Merge "Add missing tag to nova-placement docker image"

[apex-tripleo-heat-templates.git] / puppet / controller-role.yaml

heat_template_version: ocata

description: >
  OpenStack controller node configured by Puppet.

parameters:
  controllerExtraConfig:
    default: {}
    description: |
      Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
    type: json
  ControllerExtraConfig:
    default: {}
    description: |
      Controller specific hiera configuration data to inject into the cluster.
    type: json
  ControllerIPs:
    default: {}
    description: >
      A network mapped list of IPs to assign to Controllers in the following form:
      {
        "internal_api": ["a.b.c.d", "e.f.g.h"],
        ...
      }
    type: json
  Debug:
    default: ''
    description: Set to True to enable debugging on all services.
    type: string
  EnableLoadBalancer:
    default: true
    description: Whether to deploy a LoadBalancer on the Controller
    type: boolean
  ExtraConfig:
    default: {}
    description: |
      Additional hieradata to inject into the cluster, note that
      ControllerExtraConfig takes precedence over ExtraConfig.
    type: json
  OvercloudControlFlavor:
    description: Flavor for control nodes to request when deploying.
    default: baremetal
    type: string
    constraints:
      - custom_constraint: nova.flavor
  controllerImage:
    type: string
    default: overcloud-full
    constraints:
      - custom_constraint: glance.image
  ImageUpdatePolicy:
    default: 'REBUILD_PRESERVE_EPHEMERAL'
    description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
    type: string
  KeyName:
    default: default
    description: Name of an existing Nova key pair to enable SSH access to the instances
    type: string
    constraints:
      - custom_constraint: nova.keypair
  NeutronPublicInterface:
    default: nic1
    description: What interface to bridge onto br-ex for network nodes.
    type: string
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  UpdateIdentifier:
    default: ''
    type: string
    description: >
      Setting to a previously unused value during stack-update will trigger
      package update on all nodes
  Hostname:
    type: string
    default: '' # Defaults to Heat created hostname
  HostnameMap:
    type: json
    default: {}
    description: Optional mapping to override hostnames
  NetworkDeploymentActions:
    type: comma_delimited_list
    description: >
      Heat action when to apply network configuration changes
    default: ['CREATE']
  NodeIndex:
    type: number
    default: 0
  SoftwareConfigTransport:
    default: POLL_SERVER_CFN
    description: |
      How the server should receive the metadata required for software configuration.
    type: string
    constraints:
    - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
  CloudDomain:
    default: 'localdomain'
    type: string
    description: >
      The DNS domain used for the hosts. This should match the dhcp_domain
      configured in the Undercloud neutron. Defaults to localdomain.
  ControllerServerMetadata:
    default: {}
    description: >
      Extra properties or metadata passed to Nova for the created nodes in
      the overcloud. It's accessible via the Nova metadata API. This option is
      role-specific and is merged with the values given to the ServerMetadata
      parameter.
    type: json
  ServerMetadata:
    default: {}
    description: >
      Extra properties or metadata passed to Nova for the created nodes in
      the overcloud. It's accessible via the Nova metadata API. This applies to
      all roles and is merged with a role-specific metadata parameter.
    type: json
  ControllerSchedulerHints:
    type: json
    description: Optional scheduler hints to pass to nova
    default: {}
  ServiceConfigSettings:
    type: json
    default: {}
  ServiceNames:
    type: comma_delimited_list
    default: []
  MonitoringSubscriptions:
    type: comma_delimited_list
    default: []
  ServiceMetadataSettings:
    type: json
    default: {}
  ConfigCommand:
    type: string
    description: Command which will be run whenever configuration data changes
    default: os-refresh-config --timeout 14400
  UpgradeInitCommand:
    type: string
    description: |
      Command or script snippet to run on all overcloud nodes to
      initialize the upgrade process. E.g. a repository switch.
    default: ''
  UpgradeInitCommonCommand:
    type: string
    description: |
      Common commands required by the upgrades process. This should not
      normally be modified by the operator and is set and unset in the
      major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
      environment files.
    default: ''

parameter_groups:
- label: deprecated
  description: Do not use deprecated params, they will be removed.
  parameters:
  - controllerExtraConfig

resources:

