1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service and db account.
31 CinderEnableNfsBackend:
33 description: Whether to enable or not the NFS backend for Cinder
35 CinderEnableIscsiBackend:
37 description: Whether to enable or not the Iscsi backend for Cinder
39 CinderEnableRbdBackend:
41 description: Whether to enable or not the Rbd backend for Cinder
45 description: The iSCSI helper to use with cinder.
47 CinderLVMLoopDeviceSize:
49 description: The size of the loopback file used by the cinder LVM driver.
51 CinderNfsMountOptions:
54 Mount options for NFS mounts used by Cinder NFS backend. Effective
55 when CinderEnableNfsBackend is true.
60 NFS servers used by Cinder NFS backend. Effective when
61 CinderEnableNfsBackend is true.
62 type: comma_delimited_list
65 description: The password for the cinder service and db account, used by cinder-api.
70 description: Contains parameters to configure Cinder backends. Typically
71 set via parameter_defaults in the resource registry.
75 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
77 ControllerExtraConfig:
80 Controller specific hiera configuration data to inject into the cluster.
82 ControlVirtualInterface:
84 description: Interface where virtual ip will be assigned.
88 description: Set to True to enable debugging on all services.
92 description: Whether to enable fencing in Pacemaker or not.
96 description: Whether to use Galera instead of regular MariaDB.
100 description: Whether to deploy Ceph Storage (OSD) on the Controller
104 description: Whether to enable Swift Storage on the Controller
109 Additional hieradata to inject into the cluster, note that
110 ControllerExtraConfig takes precedence over ExtraConfig.
115 Pacemaker fencing configuration. The JSON should have
116 the following structure:
120 "agent": "AGENT_NAME",
121 "host_mac": "HOST_MAC_ADDRESS",
122 "params": {"PARAM_NAME": "PARAM_VALUE"}
130 "agent": "fence_xvm",
131 "host_mac": "52:54:00:aa:bb:cc",
133 "multicast_address": "225.0.0.12",
134 "port": "baremetal_0",
136 "manage_key_file": true,
137 "key_file": "/etc/fence_xvm.key",
138 "key_file_password": "abcdef"
145 description: Flavor for control nodes to request when deploying.
148 - custom_constraint: nova.flavor
149 GlanceNotifierStrategy:
150 description: Strategy to use for Glance notification queue
154 description: The filepath of the file to use for logging messages from Glance.
159 description: The password for the glance service and db account, used by the glance services.
164 description: Glance port.
168 description: Protocol to use when connecting to glance, set to https for SSL.
172 description: The short name of the Glance backend to use. Should be one
173 of swift, rbd, or file
176 - allowed_values: ['swift', 'file', 'rbd']
179 description: The password for the Heat service and db account, used by the Heat services.
182 HeatStackDomainAdminPassword:
183 description: Password for heat_domain_admin user.
187 HeatAuthEncryptionKey:
188 description: Auth encryption key for heat-engine
191 description: Secret key for Django
195 default: overcloud-control
197 - custom_constraint: glance.image
199 default: 'REBUILD_PRESERVE_EPHEMERAL'
200 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
204 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
207 - custom_constraint: nova.keypair
208 KeystoneCACertificate:
210 description: Keystone self-signed certificate authority certificate.
212 KeystoneSigningCertificate:
214 description: Keystone certificate for verifying token validity.
218 description: Keystone key for signing tokens.
221 KeystoneSSLCertificate:
223 description: Keystone certificate for verifying token validity.
225 KeystoneSSLCertificateKey:
227 description: Keystone key for signing tokens.
230 MysqlClusterUniquePart:
231 description: A unique identifier of the MySQL cluster the controller is in.
233 default: 'unset' # Has to be here because of the ignored empty value bug
234 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
236 # - length: {min: 4, max: 10}
237 MysqlInnodbBufferPoolSize:
239 Specifies the size of the buffer pool in megabytes. Setting to
240 zero should be interpreted as "no value" and will defer to the
245 description: Configures MySQL max_connections config setting
251 default: '' # Has to be here because of the ignored empty value bug
252 NeutronExternalNetworkBridge:
253 description: Name of bridge used for external network traffic.
