1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service and db account.
31 CinderEnableNfsBackend:
33 description: Whether to enable or not the NFS backend for Cinder
35 CinderEnableIscsiBackend:
37 description: Whether to enable or not the Iscsi backend for Cinder
39 CinderEnableRbdBackend:
41 description: Whether to enable or not the Rbd backend for Cinder
45 description: The iSCSI helper to use with cinder.
47 CinderLVMLoopDeviceSize:
49 description: The size of the loopback file used by the cinder LVM driver.
51 CinderNfsMountOptions:
54 Mount options for NFS mounts used by Cinder NFS backend. Effective
55 when CinderEnableNfsBackend is true.
60 NFS servers used by Cinder NFS backend. Effective when
61 CinderEnableNfsBackend is true.
62 type: comma_delimited_list
65 description: The password for the cinder service and db account, used by cinder-api.
70 description: Contains parameters to configure Cinder backends. Typically
71 set via parameter_defaults in the resource registry.
75 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
77 ControllerExtraConfig:
80 Controller specific hiera configuration data to inject into the cluster.
82 ControlVirtualInterface:
84 description: Interface where virtual ip will be assigned.
88 description: Set to True to enable debugging on all services.
92 description: Whether to enable fencing in Pacemaker or not.
96 description: Whether to use Galera instead of regular MariaDB.
100 description: Whether to deploy Ceph Storage (OSD) on the Controller
104 description: Whether to enable Swift Storage on the Controller
109 Additional hieradata to inject into the cluster, note that
110 ControllerExtraConfig takes precedence over ExtraConfig.
115 Pacemaker fencing configuration. The JSON should have
116 the following structure:
120 "agent": "AGENT_NAME",
121 "host_mac": "HOST_MAC_ADDRESS",
122 "params": {"PARAM_NAME": "PARAM_VALUE"}
130 "agent": "fence_xvm",
131 "host_mac": "52:54:00:aa:bb:cc",
133 "multicast_address": "225.0.0.12",
134 "port": "baremetal_0",
136 "manage_key_file": true,
137 "key_file": "/etc/fence_xvm.key",
138 "key_file_password": "abcdef"
145 description: Flavor for control nodes to request when deploying.
148 - custom_constraint: nova.flavor
149 GlanceNotifierStrategy:
150 description: Strategy to use for Glance notification queue
154 description: The filepath of the file to use for logging messages from Glance.
159 description: The password for the glance service and db account, used by the glance services.
164 description: Glance port.
168 description: Protocol to use when connecting to glance, set to https for SSL.
172 description: The short name of the Glance backend to use. Should be one
173 of swift, rbd, or file
176 - allowed_values: ['swift', 'file', 'rbd']
179 description: The password for the Heat service and db account, used by the Heat services.
182 HeatStackDomainAdminPassword:
183 description: Password for heat_domain_admin user.
187 HeatAuthEncryptionKey:
188 description: Auth encryption key for heat-engine
191 description: Secret key for Django
195 default: overcloud-control
197 - custom_constraint: glance.image
199 default: 'REBUILD_PRESERVE_EPHEMERAL'
200 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
204 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
207 - custom_constraint: nova.keypair
208 KeystoneCACertificate:
210 description: Keystone self-signed certificate authority certificate.
212 KeystoneSigningCertificate:
214 description: Keystone certificate for verifying token validity.
218 description: Keystone key for signing tokens.
221 KeystoneSSLCertificate:
223 description: Keystone certificate for verifying token validity.
225 KeystoneSSLCertificateKey:
227 description: Keystone key for signing tokens.
230 KeystoneNotificationDriver:
231 description: Comma-separated list of Oslo notification drivers used by Keystone
232 default: ['messaging']
233 type: comma_delimited_list
234 KeystoneNotificationFormat:
235 description: The Keystone notification format
239 - allowed_values: [ 'basic', 'cadf' ]
240 MysqlClusterUniquePart:
241 description: A unique identifier of the MySQL cluster the controller is in.