  Controller:
    type: OS::TripleO::ControllerServer
    metadata:
      os-collect-config:
        command: {get_param: ConfigCommand}
    properties:
      image: {get_param: controllerImage}
      image_update_policy: {get_param: ImageUpdatePolicy}
      flavor: {get_param: OvercloudControlFlavor}
      key_name: {get_param: KeyName}
      networks:
        - network: ctlplane
      user_data_format: SOFTWARE_CONFIG
      user_data: {get_resource: UserData}
      name:
        str_replace:
            template: {get_param: Hostname}
            params: {get_param: HostnameMap}
      software_config_transport: {get_param: SoftwareConfigTransport}
      metadata:
        map_merge:
          - {get_param: ServerMetadata}
          - {get_param: ControllerServerMetadata}
          - {get_param: ServiceMetadataSettings}
      scheduler_hints: {get_param: ControllerSchedulerHints}

  # Combine the NodeAdminUserData and NodeUserData mime archives
  UserData:
    type: OS::Heat::MultipartMime
    properties:
      parts:
      - config: {get_resource: NodeAdminUserData}
        type: multipart
      - config: {get_resource: NodeUserData}
        type: multipart
      - config: {get_resource: RoleUserData}
        type: multipart

  # Creates the "heat-admin" user if configured via the environment
  # Should return a OS::Heat::MultipartMime reference via OS::stack_id
  NodeAdminUserData:
    type: OS::TripleO::NodeAdminUserData

  # For optional operator additional userdata
  # Should return a OS::Heat::MultipartMime reference via OS::stack_id
  NodeUserData:
    type: OS::TripleO::NodeUserData

  # For optional operator role-specific userdata
  # Should return a OS::Heat::MultipartMime reference via OS::stack_id
  RoleUserData:
    type: OS::TripleO::Controller::NodeUserData

  ExternalPort:
    type: OS::TripleO::Controller::Ports::ExternalPort
    properties:
      IPPool: {get_param: ControllerIPs}
      NodeIndex: {get_param: NodeIndex}
      ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}

  InternalApiPort:
    type: OS::TripleO::Controller::Ports::InternalApiPort
    properties:
      IPPool: {get_param: ControllerIPs}
      NodeIndex: {get_param: NodeIndex}
      ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}

  StoragePort:
    type: OS::TripleO::Controller::Ports::StoragePort
    properties:
      IPPool: {get_param: ControllerIPs}
      NodeIndex: {get_param: NodeIndex}
      ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}

  StorageMgmtPort:
    type: OS::TripleO::Controller::Ports::StorageMgmtPort
    properties:
      IPPool: {get_param: ControllerIPs}
      NodeIndex: {get_param: NodeIndex}
      ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}

  TenantPort:
    type: OS::TripleO::Controller::Ports::TenantPort
    properties:
      IPPool: {get_param: ControllerIPs}
      NodeIndex: {get_param: NodeIndex}
      ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}

  ManagementPort:
    type: OS::TripleO::Controller::Ports::ManagementPort
    properties:
      IPPool: {get_param: ControllerIPs}
      NodeIndex: {get_param: NodeIndex}
      ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}

  NetIpMap:
    type: OS::TripleO::Network::Ports::NetIpMap
    properties:
      ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
      ExternalIp: {get_attr: [ExternalPort, ip_address]}
      ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
      ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
      InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
      InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
      InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
      StorageIp: {get_attr: [StoragePort, ip_address]}
      StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
      StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
      StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
      StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
      StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
      TenantIp: {get_attr: [TenantPort, ip_address]}
      TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
      TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
      ManagementIp: {get_attr: [ManagementPort, ip_address]}
      ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
      ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}

  NetHostMap:
    type: OS::Heat::Value
    properties:
      type: json
      value:
        external:
          fqdn:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - external
              - {get_param: CloudDomain}
          short:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - external
        internal_api:
          fqdn:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - internalapi
              - {get_param: CloudDomain}
          short:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - internalapi
        storage:
          fqdn:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - storage
              - {get_param: CloudDomain}
          short:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - storage
        storage_mgmt:
          fqdn:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - storagemgmt
              - {get_param: CloudDomain}
          short:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - storagemgmt
        tenant:
          fqdn:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - tenant
              - {get_param: CloudDomain}
          short:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - tenant
        management:
          fqdn:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - management
              - {get_param: CloudDomain}
          short:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - management
        ctlplane:
          fqdn:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - ctlplane
              - {get_param: CloudDomain}
          short:
            list_join:
            - '.'
            - - {get_attr: [Controller, name]}
              - ctlplane

  PreNetworkConfig:
    type: OS::TripleO::Controller::PreNetworkConfig
    properties:
      server: {get_resource: Controller}

  NetworkConfig:
    type: OS::TripleO::Controller::Net::SoftwareConfig
    properties:
      ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
      ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
      InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
      StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
      StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
      TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
      ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}