256 NeutronBridgeMappings:
258 The OVS logical->physical bridge mappings to use. See the Neutron
259 documentation for details. Defaults to mapping br-ex - the external
260 bridge on hosts - to a physical name 'datacentre' which can be used
261 to create provider networks (and we use this for the default floating
262 network) - if changing this either use different post-install network
263 scripts or be sure to keep 'datacentre' as a mapping network name.
265 default: "datacentre:br-ex"
266 NeutronDnsmasqOptions:
267 default: 'dhcp-option-force=26,1400'
268 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
272 description: Agent mode for the neutron-l3-agent on the controller hosts
276 description: Whether to enable l3-agent HA
278 NeutronDhcpAgentsPerNetwork:
281 description: The number of neutron dhcp agents to schedule per network
284 description: Whether to configure Neutron Distributed Virtual Routers
286 NeutronMetadataProxySharedSecret:
288 description: Shared secret to prevent spoofing
290 NeutronMechanismDrivers:
291 default: 'openvswitch'
293 The mechanism drivers for the Neutron tenant network. To specify multiple
294 values, use a comma separated string, like so: 'openvswitch,l2_population'
296 NeutronAllowL3AgentFailover:
298 description: Allow automatic l3-agent failover
300 NeutronEnableTunnelling:
305 default: 'datacentre'
306 description: If set, flat networks to configure in neutron plugins.
309 description: Whether to enable l3-agent HA
313 description: The tenant network type for Neutron, either gre or vxlan.
315 NeutronNetworkVLANRanges:
316 default: 'datacentre'
318 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
319 Neutron documentation for permitted values. Defaults to permitting any
320 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
321 type: comma_delimited_list
324 description: The password for the neutron service and db account, used by neutron agents.
327 NeutronPublicInterface:
329 description: What interface to bridge onto br-ex for network nodes.
331 NeutronPublicInterfaceTag:
334 VLAN tag for creating a public VLAN. The tag will be used to
335 create an access port on the exterior bridge for each control plane node,
336 and that port will be given the IP address returned by neutron from the
337 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
338 overcloud.yaml to include the deployment of VLAN ports to the control
341 NeutronPublicInterfaceDefaultRoute:
343 description: A custom default route for the NeutronPublicInterface.
345 NeutronPublicInterfaceIP:
347 description: A custom IP address to put onto the NeutronPublicInterface.
349 NeutronPublicInterfaceRawDevice:
351 description: If set, the public interface is a vlan with this device as the raw device.
356 The tunnel types for the Neutron tenant network. To specify multiple
357 values, use a comma separated string, like so: 'gre,vxlan'
359 NeutronTunnelIdRanges:
361 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
362 of GRE tunnel IDs that are available for tenant network allocation
363 default: ["1:1000", ]
364 type: comma_delimited_list
367 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
368 of VXLAN VNI IDs that are available for tenant network allocation
369 default: ["1:1000", ]
370 type: comma_delimited_list
373 description: The password for the nova service and db account, used by nova-api.
378 description: Should MongoDb journaling be disabled
385 description: The password for the 'pcsd' user.
386 PublicVirtualInterface:
389 Specifies the interface where the public-facing virtual ip will be assigned.
390 This should be int_public when a VLAN is being used.
392 PublicVirtualIP: # DEPRECATED: use per service settings instead
394 default: '' # Has to be here because of the ignored empty value bug
397 default: '' # Has to be here because of the ignored empty value bug
401 description: The password for RabbitMQ
406 description: The username for RabbitMQ
411 Rabbit client subscriber parameter to specify
412 an SSL connection to the RabbitMQ host.
416 description: Set rabbit subscriber port, change this if using SSL
420 default: '' # Has to be here because of the ignored empty value bug
421 SnmpdReadonlyUserName:
422 default: ro_snmp_user
423 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
425 SnmpdReadonlyUserPassword:
427 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
432 description: If set, the contents of an SSL certificate authority file.