243 default: 'unset' # Has to be here because of the ignored empty value bug
244 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
246 # - length: {min: 4, max: 10}
247 MysqlInnodbBufferPoolSize:
249 Specifies the size of the buffer pool in megabytes. Setting to
250 zero should be interpreted as "no value" and will defer to the
255 description: Configures MySQL max_connections config setting
261 default: '' # Has to be here because of the ignored empty value bug
262 NeutronExternalNetworkBridge:
263 description: Name of bridge used for external network traffic.
266 NeutronBridgeMappings:
268 The OVS logical->physical bridge mappings to use. See the Neutron
269 documentation for details. Defaults to mapping br-ex - the external
270 bridge on hosts - to a physical name 'datacentre' which can be used
271 to create provider networks (and we use this for the default floating
272 network) - if changing this either use different post-install network
273 scripts or be sure to keep 'datacentre' as a mapping network name.
275 default: "datacentre:br-ex"
276 NeutronDnsmasqOptions:
277 default: 'dhcp-option-force=26,1400'
278 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
282 description: Agent mode for the neutron-l3-agent on the controller hosts
286 description: Whether to enable l3-agent HA
288 NeutronDhcpAgentsPerNetwork:
291 description: The number of neutron dhcp agents to schedule per network
294 description: Whether to configure Neutron Distributed Virtual Routers
296 NeutronMetadataProxySharedSecret:
298 description: Shared secret to prevent spoofing
300 NeutronMechanismDrivers:
301 default: 'openvswitch'
303 The mechanism drivers for the Neutron tenant network. To specify multiple
304 values, use a comma separated string, like so: 'openvswitch,l2_population'
306 NeutronAllowL3AgentFailover:
308 description: Allow automatic l3-agent failover
310 NeutronEnableTunnelling:
315 default: 'datacentre'
316 description: If set, flat networks to configure in neutron plugins.
319 description: Whether to enable l3-agent HA
323 description: The tenant network type for Neutron, either gre or vxlan.
325 NeutronNetworkVLANRanges:
326 default: 'datacentre'
328 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
329 Neutron documentation for permitted values. Defaults to permitting any
330 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
331 type: comma_delimited_list
334 description: The password for the neutron service and db account, used by neutron agents.
337 NeutronPublicInterface:
339 description: What interface to bridge onto br-ex for network nodes.
341 NeutronPublicInterfaceTag:
344 VLAN tag for creating a public VLAN. The tag will be used to
345 create an access port on the exterior bridge for each control plane node,
346 and that port will be given the IP address returned by neutron from the
347 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
348 overcloud.yaml to include the deployment of VLAN ports to the control
351 NeutronPublicInterfaceDefaultRoute:
353 description: A custom default route for the NeutronPublicInterface.
355 NeutronPublicInterfaceIP:
357 description: A custom IP address to put onto the NeutronPublicInterface.
359 NeutronPublicInterfaceRawDevice:
361 description: If set, the public interface is a vlan with this device as the raw device.
366 The tunnel types for the Neutron tenant network. To specify multiple
367 values, use a comma separated string, like so: 'gre,vxlan'
369 NeutronTunnelIdRanges:
371 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
372 of GRE tunnel IDs that are available for tenant network allocation
373 default: ["1:1000", ]
374 type: comma_delimited_list
377 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
378 of VXLAN VNI IDs that are available for tenant network allocation
379 default: ["1:1000", ]
380 type: comma_delimited_list
383 description: The password for the nova service and db account, used by nova-api.
388 description: Should MongoDb journaling be disabled
395 description: The password for the 'pcsd' user.
396 PublicVirtualInterface:
399 Specifies the interface where the public-facing virtual ip will be assigned.
400 This should be int_public when a VLAN is being used.
402 PublicVirtualIP: # DEPRECATED: use per service settings instead
404 default: '' # Has to be here because of the ignored empty value bug
407 default: '' # Has to be here because of the ignored empty value bug
411 description: The password for RabbitMQ
416 description: The username for RabbitMQ
421 Rabbit client subscriber parameter to specify
422 an SSL connection to the RabbitMQ host.
426 description: Set rabbit subscriber port, change this if using SSL
430 default: '' # Has to be here because of the ignored empty value bug
431 SnmpdReadonlyUserName:
432 default: ro_snmp_user
433 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
435 SnmpdReadonlyUserPassword:
437 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
442 description: If set, the contents of an SSL certificate authority file.
