1 heat_template_version: 2014-10-16
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret.
17 CeilometerMeteringSecret:
19 description: Secret shared by the ceilometer services.
24 description: The password for the ceilometer service account.
29 description: The iSCSI helper to use with cinder.
31 CinderLVMLoopDeviceSize:
33 description: The size of the loopback file used by the cinder LVM driver.
37 description: The password for the cinder service account, used by cinder-api.
42 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
44 ControllerExtraConfig:
47 Controller specific configuration to inject into the cluster. Same
48 structure as ExtraConfig.
50 ControlVirtualInterface:
52 description: Interface where virtual ip will be assigned.
56 description: Set to True to enable debugging on all services.
61 Additional configuration to inject into the cluster. The JSON should have
62 the following structure:
65 [{"section": "SECTIONNAME",
67 [{"option": "OPTIONNAME",
78 [{"section": "default",
80 [{"option": "compute_manager",
81 "value": "ironic.nova.compute.manager.ClusterComputeManager"
88 "value": "nova.cells.rpc_driver.CellsRPCDriver"
97 description: Flavor for control nodes to request when deploying.
100 - custom_constraint: nova.flavor
101 GlanceNotifierStrategy:
102 description: Strategy to use for Glance notification queue
106 description: The filepath of the file to use for logging messages from Glance.
111 description: The password for the glance service account, used by the glance services.
116 description: Glance port.
120 description: Protocol to use when connecting to glance, set to https for SSL.
124 description: The password for the Heat service account, used by the Heat services.
127 HeatStackDomainAdminPassword:
128 description: Password for heat_domain_admin user.
132 HeatAuthEncryptionKey:
133 description: Auth encryption key for heat-engine
137 default: overcloud-control
139 - custom_constraint: glance.image
141 default: 'REBUILD_PRESERVE_EPHEMERAL'
142 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
146 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
149 - custom_constraint: nova.keypair
150 KeystoneCACertificate:
152 description: Keystone self-signed certificate authority certificate.
154 KeystoneSigningCertificate:
156 description: Keystone certificate for verifying token validity.
160 description: Keystone key for signing tokens.
163 KeystoneSSLCertificate:
165 description: Keystone certificate for verifying token validity.
167 KeystoneSSLCertificateKey:
169 description: Keystone key for signing tokens.
172 MysqlClusterUniquePart:
173 description: A unique identifier of the MySQL cluster the controller is in.
175 default: 'unset' # Has to be here because of the ignored empty value bug
176 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
178 # - length: {min: 4, max: 10}
179 MysqlInnodbBufferPoolSize:
181 Specifies the size of the buffer pool in megabytes. Setting to
182 zero should be interpreted as "no value" and will defer to the
189 default: '' # Has to be here because of the ignored empty value bug
190 NeutronBridgeMappings:
192 The OVS logical->physical bridge mappings to use. See the Neutron
193 documentation for details. Defaults to mapping br-ex - the external
194 bridge on hosts - to a physical name 'datacentre' which can be used
195 to create provider networks (and we use this for the default floating
196 network) - if changing this either use different post-install network
197 scripts or be sure to keep 'datacentre' as a mapping network name.
200 NeutronDnsmasqOptions:
201 default: 'dhcp-option-force=26,1400'
202 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
206 description: Agent mode for the neutron-l3-agent on the controller hosts
208 NeutronL3HA: #FIXME this isn't wired in
210 description: Whether to enable l3-agent HA
214 description: Whether to configure Neutron Distributed Virtual Routers
216 NeutronMetadataProxySharedSecret:
218 description: Shared secret to prevent spoofing
220 NeutronMechanismDrivers:
221 default: 'openvswitch'
223 The mechanism drivers for the Neutron tenant network. To specify multiple
224 values, use a comma separated string, like so: 'openvswitch,l2_population'
226 NeutronAllowL3AgentFailover:
228 description: Allow automatic l3-agent failover
230 NeutronEnableTunnelling:
236 description: If set, flat networks to configure in neutron plugins.
239 description: The tenant network type for Neutron, either gre or vxlan.
241 NeutronNetworkVLANRanges:
242 default: 'datacentre'
244 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
245 Neutron documentation for permitted values. Defaults to permitting any
246 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
250 description: The password for the neutron service account, used by neutron agents.
253 NeutronPublicInterface:
255 description: What interface to bridge onto br-ex for network nodes.
257 NeutronPublicInterfaceTag:
260 VLAN tag for creating a public VLAN. The tag will be used to
261 create an access port on the exterior bridge for each control plane node,
262 and that port will be given the IP address returned by neutron from the
263 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
264 overcloud.yaml to include the deployment of VLAN ports to the control
267 NeutronPublicInterfaceDefaultRoute:
269 description: A custom default route for the NeutronPublicInterface.
