1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service and db account.
31 CinderEnableNfsBackend:
33 description: Whether to enable or not the NFS backend for Cinder
35 CinderEnableIscsiBackend:
37 description: Whether to enable or not the Iscsi backend for Cinder
39 CinderEnableRbdBackend:
41 description: Whether to enable or not the Rbd backend for Cinder
45 description: The iSCSI helper to use with cinder.
47 CinderLVMLoopDeviceSize:
49 description: The size of the loopback file used by the cinder LVM driver.
51 CinderNfsMountOptions:
54 Mount options for NFS mounts used by Cinder NFS backend. Effective
55 when CinderEnableNfsBackend is true.
60 NFS servers used by Cinder NFS backend. Effective when
61 CinderEnableNfsBackend is true.
62 type: comma_delimited_list
65 description: The password for the cinder service and db account, used by cinder-api.
70 description: Contains parameters to configure Cinder backends. Typically
71 set via parameter_defaults in the resource registry.
75 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
77 ControllerExtraConfig:
80 Controller specific hiera configuration data to inject into the cluster.
82 ControlVirtualInterface:
84 description: Interface where virtual ip will be assigned.
88 description: Set to True to enable debugging on all services.
92 description: Whether to enable fencing in Pacemaker or not.
96 description: Whether to use Galera instead of regular MariaDB.
100 description: Whether to deploy Ceph Storage (OSD) on the Controller
104 description: Whether to enable Swift Storage on the Controller
109 Additional hieradata to inject into the cluster, note that
110 ControllerExtraConfig takes precedence over ExtraConfig.
115 Pacemaker fencing configuration. The JSON should have
116 the following structure:
120 "agent": "AGENT_NAME",
121 "host_mac": "HOST_MAC_ADDRESS",
122 "params": {"PARAM_NAME": "PARAM_VALUE"}
130 "agent": "fence_xvm",
131 "host_mac": "52:54:00:aa:bb:cc",
133 "multicast_address": "225.0.0.12",
134 "port": "baremetal_0",
136 "manage_key_file": true,
137 "key_file": "/etc/fence_xvm.key",
138 "key_file_password": "abcdef"
145 description: Flavor for control nodes to request when deploying.
148 - custom_constraint: nova.flavor
149 GlanceNotifierStrategy:
150 description: Strategy to use for Glance notification queue
154 description: The filepath of the file to use for logging messages from Glance.
159 description: The password for the glance service and db account, used by the glance services.
164 description: Glance port.
168 description: Protocol to use when connecting to glance, set to https for SSL.
172 description: The short name of the Glance backend to use. Should be one
173 of swift, rbd, or file
176 - allowed_values: ['swift', 'file', 'rbd']
179 description: The password for the Heat service and db account, used by the Heat services.
182 HeatStackDomainAdminPassword:
183 description: Password for heat_domain_admin user.
187 HeatAuthEncryptionKey:
188 description: Auth encryption key for heat-engine
191 description: Secret key for Django
195 default: overcloud-control
197 - custom_constraint: glance.image
199 default: 'REBUILD_PRESERVE_EPHEMERAL'
200 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
204 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
207 - custom_constraint: nova.keypair
208 KeystoneCACertificate:
210 description: Keystone self-signed certificate authority certificate.
212 KeystoneSigningCertificate:
214 description: Keystone certificate for verifying token validity.
218 description: Keystone key for signing tokens.
221 KeystoneSSLCertificate:
223 description: Keystone certificate for verifying token validity.
225 KeystoneSSLCertificateKey:
227 description: Keystone key for signing tokens.
230 MysqlClusterUniquePart:
231 description: A unique identifier of the MySQL cluster the controller is in.
233 default: 'unset' # Has to be here because of the ignored empty value bug
234 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
236 # - length: {min: 4, max: 10}
237 MysqlInnodbBufferPoolSize:
239 Specifies the size of the buffer pool in megabytes. Setting to
240 zero should be interpreted as "no value" and will defer to the
245 description: Configures MySQL max_connections config setting
251 default: '' # Has to be here because of the ignored empty value bug
252 NeutronExternalNetworkBridge:
253 description: Name of bridge used for external network traffic.