446 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
451 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
456 description: A random string to be used as a salt when hashing to determine mappings
462 description: Value of mount_check in Swift account/container/object -server.conf
467 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
470 description: Partition Power to use when building Swift rings
474 description: The password for the swift service account, used by the swift proxy
481 description: How many replicas to use in the swift rings.
482 VirtualIP: # DEPRECATED: use per service settings instead
484 default: '' # Has to be here because of the ignored empty value bug
494 KeystonePublicApiVirtualIP:
500 EnablePackageInstall:
502 description: Set to true to enable package installation via Puppet
506 description: Mapping of service_name -> network name. Typically set
507 via parameter_defaults in the resource registry.
513 Setting to a previously unused value during stack-update will trigger
514 package update on all nodes
517 default: '' # Defaults to Heat created hostname
522 type: OS::Nova::Server
524 image: {get_param: Image}
525 image_update_policy: {get_param: ImageUpdatePolicy}
526 flavor: {get_param: Flavor}
527 key_name: {get_param: KeyName}
530 user_data_format: SOFTWARE_CONFIG
531 user_data: {get_resource: UserData}
532 name: {get_param: Hostname}
534 # Combine the NodeAdminUserData and NodeUserData mime archives
536 type: OS::Heat::MultipartMime
539 - config: {get_resource: NodeAdminUserData}
541 - config: {get_resource: NodeUserData}
544 # Creates the "heat-admin" user if configured via the environment
545 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
547 type: OS::TripleO::NodeAdminUserData
549 # For optional operator additional userdata
550 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
552 type: OS::TripleO::NodeUserData
555 type: OS::TripleO::Controller::Ports::ExternalPort
557 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
560 type: OS::TripleO::Controller::Ports::InternalApiPort
562 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
565 type: OS::TripleO::Controller::Ports::StoragePort
567 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
570 type: OS::TripleO::Controller::Ports::StorageMgmtPort
572 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
575 type: OS::TripleO::Controller::Ports::TenantPort
577 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
580 type: OS::TripleO::Network::Ports::NetIpMap
582 ExternalIp: {get_attr: [ExternalPort, ip_address]}
583 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
584 StorageIp: {get_attr: [StoragePort, ip_address]}
585 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
586 TenantIp: {get_attr: [TenantPort, ip_address]}
589 type: OS::TripleO::Network::Ports::NetIpMap
591 ExternalIp: {get_attr: [ExternalPort, ip_subnet]}
592 InternalApiIp: {get_attr: [InternalApiPort, ip_subnet]}
593 StorageIp: {get_attr: [StoragePort, ip_subnet]}
594 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]}
595 TenantIp: {get_attr: [TenantPort, ip_subnet]}
598 type: OS::TripleO::Controller::Net::SoftwareConfig
600 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
601 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
602 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
603 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
604 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
607 type: OS::TripleO::SoftwareDeployment
609 config: {get_resource: NetworkConfig}
610 server: {get_resource: Controller}
613 interface_name: {get_param: NeutronPublicInterface}
615 ControllerDeployment:
616 type: OS::TripleO::SoftwareDeployment
617 depends_on: NetworkDeployment
619 config: {get_resource: ControllerConfig}
620 server: {get_resource: Controller}
622 bootstack_nodeid: {get_attr: [Controller, name]}
623 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
624 heat.watch_server_url:
628 - {get_param: HeatApiVirtualIP}
630 heat.metadata_server_url:
634 - {get_param: HeatApiVirtualIP}
636 heat.waitcondition_server_url:
640 - {get_param: HeatApiVirtualIP}
641 - ':8000/v1/waitcondition'
642 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
643 horizon_secret: {get_param: HorizonSecret}
644 admin_password: {get_param: AdminPassword}
645 admin_token: {get_param: AdminToken}
646 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
647 debug: {get_param: Debug}
648 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
649 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
650 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
653 template: "['SERVERS']"
658 - {get_param: CinderNfsServers}
659 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
660 cinder_password: {get_param: CinderPassword}
661 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
662 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
663 cinder_backend_config: {get_param: CinderBackendConfig}
667 - - 'mysql://cinder:'
668 - {get_param: CinderPassword}
670 - {get_param: MysqlVirtualIP}
672 glance_port: {get_param: GlancePort}
673 glance_password: {get_param: GlancePassword}
674 glance_backend: {get_param: GlanceBackend}
675 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
