1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service and db account.
31 CinderEnableIscsiBackend:
33 description: Whether to enable or not the Iscsi backend for Cinder
35 CinderEnableRbdBackend:
37 description: Whether to enable or not the Rbd backend for Cinder
41 description: The iSCSI helper to use with cinder.
43 CinderLVMLoopDeviceSize:
45 description: The size of the loopback file used by the cinder LVM driver.
49 description: The password for the cinder service and db account, used by cinder-api.
54 description: Contains parameters to configure Cinder backends. Typically
55 set via parameter_defaults in the resource registry.
59 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
61 ControllerExtraConfig:
64 Controller specific configuration to inject into the cluster. Same
65 structure as ExtraConfig.
67 ControlVirtualInterface:
69 description: Interface where virtual ip will be assigned.
73 description: Set to True to enable debugging on all services.
77 description: Whether to enable fencing in Pacemaker or not.
81 description: Whether to use Galera instead of regular MariaDB.
85 description: Whether to deploy Ceph Storage (OSD) on the Controller
89 description: Whether to enable Swift Storage on the Controller
94 Additional configuration to inject into the cluster. The JSON should have
95 the following structure:
98 [{"section": "SECTIONNAME",
100 [{"option": "OPTIONNAME",
111 [{"section": "default",
113 [{"option": "compute_manager",
114 "value": "ironic.nova.compute.manager.ClusterComputeManager"
120 [{"option": "driver",
121 "value": "nova.cells.rpc_driver.CellsRPCDriver"
132 Pacemaker fencing configuration. The JSON should have
133 the following structure:
137 "agent": "AGENT_NAME",
138 "host_mac": "HOST_MAC_ADDRESS",
139 "params": {"PARAM_NAME": "PARAM_VALUE"}
147 "agent": "fence_xvm",
148 "host_mac": "52:54:00:aa:bb:cc",
150 "multicast_address": "225.0.0.12",
151 "port": "baremetal_0",
153 "manage_key_file": true,
154 "key_file": "/etc/fence_xvm.key",
155 "key_file_password": "abcdef"
162 description: Flavor for control nodes to request when deploying.
165 - custom_constraint: nova.flavor
166 GlanceNotifierStrategy:
167 description: Strategy to use for Glance notification queue
171 description: The filepath of the file to use for logging messages from Glance.
176 description: The password for the glance service and db account, used by the glance services.
181 description: Glance port.
185 description: Protocol to use when connecting to glance, set to https for SSL.
189 description: The short name of the Glance backend to use. Should be one
190 of swift, rbd, or file
193 - allowed_values: ['swift', 'file', 'rbd']
196 description: The password for the Heat service and db account, used by the Heat services.
199 HeatStackDomainAdminPassword:
200 description: Password for heat_domain_admin user.
204 HeatAuthEncryptionKey:
205 description: Auth encryption key for heat-engine
208 description: Secret key for Django
212 default: overcloud-control
214 - custom_constraint: glance.image
216 default: 'REBUILD_PRESERVE_EPHEMERAL'
217 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
221 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
224 - custom_constraint: nova.keypair
225 KeystoneCACertificate:
227 description: Keystone self-signed certificate authority certificate.
229 KeystoneSigningCertificate:
231 description: Keystone certificate for verifying token validity.
235 description: Keystone key for signing tokens.
238 KeystoneSSLCertificate:
240 description: Keystone certificate for verifying token validity.
242 KeystoneSSLCertificateKey:
244 description: Keystone key for signing tokens.
247 MysqlClusterUniquePart:
248 description: A unique identifier of the MySQL cluster the controller is in.
250 default: 'unset' # Has to be here because of the ignored empty value bug
251 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
253 # - length: {min: 4, max: 10}
254 MysqlInnodbBufferPoolSize:
256 Specifies the size of the buffer pool in megabytes. Setting to
257 zero should be interpreted as "no value" and will defer to the
262 description: Configures MySQL max_connections config setting
268 default: '' # Has to be here because of the ignored empty value bug
269 NeutronExternalNetworkBridge:
270 description: Name of bridge used for external network traffic.