436 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
441 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
446 description: A random string to be used as a salt when hashing to determine mappings
452 description: Value of mount_check in Swift account/container/object -server.conf
457 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
460 description: Partition Power to use when building Swift rings
464 description: The password for the swift service account, used by the swift proxy
471 description: How many replicas to use in the swift rings.
472 VirtualIP: # DEPRECATED: use per service settings instead
474 default: '' # Has to be here because of the ignored empty value bug
484 KeystonePublicApiVirtualIP:
490 EnablePackageInstall:
492 description: Set to true to enable package installation via Puppet
496 description: Mapping of service_name -> network name. Typically set
497 via parameter_defaults in the resource registry.
503 Setting to a previously unused value during stack-update will trigger
504 package update on all nodes
507 default: '' # Defaults to Heat created hostname
512 type: OS::Nova::Server
514 image: {get_param: Image}
515 image_update_policy: {get_param: ImageUpdatePolicy}
516 flavor: {get_param: Flavor}
517 key_name: {get_param: KeyName}
520 user_data_format: SOFTWARE_CONFIG
521 user_data: {get_resource: NodeUserData}
522 name: {get_param: Hostname}
525 type: OS::TripleO::NodeUserData
528 type: OS::TripleO::Controller::Ports::ExternalPort
530 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
533 type: OS::TripleO::Controller::Ports::InternalApiPort
535 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
538 type: OS::TripleO::Controller::Ports::StoragePort
540 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
543 type: OS::TripleO::Controller::Ports::StorageMgmtPort
545 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
548 type: OS::TripleO::Controller::Ports::TenantPort
550 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
553 type: OS::TripleO::Network::Ports::NetIpMap
555 ExternalIp: {get_attr: [ExternalPort, ip_address]}
556 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
557 StorageIp: {get_attr: [StoragePort, ip_address]}
558 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
559 TenantIp: {get_attr: [TenantPort, ip_address]}
562 type: OS::TripleO::Network::Ports::NetIpMap
564 ExternalIp: {get_attr: [ExternalPort, ip_subnet]}
565 InternalApiIp: {get_attr: [InternalApiPort, ip_subnet]}
566 StorageIp: {get_attr: [StoragePort, ip_subnet]}
567 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]}
568 TenantIp: {get_attr: [TenantPort, ip_subnet]}
571 type: OS::TripleO::Controller::Net::SoftwareConfig
573 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
574 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
575 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
576 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
577 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
580 type: OS::TripleO::SoftwareDeployment
582 config: {get_resource: NetworkConfig}
583 server: {get_resource: Controller}
586 interface_name: {get_param: NeutronPublicInterface}
588 ControllerDeployment:
589 type: OS::TripleO::SoftwareDeployment
590 depends_on: NetworkDeployment
592 config: {get_resource: ControllerConfig}
593 server: {get_resource: Controller}
595 bootstack_nodeid: {get_attr: [Controller, name]}
596 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
597 heat.watch_server_url:
601 - {get_param: HeatApiVirtualIP}
603 heat.metadata_server_url:
607 - {get_param: HeatApiVirtualIP}
609 heat.waitcondition_server_url:
613 - {get_param: HeatApiVirtualIP}
614 - ':8000/v1/waitcondition'
615 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
616 horizon_secret: {get_param: HorizonSecret}
617 admin_password: {get_param: AdminPassword}
618 admin_token: {get_param: AdminToken}
619 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
620 debug: {get_param: Debug}
621 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
622 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
623 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
626 template: "['SERVERS']"
631 - {get_param: CinderNfsServers}
632 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
633 cinder_password: {get_param: CinderPassword}
634 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
635 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
636 cinder_backend_config: {get_param: CinderBackendConfig}
640 - - 'mysql://cinder:'
641 - {get_param: CinderPassword}
643 - {get_param: MysqlVirtualIP}
645 glance_port: {get_param: GlancePort}
646 glance_password: {get_param: GlancePassword}
647 glance_backend: {get_param: GlanceBackend}
648 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
649 glance_log_file: {get_param: GlanceLogFile}
653 - - 'mysql://glance:'
654 - {get_param: GlancePassword}
656 - {get_param: MysqlVirtualIP}
658 heat_password: {get_param: HeatPassword}
659 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
664 - {get_param: HeatPassword}