271 NeutronPublicInterfaceIP:
273 description: A custom IP address to put onto the NeutronPublicInterface.
275 NeutronPublicInterfaceRawDevice:
277 description: If set, the public interface is a vlan with this device as the raw device.
282 The tunnel types for the Neutron tenant network. To specify multiple
283 values, use a comma separated string, like so: 'gre,vxlan'
287 description: The password for the nova service account, used by nova-api.
293 PublicVirtualInterface:
296 Specifies the interface where the public-facing virtual ip will be assigned.
297 This should be int_public when a VLAN is being used.
301 default: '' # Has to be here because of the ignored empty value bug
304 default: '' # Has to be here because of the ignored empty value bug
308 description: The password for RabbitMQ
313 description: The username for RabbitMQ
318 Rabbit client subscriber parameter to specify
319 an SSL connection to the RabbitMQ host.
323 description: Set rabbit subscriber port, change this if using SSL
325 SnmpdReadonlyUserName:
326 default: ro_snmp_user
327 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
329 SnmpdReadonlyUserPassword:
331 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
336 description: If set, the contents of an SSL certificate authority file.
340 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
345 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
350 description: A random string to be used as a salt when hashing to determine mappings
356 description: Value of mount_check in Swift account/container/object -server.conf
361 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
364 description: Partition Power to use when building Swift rings
368 description: The password for the swift service account, used by the swift proxy
375 description: How many replicas to use in the swift rings.
378 default: '' # Has to be here because of the ignored empty value bug
379 EnablePackageInstall:
381 description: Set to true to enable package installation via Puppet
387 type: OS::Nova::Server
389 image: {get_param: Image}
390 image_update_policy: {get_param: ImageUpdatePolicy}
391 flavor: {get_param: Flavor}
392 key_name: {get_param: KeyName}
395 user_data_format: SOFTWARE_CONFIG
398 type: OS::TripleO::Net::SoftwareConfig
401 type: OS::TripleO::SoftwareDeployment
403 signal_transport: NO_SIGNAL
404 config: {get_attr: [NetworkConfig, config_id]}
405 server: {get_resource: Controller}
408 interface_name: {get_param: NeutronPublicInterface}
410 ControllerDeployment:
411 type: OS::TripleO::SoftwareDeployment
413 signal_transport: NO_SIGNAL
414 config: {get_resource: ControllerConfig}
415 server: {get_resource: Controller}
417 bootstack_nodeid: {get_attr: [Controller, name]}
418 controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
419 controller_virtual_ip: {get_param: VirtualIP}
420 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
421 heat.watch_server_url:
425 - {get_param: VirtualIP}
427 heat.metadata_server_url:
431 - {get_param: VirtualIP}
433 heat.waitcondition_server_url:
437 - {get_param: VirtualIP}
438 - ':8000/v1/waitcondition'
439 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
440 admin_password: {get_param: AdminPassword}
441 admin_token: {get_param: AdminToken}
442 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
443 debug: {get_param: Debug}
444 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
445 cinder_password: {get_param: CinderPassword}
446 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
450 - - 'mysql://cinder:unset@'
451 - {get_param: VirtualIP}
453 glance_port: {get_param: GlancePort}
454 glance_protocol: {get_param: GlanceProtocol}
455 glance_password: {get_param: GlancePassword}
456 glance_swift_store_auth_address: {list_join: ['', ['http://', {get_param: VirtualIP} , ':5000/v2.0']]}
457 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
458 glance_log_file: {get_param: GlanceLogFile}
462 - - 'mysql://glance:unset@'
463 - {get_param: VirtualIP}
465 heat_password: {get_param: HeatPassword}
466 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
470 - - 'mysql://heat:unset@'
471 - {get_param: VirtualIP}
473 keystone_ca_certificate: {get_param: KeystoneCACertificate}
474 keystone_signing_key: {get_param: KeystoneSigningKey}
475 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
476 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
477 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
481 - - 'mysql://keystone:unset@'
482 - {get_param: VirtualIP}
484 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
485 mysql_root_password: {get_param: MysqlRootPassword}
488 template: tripleo-CLUSTER
490 CLUSTER: {get_param: MysqlClusterUniquePart}
491 neutron_flat_networks: {get_param: NeutronFlatNetworks}
492 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
493 neutron_agent_mode: {get_param: NeutronAgentMode}
494 neutron_router_distributed: {get_param: NeutronDVR}
495 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
496 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
497 neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
498 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
499 neutron_public_interface: {get_param: NeutronPublicInterface}
500 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
501 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
502 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
503 neutron_tenant_network_type: {get_param: NeutronNetworkType}
504 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