273 NeutronBridgeMappings:
275 The OVS logical->physical bridge mappings to use. See the Neutron
276 documentation for details. Defaults to mapping br-ex - the external
277 bridge on hosts - to a physical name 'datacentre' which can be used
278 to create provider networks (and we use this for the default floating
279 network) - if changing this either use different post-install network
280 scripts or be sure to keep 'datacentre' as a mapping network name.
282 default: "datacentre:br-ex"
283 NeutronDnsmasqOptions:
284 default: 'dhcp-option-force=26,1400'
285 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
289 description: Agent mode for the neutron-l3-agent on the controller hosts
293 description: Whether to enable l3-agent HA
295 NeutronDhcpAgentsPerNetwork:
298 description: The number of neutron dhcp agents to schedule per network
301 description: Whether to configure Neutron Distributed Virtual Routers
303 NeutronMetadataProxySharedSecret:
305 description: Shared secret to prevent spoofing
307 NeutronMechanismDrivers:
308 default: 'openvswitch'
310 The mechanism drivers for the Neutron tenant network. To specify multiple
311 values, use a comma separated string, like so: 'openvswitch,l2_population'
313 NeutronAllowL3AgentFailover:
315 description: Allow automatic l3-agent failover
317 NeutronEnableTunnelling:
322 default: 'datacentre'
323 description: If set, flat networks to configure in neutron plugins.
326 description: Whether to enable l3-agent HA
330 description: The tenant network type for Neutron, either gre or vxlan.
332 NeutronNetworkVLANRanges:
333 default: 'datacentre'
335 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
336 Neutron documentation for permitted values. Defaults to permitting any
337 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
338 type: comma_delimited_list
341 description: The password for the neutron service and db account, used by neutron agents.
344 NeutronPublicInterface:
346 description: What interface to bridge onto br-ex for network nodes.
348 NeutronPublicInterfaceTag:
351 VLAN tag for creating a public VLAN. The tag will be used to
352 create an access port on the exterior bridge for each control plane node,
353 and that port will be given the IP address returned by neutron from the
354 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
355 overcloud.yaml to include the deployment of VLAN ports to the control
358 NeutronPublicInterfaceDefaultRoute:
360 description: A custom default route for the NeutronPublicInterface.
362 NeutronPublicInterfaceIP:
364 description: A custom IP address to put onto the NeutronPublicInterface.
366 NeutronPublicInterfaceRawDevice:
368 description: If set, the public interface is a vlan with this device as the raw device.
373 The tunnel types for the Neutron tenant network. To specify multiple
374 values, use a comma separated string, like so: 'gre,vxlan'
376 NeutronTunnelIdRanges:
378 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
379 of GRE tunnel IDs that are available for tenant network allocation
380 default: ["1:1000", ]
381 type: comma_delimited_list
384 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
385 of VXLAN VNI IDs that are available for tenant network allocation
386 default: ["1:1000", ]
387 type: comma_delimited_list
390 description: The password for the nova service and db account, used by nova-api.
395 description: Should MongoDb journaling be disabled
402 description: The password for the 'pcsd' user.
403 PublicVirtualInterface:
406 Specifies the interface where the public-facing virtual ip will be assigned.
407 This should be int_public when a VLAN is being used.
409 PublicVirtualIP: # DEPRECATED: use per service settings instead
411 default: '' # Has to be here because of the ignored empty value bug
414 default: '' # Has to be here because of the ignored empty value bug
418 description: The password for RabbitMQ
423 description: The username for RabbitMQ
428 Rabbit client subscriber parameter to specify
429 an SSL connection to the RabbitMQ host.