256 NeutronBridgeMappings:
258 The OVS logical->physical bridge mappings to use. See the Neutron
259 documentation for details. Defaults to mapping br-ex - the external
260 bridge on hosts - to a physical name 'datacentre' which can be used
261 to create provider networks (and we use this for the default floating
262 network) - if changing this either use different post-install network
263 scripts or be sure to keep 'datacentre' as a mapping network name.
265 default: "datacentre:br-ex"
266 NeutronDnsmasqOptions:
267 default: 'dhcp-option-force=26,1400'
268 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
272 description: Agent mode for the neutron-l3-agent on the controller hosts
276 description: Whether to enable l3-agent HA
278 NeutronDhcpAgentsPerNetwork:
281 description: The number of neutron dhcp agents to schedule per network
284 description: Whether to configure Neutron Distributed Virtual Routers
286 NeutronMetadataProxySharedSecret:
288 description: Shared secret to prevent spoofing
290 NeutronMechanismDrivers:
291 default: 'openvswitch'
293 The mechanism drivers for the Neutron tenant network. To specify multiple
294 values, use a comma separated string, like so: 'openvswitch,l2_population'
296 NeutronAllowL3AgentFailover:
298 description: Allow automatic l3-agent failover
300 NeutronEnableTunnelling:
305 default: 'datacentre'
306 description: If set, flat networks to configure in neutron plugins.
309 description: Whether to enable l3-agent HA
313 description: The tenant network type for Neutron, either gre or vxlan.
315 NeutronNetworkVLANRanges:
316 default: 'datacentre'
318 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
319 Neutron documentation for permitted values. Defaults to permitting any
320 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
321 type: comma_delimited_list
324 description: The password for the neutron service and db account, used by neutron agents.
327 NeutronPublicInterface:
329 description: What interface to bridge onto br-ex for network nodes.
331 NeutronPublicInterfaceTag:
334 VLAN tag for creating a public VLAN. The tag will be used to
335 create an access port on the exterior bridge for each control plane node,
336 and that port will be given the IP address returned by neutron from the
337 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
338 overcloud.yaml to include the deployment of VLAN ports to the control
341 NeutronPublicInterfaceDefaultRoute:
343 description: A custom default route for the NeutronPublicInterface.
345 NeutronPublicInterfaceIP:
347 description: A custom IP address to put onto the NeutronPublicInterface.
349 NeutronPublicInterfaceRawDevice:
351 description: If set, the public interface is a vlan with this device as the raw device.
356 The tunnel types for the Neutron tenant network. To specify multiple
357 values, use a comma separated string, like so: 'gre,vxlan'
359 NeutronTunnelIdRanges:
361 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
362 of GRE tunnel IDs that are available for tenant network allocation
363 default: ["1:1000", ]
364 type: comma_delimited_list
367 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
368 of VXLAN VNI IDs that are available for tenant network allocation
369 default: ["1:1000", ]
370 type: comma_delimited_list
373 description: The password for the nova service and db account, used by nova-api.
378 description: Should MongoDb journaling be disabled
385 description: The password for the 'pcsd' user.
386 PublicVirtualInterface:
389 Specifies the interface where the public-facing virtual ip will be assigned.
390 This should be int_public when a VLAN is being used.
392 PublicVirtualIP: # DEPRECATED: use per service settings instead
394 default: '' # Has to be here because of the ignored empty value bug
397 default: '' # Has to be here because of the ignored empty value bug
401 description: The password for RabbitMQ
406 description: The username for RabbitMQ
411 Rabbit client subscriber parameter to specify
412 an SSL connection to the RabbitMQ host.
416 description: Set rabbit subscriber port, change this if using SSL
420 default: '' # Has to be here because of the ignored empty value bug
421 SnmpdReadonlyUserName:
422 default: ro_snmp_user
423 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
425 SnmpdReadonlyUserPassword:
427 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
432 description: If set, the contents of an SSL certificate authority file.