505 neutron_password: {get_param: NeutronPassword}
506 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
510 - - 'mysql://neutron:unset@'
511 - {get_param: VirtualIP}
512 - '/ovs_neutron?charset=utf8'
517 - {get_param: VirtualIP}
519 neutron_admin_auth_url:
523 - {get_param: VirtualIP}
525 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
526 ceilometer_password: {get_param: CeilometerPassword}
530 - - 'mysql://ceilometer:unset@'
531 - {get_param: VirtualIP}
533 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
534 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
535 nova_password: {get_param: NovaPassword}
539 - - 'mysql://nova:unset@'
540 - {get_param: VirtualIP}
542 rabbit_username: {get_param: RabbitUserName}
543 rabbit_password: {get_param: RabbitPassword}
544 rabbit_cookie: {get_param: RabbitCookie}
545 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
546 rabbit_client_port: {get_param: RabbitClientPort}
549 template: '["server"]'
551 server: {get_param: NtpServer}
552 control_virtual_interface: {get_param: ControlVirtualInterface}
553 public_virtual_interface: {get_param: PublicVirtualInterface}
554 public_virtual_ip: {get_param: PublicVirtualIP}
555 swift_hash_suffix: {get_param: SwiftHashSuffix}
556 swift_password: {get_param: SwiftPassword}
557 swift_part_power: {get_param: SwiftPartPower}
558 swift_replicas: {get_param: SwiftReplicas}
559 swift_min_part_hours: {get_param: SwiftMinPartHours}
560 swift_mount_check: {get_param: SwiftMountCheck}
561 enable_package_install: {get_param: EnablePackageInstall}
563 # Map heat metadata into hiera datafiles
565 type: OS::Heat::StructuredConfig
567 group: os-apply-config
571 - heat_config_%{::deploy_config_name}
574 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
575 - rabbit # provided by allNodesConfig
576 - ceph_cluster # provided by CephClusterConfig
578 - bootstrap_node # provided by BootstrapNodeConfig
582 raw_data: {get_file: hieradata/common.yaml}
584 raw_data: {get_file: hieradata/ceph.yaml}
586 raw_data: {get_file: hieradata/object.yaml}
588 raw_data: {get_file: hieradata/controller.yaml}
589 mapped_data: # data supplied directly to this deployment configuration, etc
590 debug: {get_input: debug}
591 bootstack_nodeid: {get_input: bootstack_nodeid}
592 controller_host: {get_input: controller_host} #local-ipv4
594 swift::proxy::proxy_local_net_ip: {get_input: controller_host}
595 swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip}
596 swift::storage::all::storage_local_net_ip: {get_input: controller_host}
597 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
598 swift::proxy::authtoken::admin_password: {get_input: swift_password}
599 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
600 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
601 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
602 swift_mount_check: {get_input: swift_mount_check}
604 # NOTE(dprince): build_ring support is currently not wired in.
605 # See: https://review.openstack.org/#/c/109225/
606 tripleo::ringbuilder::build_ring: True
608 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
609 cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper}
610 cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host}
611 cinder::database_connection: {get_input: cinder_dsn}
612 cinder::api::keystone_password: {get_input: cinder_password}
613 cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
614 cinder::api::bind_host: {get_input: controller_host}
615 cinder::rabbit_userid: {get_input: rabbit_username}
616 cinder::rabbit_password: {get_input: rabbit_password}
617 #cinder::debug: {get_input: debug}
619 glance::api::bind_port: {get_input: glance_port}
620 glance::api::bind_host: {get_input: controller_host}
621 glance::api::auth_host: {get_input: controller_virtual_ip}
622 glance::api::registry_host: {get_input: controller_host}
623 glance::api::keystone_password: {get_input: glance_password}
624 # used to construct glance_api_servers
625 glance_port: {get_input: glance_port}
626 glance_protocol: {get_input: glance_protocol}
627 glance_notifier_strategy: {get_input: glance_notifier_strategy}
628 glance_log_file: {get_input: glance_log_file}
629 glance_log_file: {get_input: glance_log_file}
630 glance::api::database_connection: {get_input: glance_dsn}
631 glance::registry::keystone_password: {get_input: glance_password}
632 glance::registry::database_connection: {get_input: glance_dsn}
633 glance::registry::bind_host: {get_input: controller_host}
634 glance::registry::auth_host: {get_input: controller_virtual_ip}
635 glance::backend::swift::swift_store_auth_address: {get_input: glance_swift_store_auth_address}
636 glance::backend::swift::swift_store_user: service:glance
637 glance::backend::swift::swift_store_key: {get_input: glance_password}
639 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
640 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
641 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
642 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
643 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
644 heat::rabbit_userid: {get_input: rabbit_username}
645 heat::rabbit_password: {get_input: rabbit_password}
646 heat::rabbit_host: {get_input: controller_virtual_ip}
647 heat::keystone_host: {get_input: controller_virtual_ip}
648 heat::keystone_password: {get_input: heat_password}
649 heat::api::bind_host: {get_input: controller_host}
650 heat::api_cloudwatch::bind_host: {get_input: controller_host}
651 heat::api_cfn::bind_host: {get_input: controller_host}