433 description: Set rabbit subscriber port, change this if using SSL
437 default: '' # Has to be here because of the ignored empty value bug
438 SnmpdReadonlyUserName:
439 default: ro_snmp_user
440 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
442 SnmpdReadonlyUserPassword:
444 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
449 description: If set, the contents of an SSL certificate authority file.
453 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
458 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
463 description: A random string to be used as a salt when hashing to determine mappings
469 description: Value of mount_check in Swift account/container/object -server.conf
474 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
477 description: Partition Power to use when building Swift rings
481 description: The password for the swift service account, used by the swift proxy
488 description: How many replicas to use in the swift rings.
489 VirtualIP: # DEPRECATED: use per service settings instead
491 default: '' # Has to be here because of the ignored empty value bug
501 KeystonePublicApiVirtualIP:
507 EnablePackageInstall:
509 description: Set to true to enable package installation via Puppet
513 description: Mapping of service_name -> network name. Typically set
514 via parameter_defaults in the resource registry.
520 Setting to a previously unused value during stack-update will trigger
521 package update on all nodes
524 default: '' # Defaults to Heat created hostname
529 type: OS::Nova::Server
531 image: {get_param: Image}
532 image_update_policy: {get_param: ImageUpdatePolicy}
533 flavor: {get_param: Flavor}
534 key_name: {get_param: KeyName}
537 user_data_format: SOFTWARE_CONFIG
538 user_data: {get_resource: NodeUserData}
539 name: {get_param: Hostname}
542 type: OS::TripleO::NodeUserData
545 type: OS::TripleO::Controller::Ports::ExternalPort
547 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
550 type: OS::TripleO::Controller::Ports::InternalApiPort
552 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
555 type: OS::TripleO::Controller::Ports::StoragePort
557 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
560 type: OS::TripleO::Controller::Ports::StorageMgmtPort
562 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
565 type: OS::TripleO::Controller::Ports::TenantPort
567 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
570 type: OS::TripleO::Network::Ports::NetIpMap
572 ExternalIp: {get_attr: [ExternalPort, ip_address]}
573 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
574 StorageIp: {get_attr: [StoragePort, ip_address]}
575 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
576 TenantIp: {get_attr: [TenantPort, ip_address]}
579 type: OS::TripleO::Network::Ports::NetIpMap
581 ExternalIp: {get_attr: [ExternalPort, ip_subnet]}
582 InternalApiIp: {get_attr: [InternalApiPort, ip_subnet]}
583 StorageIp: {get_attr: [StoragePort, ip_subnet]}
584 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]}
585 TenantIp: {get_attr: [TenantPort, ip_subnet]}
588 type: OS::TripleO::Controller::Net::SoftwareConfig
590 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
591 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
592 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
593 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
594 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
597 type: OS::TripleO::SoftwareDeployment
599 config: {get_resource: NetworkConfig}
600 server: {get_resource: Controller}
603 interface_name: {get_param: NeutronPublicInterface}
605 ControllerDeployment:
606 type: OS::TripleO::SoftwareDeployment
607 depends_on: NetworkDeployment
609 config: {get_resource: ControllerConfig}
610 server: {get_resource: Controller}
612 bootstack_nodeid: {get_attr: [Controller, name]}
613 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
614 heat.watch_server_url:
618 - {get_param: HeatApiVirtualIP}
620 heat.metadata_server_url:
624 - {get_param: HeatApiVirtualIP}
626 heat.waitcondition_server_url:
630 - {get_param: HeatApiVirtualIP}
631 - ':8000/v1/waitcondition'
632 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
633 horizon_secret: {get_param: HorizonSecret}
634 admin_password: {get_param: AdminPassword}
635 admin_token: {get_param: AdminToken}
636 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
637 debug: {get_param: Debug}
638 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
639 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
640 cinder_password: {get_param: CinderPassword}
641 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
642 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
643 cinder_backend_config: {get_param: CinderBackendConfig}
647 - - 'mysql://cinder:'
648 - {get_param: CinderPassword}
650 - {get_param: MysqlVirtualIP}
652 glance_port: {get_param: GlancePort}
653 glance_password: {get_param: GlancePassword}
654 glance_backend: {get_param: GlanceBackend}