676 glance_log_file: {get_param: GlanceLogFile}
680 - - 'mysql://glance:'
681 - {get_param: GlancePassword}
683 - {get_param: MysqlVirtualIP}
685 heat_password: {get_param: HeatPassword}
686 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
691 - {get_param: HeatPassword}
693 - {get_param: MysqlVirtualIP}
695 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
696 keystone_ca_certificate: {get_param: KeystoneCACertificate}
697 keystone_signing_key: {get_param: KeystoneSigningKey}
698 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
699 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
700 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
701 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
702 keystone_notification_format: {get_param: KeystoneNotificationFormat}
706 - - 'mysql://keystone:'
707 - {get_param: AdminToken}
709 - {get_param: MysqlVirtualIP}
711 keystone_identity_uri:
715 - {get_param: KeystonePublicApiVirtualIP}
721 - {get_param: KeystonePublicApiVirtualIP}
727 - {get_param: KeystonePublicApiVirtualIP}
728 - ':5000/v2.0/ec2tokens'
729 enable_fencing: {get_param: EnableFencing}
730 enable_galera: {get_param: EnableGalera}
731 enable_ceph_storage: {get_param: EnableCephStorage}
732 enable_swift_storage: {get_param: EnableSwiftStorage}
733 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
734 mysql_max_connections: {get_param: MysqlMaxConnections}
735 mysql_root_password: {get_param: MysqlRootPassword}
738 template: tripleo-CLUSTER
740 CLUSTER: {get_param: MysqlClusterUniquePart}
741 neutron_flat_networks: {get_param: NeutronFlatNetworks}
742 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
743 neutron_agent_mode: {get_param: NeutronAgentMode}
744 neutron_router_distributed: {get_param: NeutronDVR}
745 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
746 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
747 neutron_l3_ha: {get_param: NeutronL3HA}
748 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
749 neutron_network_vlan_ranges:
751 template: "['RANGES']"
756 - {get_param: NeutronNetworkVLANRanges}
757 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
758 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
759 neutron_public_interface: {get_param: NeutronPublicInterface}
760 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
761 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
762 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
763 neutron_tenant_network_type: {get_param: NeutronNetworkType}
764 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
765 neutron_tunnel_id_ranges:
767 template: "['RANGES']"
772 - {get_param: NeutronTunnelIdRanges}
775 template: "['RANGES']"
780 - {get_param: NeutronVniRanges}
781 neutron_password: {get_param: NeutronPassword}
782 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
786 - - 'mysql://neutron:'
787 - {get_param: NeutronPassword}
789 - {get_param: MysqlVirtualIP}
790 - '/ovs_neutron?charset=utf8'
795 - {get_param: NeutronApiVirtualIP}
797 neutron_admin_auth_url:
801 - {get_param: KeystonePublicApiVirtualIP}
803 ceilometer_backend: {get_param: CeilometerBackend}
804 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
805 ceilometer_password: {get_param: CeilometerPassword}
806 ceilometer_coordination_url:
810 - {get_param: RedisVirtualIP}
815 - - 'mysql://ceilometer:unset@'
816 - {get_param: MysqlVirtualIP}
818 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
819 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
820 nova_password: {get_param: NovaPassword}
825 - {get_param: NovaPassword}
827 - {get_param: MysqlVirtualIP}
829 fencing_config: {get_param: FencingConfig}
830 pcsd_password: {get_param: PcsdPassword}
831 rabbit_username: {get_param: RabbitUserName}
832 rabbit_password: {get_param: RabbitPassword}
833 rabbit_cookie: {get_param: RabbitCookie}
834 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
835 rabbit_client_port: {get_param: RabbitClientPort}
836 mongodb_no_journal: {get_param: MongoDbNoJournal}
839 template: '["server"]'
841 server: {get_param: NtpServer}
842 control_virtual_interface: {get_param: ControlVirtualInterface}
843 public_virtual_interface: {get_param: PublicVirtualInterface}
844 swift_hash_suffix: {get_param: SwiftHashSuffix}
845 swift_password: {get_param: SwiftPassword}
846 swift_part_power: {get_param: SwiftPartPower}
847 swift_replicas: {get_param: SwiftReplicas}
848 swift_min_part_hours: {get_param: SwiftMinPartHours}
849 swift_mount_check: {get_param: SwiftMountCheck}
850 enable_package_install: {get_param: EnablePackageInstall}
851 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
852 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
853 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
854 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
855 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
856 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
860 - - {get_param: GlanceProtocol}
862 - {get_param: GlanceApiVirtualIP}
864 - {get_param: GlancePort}
865 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
866 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
867 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
868 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
869 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