436 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
441 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
446 description: A random string to be used as a salt when hashing to determine mappings
452 description: Value of mount_check in Swift account/container/object -server.conf
457 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
460 description: Partition Power to use when building Swift rings
464 description: The password for the swift service account, used by the swift proxy
471 description: How many replicas to use in the swift rings.
472 VirtualIP: # DEPRECATED: use per service settings instead
474 default: '' # Has to be here because of the ignored empty value bug
484 KeystonePublicApiVirtualIP:
490 EnablePackageInstall:
492 description: Set to true to enable package installation via Puppet
496 description: Mapping of service_name -> network name. Typically set
497 via parameter_defaults in the resource registry.
503 Setting to a previously unused value during stack-update will trigger
504 package update on all nodes
507 default: '' # Defaults to Heat created hostname
512 type: OS::Nova::Server
514 image: {get_param: Image}
515 image_update_policy: {get_param: ImageUpdatePolicy}
516 flavor: {get_param: Flavor}
517 key_name: {get_param: KeyName}
520 user_data_format: SOFTWARE_CONFIG
521 user_data: {get_resource: NodeUserData}
522 name: {get_param: Hostname}
525 type: OS::TripleO::NodeUserData
528 type: OS::TripleO::Controller::Ports::ExternalPort
530 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
533 type: OS::TripleO::Controller::Ports::InternalApiPort
535 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
538 type: OS::TripleO::Controller::Ports::StoragePort
540 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
543 type: OS::TripleO::Controller::Ports::StorageMgmtPort
545 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
548 type: OS::TripleO::Controller::Ports::TenantPort
550 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
553 type: OS::TripleO::Network::Ports::NetIpMap
555 ExternalIp: {get_attr: [ExternalPort, ip_address]}
556 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
557 StorageIp: {get_attr: [StoragePort, ip_address]}
558 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
559 TenantIp: {get_attr: [TenantPort, ip_address]}
562 type: OS::TripleO::Network::Ports::NetIpMap
564 ExternalIp: {get_attr: [ExternalPort, ip_subnet]}
565 InternalApiIp: {get_attr: [InternalApiPort, ip_subnet]}
566 StorageIp: {get_attr: [StoragePort, ip_subnet]}
567 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]}
568 TenantIp: {get_attr: [TenantPort, ip_subnet]}
571 type: OS::TripleO::Controller::Net::SoftwareConfig
573 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
574 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
575 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
576 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
577 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
580 type: OS::TripleO::SoftwareDeployment
582 config: {get_resource: NetworkConfig}
583 server: {get_resource: Controller}
586 interface_name: {get_param: NeutronPublicInterface}
588 ControllerDeployment:
589 type: OS::TripleO::SoftwareDeployment
590 depends_on: NetworkDeployment
592 config: {get_resource: ControllerConfig}
593 server: {get_resource: Controller}
595 bootstack_nodeid: {get_attr: [Controller, name]}
596 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
597 heat.watch_server_url:
601 - {get_param: HeatApiVirtualIP}
603 heat.metadata_server_url:
607 - {get_param: HeatApiVirtualIP}
609 heat.waitcondition_server_url:
613 - {get_param: HeatApiVirtualIP}
614 - ':8000/v1/waitcondition'
615 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
616 horizon_secret: {get_param: HorizonSecret}
617 admin_password: {get_param: AdminPassword}
618 admin_token: {get_param: AdminToken}
619 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
620 debug: {get_param: Debug}
621 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
622 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
623 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
626 template: "['SERVERS']"
631 - {get_param: CinderNfsServers}
632 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
633 cinder_password: {get_param: CinderPassword}
634 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
635 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
636 cinder_backend_config: {get_param: CinderBackendConfig}
640 - - 'mysql://cinder:'
641 - {get_param: CinderPassword}
643 - {get_param: MysqlVirtualIP}
645 glance_port: {get_param: GlancePort}
646 glance_password: {get_param: GlancePassword}
647 glance_backend: {get_param: GlanceBackend}
648 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
649 glance_log_file: {get_param: GlanceLogFile}
653 - - 'mysql://glance:'
654 - {get_param: GlancePassword}
656 - {get_param: MysqlVirtualIP}
658 heat_password: {get_param: HeatPassword}