655 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
656 glance_log_file: {get_param: GlanceLogFile}
660 - - 'mysql://glance:'
661 - {get_param: GlancePassword}
663 - {get_param: MysqlVirtualIP}
665 heat_password: {get_param: HeatPassword}
666 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
671 - {get_param: HeatPassword}
673 - {get_param: MysqlVirtualIP}
675 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
676 keystone_ca_certificate: {get_param: KeystoneCACertificate}
677 keystone_signing_key: {get_param: KeystoneSigningKey}
678 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
679 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
680 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
684 - - 'mysql://keystone:'
685 - {get_param: AdminToken}
687 - {get_param: MysqlVirtualIP}
689 keystone_identity_uri:
693 - {get_param: KeystonePublicApiVirtualIP}
699 - {get_param: KeystonePublicApiVirtualIP}
705 - {get_param: KeystonePublicApiVirtualIP}
706 - ':5000/v2.0/ec2tokens'
707 enable_fencing: {get_param: EnableFencing}
708 enable_galera: {get_param: EnableGalera}
709 enable_ceph_storage: {get_param: EnableCephStorage}
710 enable_swift_storage: {get_param: EnableSwiftStorage}
711 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
712 mysql_max_connections: {get_param: MysqlMaxConnections}
713 mysql_root_password: {get_param: MysqlRootPassword}
716 template: tripleo-CLUSTER
718 CLUSTER: {get_param: MysqlClusterUniquePart}
719 neutron_flat_networks: {get_param: NeutronFlatNetworks}
720 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
721 neutron_agent_mode: {get_param: NeutronAgentMode}
722 neutron_router_distributed: {get_param: NeutronDVR}
723 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
724 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
725 neutron_l3_ha: {get_param: NeutronL3HA}
726 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
727 neutron_network_vlan_ranges:
729 template: "['RANGES']"
734 - {get_param: NeutronNetworkVLANRanges}
735 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
736 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
737 neutron_public_interface: {get_param: NeutronPublicInterface}
738 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
739 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
740 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
741 neutron_tenant_network_type: {get_param: NeutronNetworkType}
742 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
743 neutron_tunnel_id_ranges:
745 template: "['RANGES']"
750 - {get_param: NeutronTunnelIdRanges}
753 template: "['RANGES']"
758 - {get_param: NeutronVniRanges}
759 neutron_password: {get_param: NeutronPassword}
760 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
764 - - 'mysql://neutron:'
765 - {get_param: NeutronPassword}
767 - {get_param: MysqlVirtualIP}
768 - '/ovs_neutron?charset=utf8'
773 - {get_param: NeutronApiVirtualIP}
775 neutron_admin_auth_url:
779 - {get_param: KeystonePublicApiVirtualIP}
781 ceilometer_backend: {get_param: CeilometerBackend}
782 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
783 ceilometer_password: {get_param: CeilometerPassword}
784 ceilometer_coordination_url:
788 - {get_param: RedisVirtualIP}
793 - - 'mysql://ceilometer:unset@'
794 - {get_param: MysqlVirtualIP}
796 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
797 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
798 nova_password: {get_param: NovaPassword}
803 - {get_param: NovaPassword}
805 - {get_param: MysqlVirtualIP}
807 fencing_config: {get_param: FencingConfig}
808 pcsd_password: {get_param: PcsdPassword}
809 rabbit_username: {get_param: RabbitUserName}
810 rabbit_password: {get_param: RabbitPassword}
811 rabbit_cookie: {get_param: RabbitCookie}
812 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
813 rabbit_client_port: {get_param: RabbitClientPort}
814 mongodb_no_journal: {get_param: MongoDbNoJournal}
817 template: '["server"]'
819 server: {get_param: NtpServer}
820 control_virtual_interface: {get_param: ControlVirtualInterface}
821 public_virtual_interface: {get_param: PublicVirtualInterface}
822 swift_hash_suffix: {get_param: SwiftHashSuffix}
823 swift_password: {get_param: SwiftPassword}
824 swift_part_power: {get_param: SwiftPartPower}
825 swift_replicas: {get_param: SwiftReplicas}
826 swift_min_part_hours: {get_param: SwiftMinPartHours}
827 swift_mount_check: {get_param: SwiftMountCheck}
828 enable_package_install: {get_param: EnablePackageInstall}
829 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
830 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
831 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
832 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
833 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
834 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
838 - - {get_param: GlanceProtocol}
840 - {get_param: GlanceApiVirtualIP}
