutronPublicInterfaceDefaultRoute:
266 description: A custom default route for the NeutronPublicInterface.
268 NeutronPublicInterfaceIP:
270 description: A custom IP address to put onto the NeutronPublicInterface.
272 NeutronPublicInterfaceRawDevice:
274 description: If set, the public interface is a vlan with this device as the raw device.
279 The tunnel types for the Neutron tenant network. To specify multiple
280 values, use a comma separated string, like so: 'gre,vxlan'
284 description: The password for the nova service account, used by nova-api.
290 PublicVirtualInterface:
293 Specifies the interface where the public-facing virtual ip will be assigned.
294 This should be int_public when a VLAN is being used.
298 default: '' # Has to be here because of the ignored empty value bug
301 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
322 SnmpdReadonlyUserName:
323 default: ro_snmp_user
324 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
326 SnmpdReadonlyUserPassword:
328 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
333 description: If set, the contents of an SSL certificate authority file.
337 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
342 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
347 description: A random string to be used as a salt when hashing to determine mappings
353 description: Value of mount_check in Swift account/container/object -server.conf
358 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
361 description: Partition Power to use when building Swift rings
365 description: The password for the swift service account, used by the swift proxy
372 description: How many replicas to use in the swift rings.
375 default: '' # Has to be here because of the ignored empty value bug
376 EnablePackageInstall:
378 description: Set to true to enable package installation via Puppet
384 type: OS::Nova::Server
386 image: {get_param: Image}
387 image_update_policy: {get_param: ImageUpdatePolicy}
388 flavor: {get_param: Flavor}
389 key_name: {get_param: KeyName}
392 user_data_format: SOFTWARE_CONFIG
395 type: OS::TripleO::Net::SoftwareConfig
398 type: OS::TripleO::SoftwareDeployment
400 signal_transport: NO_SIGNAL
401 config: {get_attr: [NetworkConfig, config_id]}
402 server: {get_resource: Controller}
405 interface_name: {get_param: NeutronPublicInterface}
407 ControllerDeployment:
408 type: OS::TripleO::SoftwareDeployment
410 signal_transport: NO_SIGNAL
411 config: {get_resource: ControllerConfig}
412 server: {get_resource: Controller}
414 bootstack_nodeid: {get_attr: [Controller, name]}
415 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
416 controller_virtual_ip: {get_param: VirtualIP}
417 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
418 heat.watch_server_url:
422 - {get_param: VirtualIP}
424 heat.metadata_server_url:
428 - {get_param: VirtualIP}
430 heat.waitcondition_server_url:
434 - {get_param: VirtualIP}
435 - ':8000/v1/waitcondition'
436 admin_password: {get_param: AdminPassword}
437 admin_token: {get_param: AdminToken}
438 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
439 debug: {get_param: Debug}
440 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
441 cinder_password: {get_param: CinderPassword}
442 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
446 - - 'mysql://cinder:unset@'
447 - {get_param: VirtualIP}
449 glance_port: {get_param: GlancePort}
450 glance_protocol: {get_param: GlanceProtocol}
451 glance_password: {get_param: GlancePassword}
452 glance_swift_store_auth_address: {list_join: ['', ['http://', {get_param: VirtualIP} , ':5000/v2.0']]}
453 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
454 glance_log_file: {get_param: GlanceLogFile}
458 - - 'mysql://glance:unset@'
459 - {get_param: VirtualIP}
461 heat_password: {get_param: HeatPassword}
462 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
466 - - 'mysql://heat:unset@'
467 - {get_param: VirtualIP}
469 keystone_ca_certificate: {get_param: KeystoneCACertificate}
470 keystone_signing_key: {get_param: KeystoneSigningKey}
471 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
472 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
473 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
477 - - 'mysql://keystone:unset@'
478 - {get_param: VirtualIP}
480 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
481 mysql_root_password: {get_param: MysqlRootPassword}
484 template: tripleo-CLUSTER
486 CLUSTER: {get_param: MysqlClusterUniquePart}
487 neutron_flat_networks: {get_param: NeutronFlatNetworks}
488 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
489 neutron_agent_mode: {get_param: NeutronAgentMode}
490 neutron_router_distributed: {get_param: NeutronDVR}
491 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
492 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
493 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
494 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
495 neutron_public_interface: {get_param: NeutronPublicInterface}
496 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
497 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
498 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
499 neutron_tenant_network_type: {get_param: NeutronNetworkType}
500 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
501 neutron_password: {get_param: NeutronPassword}
502 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
506 - - 'mysql://neutron:unset@'
507 - {get_param: VirtualIP}