659 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
664 - {get_param: HeatPassword}
666 - {get_param: MysqlVirtualIP}
668 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
669 keystone_ca_certificate: {get_param: KeystoneCACertificate}
670 keystone_signing_key: {get_param: KeystoneSigningKey}
671 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
672 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
673 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
677 - - 'mysql://keystone:'
678 - {get_param: AdminToken}
680 - {get_param: MysqlVirtualIP}
682 keystone_identity_uri:
686 - {get_param: KeystonePublicApiVirtualIP}
692 - {get_param: KeystonePublicApiVirtualIP}
698 - {get_param: KeystonePublicApiVirtualIP}
699 - ':5000/v2.0/ec2tokens'
700 enable_fencing: {get_param: EnableFencing}
701 enable_galera: {get_param: EnableGalera}
702 enable_ceph_storage: {get_param: EnableCephStorage}
703 enable_swift_storage: {get_param: EnableSwiftStorage}
704 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
705 mysql_max_connections: {get_param: MysqlMaxConnections}
706 mysql_root_password: {get_param: MysqlRootPassword}
709 template: tripleo-CLUSTER
711 CLUSTER: {get_param: MysqlClusterUniquePart}
712 neutron_flat_networks: {get_param: NeutronFlatNetworks}
713 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
714 neutron_agent_mode: {get_param: NeutronAgentMode}
715 neutron_router_distributed: {get_param: NeutronDVR}
716 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
717 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
718 neutron_l3_ha: {get_param: NeutronL3HA}
719 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
720 neutron_network_vlan_ranges:
722 template: "['RANGES']"
727 - {get_param: NeutronNetworkVLANRanges}
728 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
729 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
730 neutron_public_interface: {get_param: NeutronPublicInterface}
731 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
732 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
733 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
734 neutron_tenant_network_type: {get_param: NeutronNetworkType}
735 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
736 neutron_tunnel_id_ranges:
738 template: "['RANGES']"
743 - {get_param: NeutronTunnelIdRanges}
746 template: "['RANGES']"
751 - {get_param: NeutronVniRanges}
752 neutron_password: {get_param: NeutronPassword}
753 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
757 - - 'mysql://neutron:'
758 - {get_param: NeutronPassword}
760 - {get_param: MysqlVirtualIP}
761 - '/ovs_neutron?charset=utf8'
766 - {get_param: NeutronApiVirtualIP}
768 neutron_admin_auth_url:
772 - {get_param: KeystonePublicApiVirtualIP}
774 ceilometer_backend: {get_param: CeilometerBackend}
775 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
776 ceilometer_password: {get_param: CeilometerPassword}
777 ceilometer_coordination_url:
781 - {get_param: RedisVirtualIP}
786 - - 'mysql://ceilometer:unset@'
787 - {get_param: MysqlVirtualIP}
789 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
790 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
791 nova_password: {get_param: NovaPassword}
796 - {get_param: NovaPassword}
798 - {get_param: MysqlVirtualIP}
800 fencing_config: {get_param: FencingConfig}
801 pcsd_password: {get_param: PcsdPassword}
802 rabbit_username: {get_param: RabbitUserName}
803 rabbit_password: {get_param: RabbitPassword}
804 rabbit_cookie: {get_param: RabbitCookie}
805 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
806 rabbit_client_port: {get_param: RabbitClientPort}
807 mongodb_no_journal: {get_param: MongoDbNoJournal}
810 template: '["server"]'
812 server: {get_param: NtpServer}
813 control_virtual_interface: {get_param: ControlVirtualInterface}
814 public_virtual_interface: {get_param: PublicVirtualInterface}
815 swift_hash_suffix: {get_param: SwiftHashSuffix}
816 swift_password: {get_param: SwiftPassword}
817 swift_part_power: {get_param: SwiftPartPower}
818 swift_replicas: {get_param: SwiftReplicas}
819 swift_min_part_hours: {get_param: SwiftMinPartHours}
820 swift_mount_check: {get_param: SwiftMountCheck}
821 enable_package_install: {get_param: EnablePackageInstall}
822 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
823 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
824 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
825 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
826 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
827 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
831 - - {get_param: GlanceProtocol}
833 - {get_param: GlanceApiVirtualIP}
835 - {get_param: GlancePort}
836 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
837 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
838 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
839 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