842 - {get_param: GlancePort}
843 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
844 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
845 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
846 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
847 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
848 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
849 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
850 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
851 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
852 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
853 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
854 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
855 redis_vip: {get_param: RedisVirtualIP}
856 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
857 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
858 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
859 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
860 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
862 # Map heat metadata into hiera datafiles
864 type: OS::Heat::StructuredConfig
866 group: os-apply-config
870 - heat_config_%{::deploy_config_name}
873 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
874 - ceph_cluster # provided by CephClusterConfig
876 - bootstrap_node # provided by BootstrapNodeConfig
877 - all_nodes # provided by allNodesConfig
878 - vip_data # provided by vip-config
881 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
884 raw_data: {get_file: hieradata/common.yaml}
886 raw_data: {get_file: hieradata/ceph.yaml}
888 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
889 ceph::profile::params::public_network: {get_input: ceph_public_network}
890 ceph::mon::public_addr: {get_input: ceph_public_ip}
892 raw_data: {get_file: hieradata/object.yaml}
894 raw_data: {get_file: hieradata/controller.yaml}
895 mapped_data: # data supplied directly to this deployment configuration, etc
896 bootstack_nodeid: {get_input: bootstack_nodeid}
899 enable_fencing: {get_input: enable_fencing}
900 hacluster_pwd: {get_input: pcsd_password}
901 tripleo::fencing::config: {get_input: fencing_config}
904 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
905 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
906 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
907 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
908 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
909 swift::proxy::authtoken::admin_password: {get_input: swift_password}
910 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
911 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
912 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
913 swift_mount_check: {get_input: swift_mount_check}
915 # NOTE(dprince): build_ring support is currently not wired in.
916 # See: https://review.openstack.org/#/c/109225/
917 tripleo::ringbuilder::build_ring: True
920 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
921 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
922 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
923 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
924 cinder::database_connection: {get_input: cinder_dsn}
925 cinder::api::keystone_password: {get_input: cinder_password}
926 cinder::api::auth_uri: {get_input: keystone_auth_uri}
927 cinder::api::identity_uri: {get_input: keystone_identity_uri}
928 cinder::api::bind_host: {get_input: cinder_api_network}
929 cinder::rabbit_userid: {get_input: rabbit_username}
930 cinder::rabbit_password: {get_input: rabbit_password}
931 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
932 cinder::rabbit_port: {get_input: rabbit_client_port}
933 cinder::debug: {get_input: debug}
934 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
935 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
936 cinder_backend_config: {get_input: CinderBackendConfig}
939 glance::api::bind_port: {get_input: glance_port}
940 glance::api::bind_host: {get_input: glance_api_network}
941 glance::api::auth_uri: {get_input: keystone_auth_uri}
942 glance::api::identity_uri: {get_input: keystone_identity_uri}
943 glance::api::registry_host: {get_input: glance_registry_network}
944 glance::api::keystone_password: {get_input: glance_password}
945 glance::api::debug: {get_input: debug}
946 glance_notifier_strategy: {get_input: glance_notifier_strategy}
947 glance_log_file: {get_input: glance_log_file}
948 glance_log_file: {get_input: glance_log_file}
949 glance::api::database_connection: {get_input: glance_dsn}
950 glance::registry::keystone_password: {get_input: glance_password}
951 glance::registry::database_connection: {get_input: glance_dsn}
952 glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
953 glance::registry::auth_uri: {get_input: keystone_auth_uri}
954 glance::registry::identity_uri: {get_input: keystone_identity_uri}
955 glance::registry::debug: {get_input: debug}