508 - '/ovs_neutron?charset=utf8'
513 - {get_param: VirtualIP}
515 neutron_admin_auth_url:
519 - {get_param: VirtualIP}
521 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
522 ceilometer_password: {get_param: CeilometerPassword}
526 - - 'mysql://ceilometer:unset@'
527 - {get_param: VirtualIP}
529 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
530 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
531 nova_password: {get_param: NovaPassword}
535 - - 'mysql://nova:unset@'
536 - {get_param: VirtualIP}
538 rabbit_username: {get_param: RabbitUserName}
539 rabbit_password: {get_param: RabbitPassword}
540 rabbit_cookie: {get_param: RabbitCookie}
541 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
542 rabbit_client_port: {get_param: RabbitClientPort}
545 template: '["server"]'
547 server: {get_param: NtpServer}
548 control_virtual_interface: {get_param: ControlVirtualInterface}
549 public_virtual_interface: {get_param: PublicVirtualInterface}
550 public_virtual_ip: {get_param: PublicVirtualIP}
551 swift_hash_suffix: {get_param: SwiftHashSuffix}
552 swift_password: {get_param: SwiftPassword}
553 swift_part_power: {get_param: SwiftPartPower}
554 swift_replicas: {get_param: SwiftReplicas}
555 swift_min_part_hours: {get_param: SwiftMinPartHours}
556 swift_mount_check: {get_param: SwiftMountCheck}
557 enable_package_install: {get_param: EnablePackageInstall}
559 # Map heat metadata into hiera datafiles
561 type: OS::Heat::StructuredConfig
563 group: os-apply-config
567 - heat_config_%{::deploy_config_name}
570 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
571 - rabbit # provided by allNodesConfig
572 - ceph_cluster # provided by CephClusterConfig
574 - bootstrap_node # provided by BootstrapNodeConfig
578 raw_data: {get_file: hieradata/common.yaml}
580 raw_data: {get_file: hieradata/ceph.yaml}
582 raw_data: {get_file: hieradata/object.yaml}
584 raw_data: {get_file: hieradata/controller.yaml}
585 mapped_data: # data supplied directly to this deployment configuration, etc
586 debug: {get_input: debug}
587 bootstack_nodeid: {get_input: bootstack_nodeid}
588 controller_host: {get_input: controller_host} #local-ipv4
590 swift::proxy::proxy_local_net_ip: {get_input: controller_host}
591 swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip}
592 swift::storage::all::storage_local_net_ip: {get_input: controller_host}
593 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
594 swift::proxy::authtoken::admin_password: {get_input: swift_password}
595 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
596 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
597 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
598 swift_mount_check: {get_input: swift_mount_check}
600 # NOTE(dprince): build_ring support is currently not wired in.
601 # See: https://review.openstack.org/#/c/109225/
602 tripleo::ringbuilder::build_ring: True
604 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
605 cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper}
606 cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host}
607 cinder::database_connection: {get_input: cinder_dsn}
608 cinder::api::keystone_password: {get_input: cinder_password}
609 cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
610 cinder::api::bind_host: {get_input: controller_host}
611 cinder::rabbit_userid: {get_input: rabbit_username}
612 cinder::rabbit_password: {get_input: rabbit_password}
613 #cinder::debug: {get_input: debug}
615 glance::api::bind_port: {get_input: glance_port}
616 glance::api::bind_host: {get_input: controller_host}
617 glance::api::auth_host: {get_input: controller_virtual_ip}
618 glance::api::registry_host: {get_input: controller_host}
619 glance::api::keystone_password: {get_input: glance_password}
620 # used to construct glance_api_servers
621 glance_port: {get_input: glance_port}
622 glance_protocol: {get_input: glance_protocol}
623 glance_notifier_strategy: {get_input: glance_notifier_strategy}
624 glance_log_file: {get_input: glance_log_file}
625 glance_log_file: {get_input: glance_log_file}
626 glance::api::database_connection: {get_input: glance_dsn}
627 glance::registry::keystone_password: {get_input: glance_password}
628 glance::registry::database_connection: {get_input: glance_dsn}
629 glance::registry::bind_host: {get_input: controller_host}
630 glance::registry::auth_host: {get_input: controller_virtual_ip}
631 glance::backend::swift::swift_store_auth_address: {get_input: glance_swift_store_auth_address}
632 glance::backend::swift::swift_store_user: service:glance
633 glance::backend::swift::swift_store_key: {get_input: glance_password}
635 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
636 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
637 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
638 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
639 heat::engine::auth_encryption_key: unset___________
640 heat::rabbit_userid: {get_input: rabbit_username}
641 heat::rabbit_password: {get_input: rabbit_password}
642 heat::rabbit_host: {get_input: controller_virtual_ip}
643 heat::keystone_host: {get_input: controller_virtual_ip}
644 heat::keystone_password: {get_input: heat_password}
645 heat::api::bind_host: {get_input: controller_host}
646 heat::api_cloudwatch::bind_host: {get_input: controller_host}
647 heat::api_cfn::bind_host: {get_input: controller_host}
648 heat::database_connection: {get_input: heat_dsn}
649 heat::instance_user: heat-admin