840 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
841 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
842 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
843 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
844 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
845 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
846 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
847 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
848 redis_vip: {get_param: RedisVirtualIP}
849 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
850 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
851 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
852 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
853 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
855 # Map heat metadata into hiera datafiles
857 type: OS::Heat::StructuredConfig
859 group: os-apply-config
863 - heat_config_%{::deploy_config_name}
864 - controller_extraconfig
868 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
869 - ceph_cluster # provided by CephClusterConfig
871 - bootstrap_node # provided by BootstrapNodeConfig
872 - all_nodes # provided by allNodesConfig
873 - vip_data # provided by vip-config
876 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
878 controller_extraconfig:
879 mapped_data: {get_param: ControllerExtraConfig}
881 mapped_data: {get_param: ExtraConfig}
883 raw_data: {get_file: hieradata/common.yaml}
885 raw_data: {get_file: hieradata/ceph.yaml}
887 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
888 ceph::profile::params::public_network: {get_input: ceph_public_network}
889 ceph::mon::public_addr: {get_input: ceph_public_ip}
891 raw_data: {get_file: hieradata/object.yaml}
893 raw_data: {get_file: hieradata/controller.yaml}
894 mapped_data: # data supplied directly to this deployment configuration, etc
895 bootstack_nodeid: {get_input: bootstack_nodeid}
898 enable_fencing: {get_input: enable_fencing}
899 hacluster_pwd: {get_input: pcsd_password}
900 tripleo::fencing::config: {get_input: fencing_config}
903 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
904 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
905 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
906 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
907 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
908 swift::proxy::authtoken::admin_password: {get_input: swift_password}
909 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
910 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
911 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
912 swift_mount_check: {get_input: swift_mount_check}
914 # NOTE(dprince): build_ring support is currently not wired in.
915 # See: https://review.openstack.org/#/c/109225/
916 tripleo::ringbuilder::build_ring: True
919 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
920 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
921 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
922 cinder_nfs_servers: {get_input: cinder_nfs_servers}
923 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
924 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
925 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
926 cinder::database_connection: {get_input: cinder_dsn}
927 cinder::api::keystone_password: {get_input: cinder_password}
928 cinder::api::auth_uri: {get_input: keystone_auth_uri}
929 cinder::api::identity_uri: {get_input: keystone_identity_uri}
930 cinder::api::bind_host: {get_input: cinder_api_network}
931 cinder::rabbit_userid: {get_input: rabbit_username}
932 cinder::rabbit_password: {get_input: rabbit_password}
933 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
934 cinder::rabbit_port: {get_input: rabbit_client_port}
935 cinder::debug: {get_input: debug}
936 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
937 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
938 cinder_backend_config: {get_input: CinderBackendConfig}
941 glance::api::bind_port: {get_input: glance_port}
942 glance::api::bind_host: {get_input: glance_api_network}
943 glance::api::auth_uri: {get_input: keystone_auth_uri}
944 glance::api::identity_uri: {get_input: keystone_identity_uri}
945 glance::api::registry_host: {get_input: glance_registry_network}
946 glance::api::keystone_password: {get_input: glance_password}
947 glance::api::debug: {get_input: debug}
948 glance_notifier_strategy: {get_input: glance_notifier_strategy}
949 glance_log_file: {get_input: glance_log_file}
950 glance_log_file: {get_input: glance_log_file}
951 glance::api::database_connection: {get_input: glance_dsn}
952 glance::registry::keystone_password: {get_input: glance_password}
953 glance::registry::database_connection: {get_input: glance_dsn}
954 glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
955 glance::registry::auth_uri: {get_input: keystone_auth_uri}
956 glance::registry::identity_uri: {get_input: keystone_identity_uri}
957 glance::registry::debug: {get_input: debug}