956 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
957 glance::backend::swift::swift_store_user: service:glance
958 glance::backend::swift::swift_store_key: {get_input: glance_password}
959 glance_backend: {get_input: glance_backend}
962 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
963 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
964 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
965 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
966 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
967 heat::rabbit_userid: {get_input: rabbit_username}
968 heat::rabbit_password: {get_input: rabbit_password}
969 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
970 heat::rabbit_port: {get_input: rabbit_client_port}
971 heat::auth_uri: {get_input: keystone_auth_uri}
972 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
973 heat::identity_uri: {get_input: keystone_identity_uri}
974 heat::keystone_password: {get_input: heat_password}
975 heat::api::bind_host: {get_input: heat_api_network}
976 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
977 heat::api_cfn::bind_host: {get_input: heat_api_network}
978 heat::database_connection: {get_input: heat_dsn}
979 heat::instance_user: heat-admin
980 heat::debug: {get_input: debug}
983 keystone::admin_token: {get_input: admin_token}
984 keystone_ca_certificate: {get_input: keystone_ca_certificate}
985 keystone_signing_key: {get_input: keystone_signing_key}
986 keystone_signing_certificate: {get_input: keystone_signing_certificate}
987 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
988 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
989 keystone::database_connection: {get_input: keystone_dsn}
990 keystone::public_bind_host: {get_input: keystone_public_api_network}
991 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
992 keystone::debug: {get_input: debug}
994 mongodb::server::bind_ip: {get_input: mongo_db_network}
995 mongodb::server::nojournal: {get_input: mongodb_no_journal}
997 admin_password: {get_input: admin_password}
998 enable_galera: {get_input: enable_galera}
999 enable_ceph_storage: {get_input: enable_ceph_storage}
1000 enable_swift_storage: {get_input: enable_swift_storage}
1001 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1002 mysql_max_connections: {get_input: mysql_max_connections}
1003 mysql::server::root_password: {get_input: mysql_root_password}
1004 mysql_cluster_name: {get_input: mysql_cluster_name}
1005 mysql_bind_host: {get_input: mysql_network}
1008 neutron::bind_host: {get_input: neutron_api_network}
1009 neutron::rabbit_password: {get_input: rabbit_password}
1010 neutron::rabbit_user: {get_input: rabbit_user}
1011 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1012 neutron::rabbit_port: {get_input: rabbit_client_port}
1013 neutron::debug: {get_input: debug}
1014 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1015 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1016 neutron::server::database_connection: {get_input: neutron_dsn}
1017 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1018 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1019 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1020 neutron_flat_networks: {get_input: neutron_flat_networks}
1021 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1022 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1023 neutron_agent_mode: {get_input: neutron_agent_mode}
1024 neutron_router_distributed: {get_input: neutron_router_distributed}
1025 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1026 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1027 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1028 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1029 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1030 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1031 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1032 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1033 neutron_public_interface: {get_input: neutron_public_interface}
1034 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1035 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1036 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1037 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1038 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1039 neutron::server::auth_password: {get_input: neutron_password}
1040 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1041 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1042 neutron_dsn: {get_input: neutron_dsn}
1043 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1046 ceilometer_backend: {get_input: ceilometer_backend}
1047 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1048 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1049 ceilometer::rabbit_userid: {get_input: rabbit_username}
1050 ceilometer::rabbit_password: {get_input: rabbit_password}