652 keystone::admin_token: {get_input: admin_token}
653 keystone_ca_certificate: {get_input: keystone_ca_certificate}
654 keystone_signing_key: {get_input: keystone_signing_key}
655 keystone_signing_certificate: {get_input: keystone_signing_certificate}
656 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
657 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
658 keystone::database_connection: {get_input: keystone_dsn}
659 keystone::public_bind_host: {get_input: controller_host}
660 keystone::admin_bind_host: {get_input: controller_host}
661 #keystone::debug: {get_input: debug}
663 admin_password: {get_input: admin_password}
664 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
665 mysql_root_password: {get_input: mysql_root_password}
666 mysql_cluster_name: {get_input: mysql_cluster_name}
668 neutron::bind_host: {get_input: controller_host}
669 neutron::rabbit_password: {get_input: rabbit_password}
670 neutron::rabbit_user: {get_input: rabbit_user}
671 #neutron::debug: {get_input: debug}
672 neutron::server::auth_host: {get_input: controller_virtual_ip}
673 neutron::server::database_connection: {get_input: neutron_dsn}
674 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
675 neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
676 neutron_flat_networks: {get_input: neutron_flat_networks}
677 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
678 neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip}
679 neutron_agent_mode: {get_input: neutron_agent_mode}
680 neutron_router_distributed: {get_input: neutron_router_distributed}
681 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
682 neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
683 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
684 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
685 neutron_public_interface: {get_input: neutron_public_interface}
686 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
687 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
688 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
689 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
690 neutron_tunnel_types: {get_input: neutron_tunnel_types}
691 neutron::server::auth_password: {get_input: neutron_password}
692 neutron::agents::metadata::auth_password: {get_input: neutron_password}
693 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
694 neutron_dsn: {get_input: neutron_dsn}
696 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
697 ceilometer::rabbit_userid: {get_input: rabbit_username}
698 ceilometer::rabbit_password: {get_input: rabbit_password}
699 ceilometer::rabbit_host: {get_input: controller_virtual_ip}
700 ceilometer::api::host: {get_input: controller_host}
701 ceilometer::api::keystone_password: {get_input: ceilometer_password}
702 ceilometer::api::keystone_host: {get_input: controller_virtual_ip}
703 ceilometer::db::database_connection: {get_input: ceilometer_dsn}
704 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
705 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
706 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
708 nova::rabbit_userid: {get_input: rabbit_username}
709 nova::rabbit_password: {get_input: rabbit_password}
710 nova::api::auth_host: {get_input: controller_virtual_ip}
711 nova::api::api_bind_address: {get_input: controller_host}
712 nova::api::metadata_listen: {get_input: controller_host}
713 nova::api::admin_password: {get_input: nova_password}
714 nova::database_connection: {get_input: nova_dsn}
715 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
716 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
717 nova::network::neutron::neutron_url: {get_input: neutron_url}
718 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
721 rabbit_username: {get_input: rabbit_username}
722 rabbit_password: {get_input: rabbit_password}
723 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
724 rabbit_client_port: {get_input: rabbit_client_port}
725 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
727 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
728 ntp::servers: {get_input: ntp_servers}
729 control_virtual_interface: {get_input: control_virtual_interface}
730 controller_virtual_ip: {get_input: controller_virtual_ip}
731 public_virtual_interface: {get_input: public_virtual_interface}
732 public_virtual_ip: {get_input: public_virtual_ip}
733 enable_package_install: {get_input: enable_package_install}
737 description: IP address of the server in the ctlplane network
738 value: {get_attr: [Controller, networks, ctlplane, 0]}
740 description: Hostname of the server
741 value: {get_attr: [Controller, name]}
744 Node object in the format {ip: ..., name: ...} format that the corosync
747 ip: {get_attr: [Controller, networks, ctlplane, 0]}
748 name: {get_attr: [Controller, name]}
751 Server's IP address and hostname in the /etc/hosts format
754 template: IP HOST HOST.novalocal CLOUDNAME
756 IP: {get_attr: [Controller, networks, ctlplane, 0]}
757 HOST: {get_attr: [Controller, name]}
758 CLOUDNAME: {get_param: CloudName}
759 nova_server_resource:
760 description: Heat resource handle for the Nova compute server
762 {get_resource: Controller}
764 description: Swift device formatted for swift-ring-builder
767 template: 'r1z1-IP:%PORT%/d1'
769 IP: {get_attr: [Controller, networks, ctlplane, 0]}
770 swift_proxy_memcache:
771 description: Swift proxy-memcache value
776 IP: {get_attr: [Controller, networks, ctlplane, 0]}