958 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
959 glance::backend::swift::swift_store_user: service:glance
960 glance::backend::swift::swift_store_key: {get_input: glance_password}
961 glance_backend: {get_input: glance_backend}
964 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
965 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
966 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
967 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
968 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
969 heat::rabbit_userid: {get_input: rabbit_username}
970 heat::rabbit_password: {get_input: rabbit_password}
971 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
972 heat::rabbit_port: {get_input: rabbit_client_port}
973 heat::auth_uri: {get_input: keystone_auth_uri}
974 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
975 heat::identity_uri: {get_input: keystone_identity_uri}
976 heat::keystone_password: {get_input: heat_password}
977 heat::api::bind_host: {get_input: heat_api_network}
978 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
979 heat::api_cfn::bind_host: {get_input: heat_api_network}
980 heat::database_connection: {get_input: heat_dsn}
981 heat::instance_user: heat-admin
982 heat::debug: {get_input: debug}
985 keystone::admin_token: {get_input: admin_token}
986 keystone_ca_certificate: {get_input: keystone_ca_certificate}
987 keystone_signing_key: {get_input: keystone_signing_key}
988 keystone_signing_certificate: {get_input: keystone_signing_certificate}
989 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
990 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
991 keystone::database_connection: {get_input: keystone_dsn}
992 keystone::public_bind_host: {get_input: keystone_public_api_network}
993 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
994 keystone::debug: {get_input: debug}
996 mongodb::server::bind_ip: {get_input: mongo_db_network}
997 mongodb::server::nojournal: {get_input: mongodb_no_journal}
999 admin_password: {get_input: admin_password}
1000 enable_galera: {get_input: enable_galera}
1001 enable_ceph_storage: {get_input: enable_ceph_storage}
1002 enable_swift_storage: {get_input: enable_swift_storage}
1003 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1004 mysql_max_connections: {get_input: mysql_max_connections}
1005 mysql::server::root_password: {get_input: mysql_root_password}
1006 mysql_cluster_name: {get_input: mysql_cluster_name}
1007 mysql_bind_host: {get_input: mysql_network}
1010 neutron::bind_host: {get_input: neutron_api_network}
1011 neutron::rabbit_password: {get_input: rabbit_password}
1012 neutron::rabbit_user: {get_input: rabbit_user}
1013 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1014 neutron::rabbit_port: {get_input: rabbit_client_port}
1015 neutron::debug: {get_input: debug}
1016 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1017 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1018 neutron::server::database_connection: {get_input: neutron_dsn}
1019 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1020 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1021 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1022 neutron_flat_networks: {get_input: neutron_flat_networks}
1023 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1024 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1025 neutron_agent_mode: {get_input: neutron_agent_mode}
1026 neutron_router_distributed: {get_input: neutron_router_distributed}
1027 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1028 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1029 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1030 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1031 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1032 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1033 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1034 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1035 neutron_public_interface: {get_input: neutron_public_interface}
1036 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1037 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1038 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1039 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1040 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1041 neutron::server::auth_password: {get_input: neutron_password}
1042 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1043 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1044 neutron_dsn: {get_input: neutron_dsn}
1045 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1048 ceilometer_backend: {get_input: ceilometer_backend}
1049 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1050 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1051 ceilometer::rabbit_userid: {get_input: rabbit_username}
1052 ceilometer::rabbit_password: {get_input: rabbit_password}