870 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
871 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
872 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
873 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
874 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
875 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
876 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
877 redis_vip: {get_param: RedisVirtualIP}
878 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
879 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
880 mysql_virtual_ip: {get_param: MysqlVirtualIP}
881 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
882 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
883 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
885 # Map heat metadata into hiera datafiles
887 type: OS::Heat::StructuredConfig
889 group: os-apply-config
893 - heat_config_%{::deploy_config_name}
894 - controller_extraconfig
899 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
900 - ceph_cluster # provided by CephClusterConfig
902 - bootstrap_node # provided by BootstrapNodeConfig
903 - all_nodes # provided by allNodesConfig
904 - vip_data # provided by vip-config
907 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
909 controller_extraconfig:
910 mapped_data: {get_param: ControllerExtraConfig}
912 mapped_data: {get_param: ExtraConfig}
914 raw_data: {get_file: hieradata/common.yaml}
916 raw_data: {get_file: hieradata/ceph.yaml}
918 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
919 ceph::profile::params::public_network: {get_input: ceph_public_network}
920 ceph::mon::public_addr: {get_input: ceph_public_ip}
922 raw_data: {get_file: hieradata/database.yaml}
924 raw_data: {get_file: hieradata/object.yaml}
926 raw_data: {get_file: hieradata/controller.yaml}
927 mapped_data: # data supplied directly to this deployment configuration, etc
928 bootstack_nodeid: {get_input: bootstack_nodeid}
931 enable_fencing: {get_input: enable_fencing}
932 hacluster_pwd: {get_input: pcsd_password}
933 tripleo::fencing::config: {get_input: fencing_config}
936 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
937 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
938 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
939 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
940 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
941 swift::proxy::authtoken::admin_password: {get_input: swift_password}
942 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
943 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
944 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
945 swift_mount_check: {get_input: swift_mount_check}
947 # NOTE(dprince): build_ring support is currently not wired in.
948 # See: https://review.openstack.org/#/c/109225/
949 tripleo::ringbuilder::build_ring: True
952 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
953 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
954 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
955 cinder_nfs_servers: {get_input: cinder_nfs_servers}
956 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
957 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
958 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
959 cinder::database_connection: {get_input: cinder_dsn}
960 cinder::api::keystone_password: {get_input: cinder_password}
961 cinder::api::auth_uri: {get_input: keystone_auth_uri}
962 cinder::api::identity_uri: {get_input: keystone_identity_uri}
963 cinder::api::bind_host: {get_input: cinder_api_network}
964 cinder::rabbit_userid: {get_input: rabbit_username}
965 cinder::rabbit_password: {get_input: rabbit_password}
966 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
967 cinder::rabbit_port: {get_input: rabbit_client_port}
968 cinder::debug: {get_input: debug}
969 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
970 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
971 cinder_backend_config: {get_input: CinderBackendConfig}
972 cinder::db::mysql::password: {get_input: cinder_password}
975 glance::api::bind_port: {get_input: glance_port}
976 glance::api::bind_host: {get_input: glance_api_network}
977 glance::api::auth_uri: {get_input: keystone_auth_uri}
978 glance::api::identity_uri: {get_input: keystone_identity_uri}
979 glance::api::registry_host: {get_input: glance_registry_network}
980 glance::api::keystone_password: {get_input: glance_password}
981 glance::api::debug: {get_input: debug}
982 glance_notifier_strategy: {get_input: glance_notifier_strategy}
983 glance_log_file: {get_input: glance_log_file}
984 glance_log_file: {get_input: glance_log_file}
985 glance::api::database_connection: {get_input: glance_dsn}
986 glance::registry::keystone_password: {get_input: glance_password}
987 glance::registry::database_connection: {get_input: glance_dsn}
988 glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
989 glance::registry::auth_uri: {get_input: keystone_auth_uri}
990 glance::registry::identity_uri: {get_input: keystone_identity_uri}
991 glance::registry::debug: {get_input: debug}
992 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
993 glance::backend::swift::swift_store_user: service:glance