1051 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1052 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1053 ceilometer::debug: {get_input: debug}
1054 ceilometer::api::host: {get_input: ceilometer_api_network}
1055 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1056 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1057 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1058 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1059 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1060 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1061 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1062 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1065 nova::rabbit_userid: {get_input: rabbit_username}
1066 nova::rabbit_password: {get_input: rabbit_password}
1067 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1068 nova::rabbit_port: {get_input: rabbit_client_port}
1069 nova::debug: {get_input: debug}
1070 nova::api::auth_uri: {get_input: keystone_auth_uri}
1071 nova::api::identity_uri: {get_input: keystone_identity_uri}
1072 nova::api::api_bind_address: {get_input: nova_api_network}
1073 nova::api::metadata_listen: {get_input: nova_metadata_network}
1074 nova::api::admin_password: {get_input: nova_password}
1075 nova::database_connection: {get_input: nova_dsn}
1076 nova::glance_api_servers: {get_input: glance_api_servers}
1077 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1078 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1079 nova::network::neutron::neutron_url: {get_input: neutron_url}
1080 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1081 nova::vncproxy::host: {get_input: nova_api_network}
1084 apache::ip: {get_input: horizon_network}
1085 horizon::django_debug: {get_input: debug}
1086 horizon::secret_key: {get_input: horizon_secret}
1087 horizon::bind_address: {get_input: horizon_network}
1088 horizon::keystone_url: {get_input: keystone_auth_uri}
1091 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1092 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1094 redis::bind: {get_input: redis_network}
1095 redis_vip: {get_input: redis_vip}
1097 memcached::listen_ip: {get_input: memcached_network}
1098 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1099 ntp::servers: {get_input: ntp_servers}
1100 control_virtual_interface: {get_input: control_virtual_interface}
1101 public_virtual_interface: {get_input: public_virtual_interface}
1102 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1103 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1104 enable_package_install: {get_input: enable_package_install}
1106 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1107 ControllerExtraConfigPre:
1108 depends_on: ControllerDeployment
1109 type: OS::TripleO::ControllerExtraConfigPre
1111 server: {get_resource: Controller}
1114 type: OS::TripleO::Tasks::PackageUpdate
1117 type: OS::Heat::SoftwareDeployment
1119 config: {get_resource: UpdateConfig}
1120 server: {get_resource: Controller}
1123 get_param: UpdateIdentifier
1127 description: IP address of the server in the ctlplane network
1128 value: {get_attr: [Controller, networks, ctlplane, 0]}
1129 external_ip_address:
1130 description: IP address of the server in the external network
1131 value: {get_attr: [ExternalPort, ip_address]}
1132 internal_api_ip_address:
1133 description: IP address of the server in the internal_api network
1134 value: {get_attr: [InternalApiPort, ip_address]}
1136 description: IP address of the server in the storage network
1137 value: {get_attr: [StoragePort, ip_address]}
1138 storage_mgmt_ip_address:
1139 description: IP address of the server in the storage_mgmt network
1140 value: {get_attr: [StorageMgmtPort, ip_address]}
1142 description: IP address of the server in the tenant network
1143 value: {get_attr: [TenantPort, ip_address]}
1145 description: Hostname of the server
1146 value: {get_attr: [Controller, name]}
1149 Node object in the format {ip: ..., name: ...} format that the corosync
1152 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1153 name: {get_attr: [Controller, name]}
1156 Server's IP address and hostname in the /etc/hosts format
1159 template: IP HOST.localdomain HOST CLOUDNAME
1161 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1162 HOST: {get_attr: [Controller, name]}
1163 CLOUDNAME: {get_param: CloudName}
1164 nova_server_resource:
1165 description: Heat resource handle for the Nova compute server
1167 {get_resource: Controller}
1169 description: Swift device formatted for swift-ring-builder
1172 template: 'r1z1-IP:%PORT%/d1'
1174 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1175 swift_proxy_memcache:
1176 description: Swift proxy-memcache value
1179 template: "IP:11211"
1181 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1183 description: identifier which changes if the controller configuration may need re-applying
1187 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1188 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}