1053 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1054 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1055 ceilometer::debug: {get_input: debug}
1056 ceilometer::api::host: {get_input: ceilometer_api_network}
1057 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1058 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1059 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1060 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1061 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1062 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1063 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1064 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1067 nova::rabbit_userid: {get_input: rabbit_username}
1068 nova::rabbit_password: {get_input: rabbit_password}
1069 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1070 nova::rabbit_port: {get_input: rabbit_client_port}
1071 nova::debug: {get_input: debug}
1072 nova::api::auth_uri: {get_input: keystone_auth_uri}
1073 nova::api::identity_uri: {get_input: keystone_identity_uri}
1074 nova::api::api_bind_address: {get_input: nova_api_network}
1075 nova::api::metadata_listen: {get_input: nova_metadata_network}
1076 nova::api::admin_password: {get_input: nova_password}
1077 nova::database_connection: {get_input: nova_dsn}
1078 nova::glance_api_servers: {get_input: glance_api_servers}
1079 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1080 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1081 nova::network::neutron::neutron_url: {get_input: neutron_url}
1082 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1083 nova::vncproxy::host: {get_input: nova_api_network}
1086 apache::ip: {get_input: horizon_network}
1087 horizon::django_debug: {get_input: debug}
1088 horizon::secret_key: {get_input: horizon_secret}
1089 horizon::bind_address: {get_input: horizon_network}
1090 horizon::keystone_url: {get_input: keystone_auth_uri}
1093 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1094 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1096 redis::bind: {get_input: redis_network}
1097 redis_vip: {get_input: redis_vip}
1099 memcached::listen_ip: {get_input: memcached_network}
1100 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1101 ntp::servers: {get_input: ntp_servers}
1102 control_virtual_interface: {get_input: control_virtual_interface}
1103 public_virtual_interface: {get_input: public_virtual_interface}
1104 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1105 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1106 tripleo::packages::enable_install: {get_input: enable_package_install}
1108 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1109 ControllerExtraConfigPre:
1110 depends_on: ControllerDeployment
1111 type: OS::TripleO::ControllerExtraConfigPre
1113 server: {get_resource: Controller}
1116 type: OS::TripleO::Tasks::PackageUpdate
1119 type: OS::Heat::SoftwareDeployment
1121 config: {get_resource: UpdateConfig}
1122 server: {get_resource: Controller}
1125 get_param: UpdateIdentifier
1129 description: IP address of the server in the ctlplane network
1130 value: {get_attr: [Controller, networks, ctlplane, 0]}
1131 external_ip_address:
1132 description: IP address of the server in the external network
1133 value: {get_attr: [ExternalPort, ip_address]}
1134 internal_api_ip_address:
1135 description: IP address of the server in the internal_api network
1136 value: {get_attr: [InternalApiPort, ip_address]}
1138 description: IP address of the server in the storage network
1139 value: {get_attr: [StoragePort, ip_address]}
1140 storage_mgmt_ip_address:
1141 description: IP address of the server in the storage_mgmt network
1142 value: {get_attr: [StorageMgmtPort, ip_address]}
1144 description: IP address of the server in the tenant network
1145 value: {get_attr: [TenantPort, ip_address]}
1147 description: Hostname of the server
1148 value: {get_attr: [Controller, name]}
1151 Node object in the format {ip: ..., name: ...} format that the corosync
1154 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1155 name: {get_attr: [Controller, name]}
1158 Server's IP address and hostname in the /etc/hosts format
1161 template: IP HOST.localdomain HOST CLOUDNAME
1163 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1164 HOST: {get_attr: [Controller, name]}
1165 CLOUDNAME: {get_param: CloudName}
1166 nova_server_resource:
1167 description: Heat resource handle for the Nova compute server
1169 {get_resource: Controller}
1171 description: Swift device formatted for swift-ring-builder
1174 template: 'r1z1-IP:%PORT%/d1'
1176 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1177 swift_proxy_memcache:
1178 description: Swift proxy-memcache value
1181 template: "IP:11211"
1183 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1185 description: identifier which changes if the controller configuration may need re-applying
1189 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1190 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}