666 - {get_param: MysqlVirtualIP}
668 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
669 keystone_ca_certificate: {get_param: KeystoneCACertificate}
670 keystone_signing_key: {get_param: KeystoneSigningKey}
671 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
672 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
673 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
677 - - 'mysql://keystone:'
678 - {get_param: AdminToken}
680 - {get_param: MysqlVirtualIP}
682 keystone_identity_uri:
686 - {get_param: KeystonePublicApiVirtualIP}
692 - {get_param: KeystonePublicApiVirtualIP}
698 - {get_param: KeystonePublicApiVirtualIP}
699 - ':5000/v2.0/ec2tokens'
700 enable_fencing: {get_param: EnableFencing}
701 enable_galera: {get_param: EnableGalera}
702 enable_ceph_storage: {get_param: EnableCephStorage}
703 enable_swift_storage: {get_param: EnableSwiftStorage}
704 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
705 mysql_max_connections: {get_param: MysqlMaxConnections}
706 mysql_root_password: {get_param: MysqlRootPassword}
709 template: tripleo-CLUSTER
711 CLUSTER: {get_param: MysqlClusterUniquePart}
712 neutron_flat_networks: {get_param: NeutronFlatNetworks}
713 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
714 neutron_agent_mode: {get_param: NeutronAgentMode}
715 neutron_router_distributed: {get_param: NeutronDVR}
716 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
717 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
718 neutron_l3_ha: {get_param: NeutronL3HA}
719 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
720 neutron_network_vlan_ranges:
722 template: "['RANGES']"
727 - {get_param: NeutronNetworkVLANRanges}
728 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
729 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
730 neutron_public_interface: {get_param: NeutronPublicInterface}
731 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
732 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
733 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
734 neutron_tenant_network_type: {get_param: NeutronNetworkType}
735 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
736 neutron_tunnel_id_ranges:
738 template: "['RANGES']"
743 - {get_param: NeutronTunnelIdRanges}
746 template: "['RANGES']"
751 - {get_param: NeutronVniRanges}
752 neutron_password: {get_param: NeutronPassword}
753 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
757 - - 'mysql://neutron:'
758 - {get_param: NeutronPassword}
760 - {get_param: MysqlVirtualIP}
761 - '/ovs_neutron?charset=utf8'
766 - {get_param: NeutronApiVirtualIP}
768 neutron_admin_auth_url:
772 - {get_param: KeystonePublicApiVirtualIP}
774 ceilometer_backend: {get_param: CeilometerBackend}
775 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
776 ceilometer_password: {get_param: CeilometerPassword}
777 ceilometer_coordination_url:
781 - {get_param: RedisVirtualIP}
786 - - 'mysql://ceilometer:unset@'
787 - {get_param: MysqlVirtualIP}
789 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
790 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
791 nova_password: {get_param: NovaPassword}
796 - {get_param: NovaPassword}
798 - {get_param: MysqlVirtualIP}
800 fencing_config: {get_param: FencingConfig}
801 pcsd_password: {get_param: PcsdPassword}
802 rabbit_username: {get_param: RabbitUserName}
803 rabbit_password: {get_param: RabbitPassword}
804 rabbit_cookie: {get_param: RabbitCookie}
805 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
806 rabbit_client_port: {get_param: RabbitClientPort}
807 mongodb_no_journal: {get_param: MongoDbNoJournal}
810 template: '["server"]'
812 server: {get_param: NtpServer}
813 control_virtual_interface: {get_param: ControlVirtualInterface}
814 public_virtual_interface: {get_param: PublicVirtualInterface}
815 swift_hash_suffix: {get_param: SwiftHashSuffix}
816 swift_password: {get_param: SwiftPassword}
817 swift_part_power: {get_param: SwiftPartPower}
818 swift_replicas: {get_param: SwiftReplicas}
819 swift_min_part_hours: {get_param: SwiftMinPartHours}
820 swift_mount_check: {get_param: SwiftMountCheck}
821 enable_package_install: {get_param: EnablePackageInstall}
822 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
823 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
824 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
825 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
826 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
827 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
831 - - {get_param: GlanceProtocol}
833 - {get_param: GlanceApiVirtualIP}
835 - {get_param: GlancePort}
836 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
837 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
838 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
839 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
840 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
841 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
842 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
843 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