652 heat::database_connection: {get_input: heat_dsn}
653 heat::instance_user: heat-admin
656 keystone::admin_token: {get_input: admin_token}
657 keystone_ca_certificate: {get_input: keystone_ca_certificate}
658 keystone_signing_key: {get_input: keystone_signing_key}
659 keystone_signing_certificate: {get_input: keystone_signing_certificate}
660 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
661 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
662 keystone::database_connection: {get_input: keystone_dsn}
663 keystone::public_bind_host: {get_input: controller_host}
664 keystone::admin_bind_host: {get_input: controller_host}
665 #keystone::debug: {get_input: debug}
667 admin_password: {get_input: admin_password}
668 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
669 mysql_root_password: {get_input: mysql_root_password}
670 mysql_cluster_name: {get_input: mysql_cluster_name}
672 neutron::bind_host: {get_input: controller_host}
673 neutron::rabbit_password: {get_input: rabbit_password}
674 neutron::rabbit_user: {get_input: rabbit_user}
675 #neutron::debug: {get_input: debug}
676 neutron::server::auth_host: {get_input: controller_virtual_ip}
677 neutron::server::database_connection: {get_input: neutron_dsn}
678 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
679 neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
680 neutron_flat_networks: {get_input: neutron_flat_networks}
681 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
682 neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip}
683 neutron_agent_mode: {get_input: neutron_agent_mode}
684 neutron_router_distributed: {get_input: neutron_router_distributed}
685 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
686 neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
687 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
688 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
689 neutron_public_interface: {get_input: neutron_public_interface}
690 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
691 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
692 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
693 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
694 neutron_tunnel_types: {get_input: neutron_tunnel_types}
695 neutron::server::auth_password: {get_input: neutron_password}
696 neutron::agents::metadata::auth_password: {get_input: neutron_password}
697 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
698 neutron_dsn: {get_input: neutron_dsn}
700 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
701 ceilometer::rabbit_userid: {get_input: rabbit_username}
702 ceilometer::rabbit_password: {get_input: rabbit_password}
703 ceilometer::rabbit_host: {get_input: controller_virtual_ip}
704 ceilometer::api::host: {get_input: controller_host}
705 ceilometer::api::keystone_password: {get_input: ceilometer_password}
706 ceilometer::api::keystone_host: {get_input: controller_virtual_ip}
707 ceilometer::db::database_connection: {get_input: ceilometer_dsn}
708 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
709 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
710 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
712 nova::rabbit_userid: {get_input: rabbit_username}
713 nova::rabbit_password: {get_input: rabbit_password}
714 nova::api::auth_host: {get_input: controller_virtual_ip}
715 nova::api::api_bind_address: {get_input: controller_host}
716 nova::api::metadata_listen: {get_input: controller_host}
717 nova::api::admin_password: {get_input: nova_password}
718 nova::database_connection: {get_input: nova_dsn}
719 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
720 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
721 nova::network::neutron::neutron_url: {get_input: neutron_url}
722 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
725 rabbit_username: {get_input: rabbit_username}
726 rabbit_password: {get_input: rabbit_password}
727 rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
728 rabbit_client_port: {get_input: rabbit_client_port}
729 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
731 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
732 ntp::servers: {get_input: ntp_servers}
733 control_virtual_interface: {get_input: control_virtual_interface}
734 controller_virtual_ip: {get_input: controller_virtual_ip}
735 public_virtual_interface: {get_input: public_virtual_interface}
736 public_virtual_ip: {get_input: public_virtual_ip}
737 enable_package_install: {get_input: enable_package_install}
741 description: IP address of the server in the ctlplane network
742 value: {get_attr: [Controller, networks, ctlplane, 0]}
744 description: Hostname of the server
745 value: {get_attr: [Controller, name]}
748 Node object in the format {ip: ..., name: ...} format that the corosync
751 ip: {get_attr: [Controller, networks, ctlplane, 0]}
752 name: {get_attr: [Controller, name]}
755 Server's IP address and hostname in the /etc/hosts format
758 template: IP HOST HOST.novalocal CLOUDNAME
760 IP: {get_attr: [Controller, networks, ctlplane, 0]}
761 HOST: {get_attr: [Controller, name]}
762 CLOUDNAME: {get_param: CloudName}
763 nova_server_resource:
764 description: Heat resource handle for the Nova compute server
766 {get_resource: Controller}
768 description: Swift device formatted for swift-ring-builder
771 template: 'r1z1-IP:%PORT%/d1'
773 IP: {get_attr: [Controller, networks, ctlplane, 0]}
774 swift_proxy_memcache:
775 description: Swift proxy-memcache value
780 IP: {get_attr: [Controller, networks, ctlplane, 0]}