994 glance::backend::swift::swift_store_key: {get_input: glance_password}
995 glance_backend: {get_input: glance_backend}
996 glance::db::mysql::password: {get_input: glance_password}
999 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1000 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1001 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1002 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1003 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1004 heat::rabbit_userid: {get_input: rabbit_username}
1005 heat::rabbit_password: {get_input: rabbit_password}
1006 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1007 heat::rabbit_port: {get_input: rabbit_client_port}
1008 heat::auth_uri: {get_input: keystone_auth_uri}
1009 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1010 heat::identity_uri: {get_input: keystone_identity_uri}
1011 heat::keystone_password: {get_input: heat_password}
1012 heat::api::bind_host: {get_input: heat_api_network}
1013 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1014 heat::api_cfn::bind_host: {get_input: heat_api_network}
1015 heat::database_connection: {get_input: heat_dsn}
1016 heat::debug: {get_input: debug}
1017 heat::db::mysql::password: {get_input: heat_password}
1020 keystone::admin_token: {get_input: admin_token}
1021 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1022 keystone_signing_key: {get_input: keystone_signing_key}
1023 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1024 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1025 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1026 keystone::database_connection: {get_input: keystone_dsn}
1027 keystone::public_bind_host: {get_input: keystone_public_api_network}
1028 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1029 keystone::debug: {get_input: debug}
1030 keystone::db::mysql::password: {get_input: admin_token}
1031 keystone::rabbit_userid: {get_input: rabbit_username}
1032 keystone::rabbit_password: {get_input: rabbit_password}
1033 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1034 keystone::rabbit_port: {get_input: rabbit_client_port}
1035 keystone::notification_driver: {get_input: keystone_notification_driver}
1036 keystone::notification_format: {get_input: keystone_notification_format}
1038 mongodb::server::bind_ip: {get_input: mongo_db_network}
1039 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1041 admin_password: {get_input: admin_password}
1042 enable_galera: {get_input: enable_galera}
1043 enable_ceph_storage: {get_input: enable_ceph_storage}
1044 enable_swift_storage: {get_input: enable_swift_storage}
1045 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1046 mysql_max_connections: {get_input: mysql_max_connections}
1047 mysql::server::root_password: {get_input: mysql_root_password}
1048 mysql_cluster_name: {get_input: mysql_cluster_name}
1049 mysql_bind_host: {get_input: mysql_network}
1050 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1053 neutron::bind_host: {get_input: neutron_api_network}
1054 neutron::rabbit_password: {get_input: rabbit_password}
1055 neutron::rabbit_user: {get_input: rabbit_user}
1056 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1057 neutron::rabbit_port: {get_input: rabbit_client_port}
1058 neutron::debug: {get_input: debug}
1059 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1060 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1061 neutron::server::database_connection: {get_input: neutron_dsn}
1062 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1063 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1064 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1065 neutron_flat_networks: {get_input: neutron_flat_networks}
1066 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1067 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1068 neutron_agent_mode: {get_input: neutron_agent_mode}
1069 neutron_router_distributed: {get_input: neutron_router_distributed}
1070 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1071 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1072 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1073 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1074 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1075 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1076 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1077 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1078 neutron_public_interface: {get_input: neutron_public_interface}
1079 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1080 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1081 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1082 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1083 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1084 neutron::server::auth_password: {get_input: neutron_password}
1085 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1086 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1087 neutron_dsn: {get_input: neutron_dsn}
1088 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1089 neutron::db::mysql::password: {get_input: neutron_password}
1092 ceilometer_backend: {get_input: ceilometer_backend}
1093 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1094 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1095 ceilometer::rabbit_userid: {get_input: rabbit_username}