844 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
845 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
846 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
847 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
848 redis_vip: {get_param: RedisVirtualIP}
849 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
850 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
851 mysql_virtual_ip: {get_param: MysqlVirtualIP}
852 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
853 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
854 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
856 # Map heat metadata into hiera datafiles
858 type: OS::Heat::StructuredConfig
860 group: os-apply-config
864 - heat_config_%{::deploy_config_name}
865 - controller_extraconfig
870 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
871 - ceph_cluster # provided by CephClusterConfig
873 - bootstrap_node # provided by BootstrapNodeConfig
874 - all_nodes # provided by allNodesConfig
875 - vip_data # provided by vip-config
878 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
880 controller_extraconfig:
881 mapped_data: {get_param: ControllerExtraConfig}
883 mapped_data: {get_param: ExtraConfig}
885 raw_data: {get_file: hieradata/common.yaml}
887 raw_data: {get_file: hieradata/ceph.yaml}
889 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
890 ceph::profile::params::public_network: {get_input: ceph_public_network}
891 ceph::mon::public_addr: {get_input: ceph_public_ip}
893 raw_data: {get_file: hieradata/database.yaml}
895 raw_data: {get_file: hieradata/object.yaml}
897 raw_data: {get_file: hieradata/controller.yaml}
898 mapped_data: # data supplied directly to this deployment configuration, etc
899 bootstack_nodeid: {get_input: bootstack_nodeid}
902 enable_fencing: {get_input: enable_fencing}
903 hacluster_pwd: {get_input: pcsd_password}
904 tripleo::fencing::config: {get_input: fencing_config}
907 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
908 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
909 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
910 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
911 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
912 swift::proxy::authtoken::admin_password: {get_input: swift_password}
913 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
914 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
915 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
916 swift_mount_check: {get_input: swift_mount_check}
918 # NOTE(dprince): build_ring support is currently not wired in.
919 # See: https://review.openstack.org/#/c/109225/
920 tripleo::ringbuilder::build_ring: True
923 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
924 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
925 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
926 cinder_nfs_servers: {get_input: cinder_nfs_servers}
927 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
928 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
929 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
930 cinder::database_connection: {get_input: cinder_dsn}
931 cinder::api::keystone_password: {get_input: cinder_password}
932 cinder::api::auth_uri: {get_input: keystone_auth_uri}
933 cinder::api::identity_uri: {get_input: keystone_identity_uri}
934 cinder::api::bind_host: {get_input: cinder_api_network}
935 cinder::rabbit_userid: {get_input: rabbit_username}
936 cinder::rabbit_password: {get_input: rabbit_password}
937 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
938 cinder::rabbit_port: {get_input: rabbit_client_port}
939 cinder::debug: {get_input: debug}
940 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
941 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
942 cinder_backend_config: {get_input: CinderBackendConfig}
943 cinder::db::mysql::password: {get_input: cinder_password}
946 glance::api::bind_port: {get_input: glance_port}
947 glance::api::bind_host: {get_input: glance_api_network}
948 glance::api::auth_uri: {get_input: keystone_auth_uri}
949 glance::api::identity_uri: {get_input: keystone_identity_uri}
950 glance::api::registry_host: {get_input: glance_registry_network}
951 glance::api::keystone_password: {get_input: glance_password}
952 glance::api::debug: {get_input: debug}
953 glance_notifier_strategy: {get_input: glance_notifier_strategy}
954 glance_log_file: {get_input: glance_log_file}
955 glance_log_file: {get_input: glance_log_file}
956 glance::api::database_connection: {get_input: glance_dsn}
957 glance::registry::keystone_password: {get_input: glance_password}
958 glance::registry::database_connection: {get_input: glance_dsn}
959 glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
960 glance::registry::auth_uri: {get_input: keystone_auth_uri}
961 glance::registry::identity_uri: {get_input: keystone_identity_uri}
962 glance::registry::debug: {get_input: debug}
963 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
964 glance::backend::swift::swift_store_user: service:glance
965 glance::backend::swift::swift_store_key: {get_input: glance_password}
966 glance_backend: {get_input: glance_backend}
967 glance::db::mysql::password: {get_input: glance_password}
970 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
971 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
972 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
973 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
974 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
975 heat::rabbit_userid: {get_input: rabbit_username}
976 heat::rabbit_password: {get_input: rabbit_password}
977 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
978 heat::rabbit_port: {get_input: rabbit_client_port}
979 heat::auth_uri: {get_input: keystone_auth_uri}
980 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
981 heat::identity_uri: {get_input: keystone_identity_uri}
982 heat::keystone_password: {get_input: heat_password}
983 heat::api::bind_host: {get_input: heat_api_network}
984 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
985 heat::api_cfn::bind_host: {get_input: heat_api_network}
986 heat::database_connection: {get_input: heat_dsn}
987 heat::debug: {get_input: debug}
988 heat::db::mysql::password: {get_input: heat_password}
991 keystone::admin_token: {get_input: admin_token}
992 keystone_ca_certificate: {get_input: keystone_ca_certificate}
993 keystone_signing_key: {get_input: keystone_signing_key}
994 keystone_signing_certificate: {get_input: keystone_signing_certificate}
995 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
996 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
997 keystone::database_connection: {get_input: keystone_dsn}
998 keystone::public_bind_host: {get_input: keystone_public_api_network}
999 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1000 keystone::debug: {get_input: debug}
1001 keystone::db::mysql::password: {get_input: admin_token}
1003 mongodb::server::bind_ip: {get_input: mongo_db_network}
1004 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1006 admin_password: {get_input: admin_password}
1007 enable_galera: {get_input: enable_galera}
1008 enable_ceph_storage: {get_input: enable_ceph_storage}
1009 enable_swift_storage: {get_input: enable_swift_storage}
1010 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1011 mysql_max_connections: {get_input: mysql_max_connections}
1012 mysql::server::root_password: {get_input: mysql_root_password}
1013 mysql_cluster_name: {get_input: mysql_cluster_name}
1014 mysql_bind_host: {get_input: mysql_network}
1015 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1018 neutron::bind_host: {get_input: neutron_api_network}
1019 neutron::rabbit_password: {get_input: rabbit_password}
1020 neutron::rabbit_user: {get_input: rabbit_user}
1021 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1022 neutron::rabbit_port: {get_input: rabbit_client_port}
1023 neutron::debug: {get_input: debug}
1024 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1025 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1026 neutron::server::database_connection: {get_input: neutron_dsn}
1027 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1028 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1029 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1030 neutron_flat_networks: {get_input: neutron_flat_networks}
1031 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1032 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1033 neutron_agent_mode: {get_input: neutron_agent_mode}
1034 neutron_router_distributed: {get_input: neutron_router_distributed}
1035 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1036 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1037 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1038 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1039 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1040 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1041 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1042 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1043 neutron_public_interface: {get_input: neutron_public_interface}
1044 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1045 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1046 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1047 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1048 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1049 neutron::server::auth_password: {get_input: neutron_password}
1050 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1051 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1052 neutron_dsn: {get_input: neutron_dsn}
1053 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1054 neutron::db::mysql::password: {get_input: neutron_password}
1057 ceilometer_backend: {get_input: ceilometer_backend}
1058 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1059 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1060 ceilometer::rabbit_userid: {get_input: rabbit_username}
1061 ceilometer::rabbit_password: {get_input: rabbit_password}