1096 ceilometer::rabbit_password: {get_input: rabbit_password}
1097 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1098 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1099 ceilometer::debug: {get_input: debug}
1100 ceilometer::api::host: {get_input: ceilometer_api_network}
1101 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1102 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1103 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1104 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1105 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1106 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1107 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1108 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1109 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1112 nova::rabbit_userid: {get_input: rabbit_username}
1113 nova::rabbit_password: {get_input: rabbit_password}
1114 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1115 nova::rabbit_port: {get_input: rabbit_client_port}
1116 nova::debug: {get_input: debug}
1117 nova::api::auth_uri: {get_input: keystone_auth_uri}
1118 nova::api::identity_uri: {get_input: keystone_identity_uri}
1119 nova::api::api_bind_address: {get_input: nova_api_network}
1120 nova::api::metadata_listen: {get_input: nova_metadata_network}
1121 nova::api::admin_password: {get_input: nova_password}
1122 nova::database_connection: {get_input: nova_dsn}
1123 nova::glance_api_servers: {get_input: glance_api_servers}
1124 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1125 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1126 nova::network::neutron::neutron_url: {get_input: neutron_url}
1127 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1128 nova::vncproxy::host: {get_input: nova_api_network}
1129 nova::db::mysql::password: {get_input: nova_password}
1132 apache::ip: {get_input: horizon_network}
1133 horizon::django_debug: {get_input: debug}
1134 horizon::secret_key: {get_input: horizon_secret}
1135 horizon::bind_address: {get_input: horizon_network}
1136 horizon::keystone_url: {get_input: keystone_auth_uri}
1139 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1140 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1142 redis::bind: {get_input: redis_network}
1143 redis_vip: {get_input: redis_vip}
1145 memcached::listen_ip: {get_input: memcached_network}
1146 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1147 ntp::servers: {get_input: ntp_servers}
1148 control_virtual_interface: {get_input: control_virtual_interface}
1149 public_virtual_interface: {get_input: public_virtual_interface}
1150 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1151 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1152 tripleo::packages::enable_install: {get_input: enable_package_install}
1154 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1155 ControllerExtraConfigPre:
1156 depends_on: ControllerDeployment
1157 type: OS::TripleO::ControllerExtraConfigPre
1159 server: {get_resource: Controller}
1162 type: OS::TripleO::Tasks::PackageUpdate
1165 type: OS::Heat::SoftwareDeployment
1167 config: {get_resource: UpdateConfig}
1168 server: {get_resource: Controller}
1171 get_param: UpdateIdentifier
1175 description: IP address of the server in the ctlplane network
1176 value: {get_attr: [Controller, networks, ctlplane, 0]}
1177 external_ip_address:
1178 description: IP address of the server in the external network
1179 value: {get_attr: [ExternalPort, ip_address]}
1180 internal_api_ip_address:
1181 description: IP address of the server in the internal_api network
1182 value: {get_attr: [InternalApiPort, ip_address]}
1184 description: IP address of the server in the storage network
1185 value: {get_attr: [StoragePort, ip_address]}
1186 storage_mgmt_ip_address:
1187 description: IP address of the server in the storage_mgmt network
1188 value: {get_attr: [StorageMgmtPort, ip_address]}
1190 description: IP address of the server in the tenant network
1191 value: {get_attr: [TenantPort, ip_address]}
1193 description: Hostname of the server
1194 value: {get_attr: [Controller, name]}
1197 Node object in the format {ip: ..., name: ...} format that the corosync
1200 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1201 name: {get_attr: [Controller, name]}
1204 Server's IP address and hostname in the /etc/hosts format
1207 template: IP HOST.localdomain HOST CLOUDNAME
1209 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1210 HOST: {get_attr: [Controller, name]}
1211 CLOUDNAME: {get_param: CloudName}
1212 nova_server_resource:
1213 description: Heat resource handle for the Nova compute server
1215 {get_resource: Controller}
1217 description: Swift device formatted for swift-ring-builder
1220 template: 'r1z1-IP:%PORT%/d1'
1222 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1223 swift_proxy_memcache:
1224 description: Swift proxy-memcache value
1227 template: "IP:11211"
1229 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1231 description: identifier which changes if the controller configuration may need re-applying
1235 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1236 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}