1062 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1063 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1064 ceilometer::debug: {get_input: debug}
1065 ceilometer::api::host: {get_input: ceilometer_api_network}
1066 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1067 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1068 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1069 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1070 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1071 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1072 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1073 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1074 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1077 nova::rabbit_userid: {get_input: rabbit_username}
1078 nova::rabbit_password: {get_input: rabbit_password}
1079 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1080 nova::rabbit_port: {get_input: rabbit_client_port}
1081 nova::debug: {get_input: debug}
1082 nova::api::auth_uri: {get_input: keystone_auth_uri}
1083 nova::api::identity_uri: {get_input: keystone_identity_uri}
1084 nova::api::api_bind_address: {get_input: nova_api_network}
1085 nova::api::metadata_listen: {get_input: nova_metadata_network}
1086 nova::api::admin_password: {get_input: nova_password}
1087 nova::database_connection: {get_input: nova_dsn}
1088 nova::glance_api_servers: {get_input: glance_api_servers}
1089 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1090 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1091 nova::network::neutron::neutron_url: {get_input: neutron_url}
1092 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1093 nova::vncproxy::host: {get_input: nova_api_network}
1094 nova::db::mysql::password: {get_input: nova_password}
1097 apache::ip: {get_input: horizon_network}
1098 horizon::django_debug: {get_input: debug}
1099 horizon::secret_key: {get_input: horizon_secret}
1100 horizon::bind_address: {get_input: horizon_network}
1101 horizon::keystone_url: {get_input: keystone_auth_uri}
1104 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1105 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1107 redis::bind: {get_input: redis_network}
1108 redis_vip: {get_input: redis_vip}
1110 memcached::listen_ip: {get_input: memcached_network}
1111 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1112 ntp::servers: {get_input: ntp_servers}
1113 control_virtual_interface: {get_input: control_virtual_interface}
1114 public_virtual_interface: {get_input: public_virtual_interface}
1115 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1116 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1117 tripleo::packages::enable_install: {get_input: enable_package_install}
1119 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1120 ControllerExtraConfigPre:
1121 depends_on: ControllerDeployment
1122 type: OS::TripleO::ControllerExtraConfigPre
1124 server: {get_resource: Controller}
1127 type: OS::TripleO::Tasks::PackageUpdate
1130 type: OS::Heat::SoftwareDeployment
1132 config: {get_resource: UpdateConfig}
1133 server: {get_resource: Controller}
1136 get_param: UpdateIdentifier
1140 description: IP address of the server in the ctlplane network
1141 value: {get_attr: [Controller, networks, ctlplane, 0]}
1142 external_ip_address:
1143 description: IP address of the server in the external network
1144 value: {get_attr: [ExternalPort, ip_address]}
1145 internal_api_ip_address:
1146 description: IP address of the server in the internal_api network
1147 value: {get_attr: [InternalApiPort, ip_address]}
1149 description: IP address of the server in the storage network
1150 value: {get_attr: [StoragePort, ip_address]}
1151 storage_mgmt_ip_address:
1152 description: IP address of the server in the storage_mgmt network
1153 value: {get_attr: [StorageMgmtPort, ip_address]}
1155 description: IP address of the server in the tenant network
1156 value: {get_attr: [TenantPort, ip_address]}
1158 description: Hostname of the server
1159 value: {get_attr: [Controller, name]}
1162 Node object in the format {ip: ..., name: ...} format that the corosync
1165 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1166 name: {get_attr: [Controller, name]}
1169 Server's IP address and hostname in the /etc/hosts format
1172 template: IP HOST.localdomain HOST CLOUDNAME
1174 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1175 HOST: {get_attr: [Controller, name]}
1176 CLOUDNAME: {get_param: CloudName}
1177 nova_server_resource:
1178 description: Heat resource handle for the Nova compute server
1180 {get_resource: Controller}
1182 description: Swift device formatted for swift-ring-builder
1185 template: 'r1z1-IP:%PORT%/d1'
1187 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1188 swift_proxy_memcache:
1189 description: Swift proxy-memcache value
1192 template: "IP:11211"
1194 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1196 description: identifier which changes if the controller configuration may need re-applying
1200 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1201 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}