  NetworkDeployment:
    type: OS::TripleO::SoftwareDeployment
    depends_on: PreNetworkConfig
    properties:
      name: NetworkDeployment
      config: {get_resource: NetworkConfig}
      server: {get_resource: Controller}
      actions: {get_param: NetworkDeploymentActions}
      input_values:
        bridge_name: br-ex
        interface_name: {get_param: NeutronPublicInterface}

  # Resource for site-specific injection of root certificate
  NodeTLSCAData:
    depends_on: NetworkDeployment
    type: OS::TripleO::NodeTLSCAData
    properties:
      server: {get_resource: Controller}

  # Resource for site-specific passing of private keys/certificates
  NodeTLSData:
    depends_on: NodeTLSCAData
    type: OS::TripleO::NodeTLSData
    properties:
      server: {get_resource: Controller}
      NodeIndex: {get_param: NodeIndex}

  ControllerUpgradeInitConfig:
    type: OS::Heat::SoftwareConfig
    properties:
      group: script
      config:
        list_join:
        - ''
        - - "#!/bin/bash\n\n"
          - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
          - get_param: UpgradeInitCommand
          - get_param: UpgradeInitCommonCommand

  # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
  # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
  ControllerUpgradeInitDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
    properties:
      name: ControllerUpgradeInitDeployment
      server: {get_resource: Controller}
      config: {get_resource: ControllerUpgradeInitConfig}

  ControllerDeployment:
    type: OS::TripleO::SoftwareDeployment
    depends_on: ControllerUpgradeInitDeployment
    properties:
      name: ControllerDeployment
      config: {get_resource: ControllerConfig}
      server: {get_resource: Controller}
      input_values:
        bootstack_nodeid: {get_attr: [Controller, name]}
        enable_load_balancer: {get_param: EnableLoadBalancer}
        enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}

  # Map heat metadata into hiera datafiles
  ControllerConfig:
    type: OS::Heat::StructuredConfig
    properties:
      group: hiera
      config:
        hierarchy:
          - '"%{::uuid}"'
          - heat_config_%{::deploy_config_name}
          - controller_extraconfig
          - extraconfig
          - service_configs
          - service_names
          - controller
          - bootstrap_node # provided by BootstrapNodeConfig
          - all_nodes # provided by allNodesConfig
          - vip_data # provided by allNodesConfig
          - '"%{::osfamily}"'
          - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
          - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
          - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
          - midonet_data #Optionally provided by AllNodesExtraConfig
          - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
        merge_behavior: deeper
        datafiles:
          service_names:
            service_names: {get_param: ServiceNames}
            sensu::subscriptions: {get_param: MonitoringSubscriptions}
          service_configs:
            map_replace:
              - {get_param: ServiceConfigSettings}
              - values: {get_attr: [NetIpMap, net_ip_map]}
          controller_extraconfig:
            map_merge:
              - {get_param: controllerExtraConfig}
              - {get_param: ControllerExtraConfig}
          extraconfig: {get_param: ExtraConfig}
          controller:
            # data supplied directly to this deployment configuration, etc
            bootstack_nodeid: {get_input: bootstack_nodeid}
            # Pacemaker
            enable_load_balancer: {get_input: enable_load_balancer}

            # Misc
            tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
            tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
            fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
            fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
            fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
            fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
            fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
            fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}

  # Hook for site-specific additional pre-deployment config, e.g extra hieradata
  ControllerExtraConfigPre:
    depends_on: ControllerDeployment
    type: OS::TripleO::ControllerExtraConfigPre
    properties:
        server: {get_resource: Controller}

  # Hook for site-specific additional pre-deployment config,
  # applying to all nodes, e.g node registration/unregistration
  NodeExtraConfig:
    depends_on: [ControllerExtraConfigPre, NodeTLSData]
    type: OS::TripleO::NodeExtraConfig
    properties:
        server: {get_resource: Controller}

  UpdateConfig:
    type: OS::TripleO::Tasks::PackageUpdate

  UpdateDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
    properties:
      name: UpdateDeployment
      config: {get_resource: UpdateConfig}
      server: {get_resource: Controller}
      input_values:
        update_identifier:
          get_param: UpdateIdentifier

  SshHostPubKey:
    type: OS::TripleO::Ssh::HostPubKey
    depends_on: ControllerDeployment
    properties:
        server: {get_resource: Controller}

outputs:
  ip_address:
    description: IP address of the server in the ctlplane network
    value: {get_attr: [Controller, networks, ctlplane, 0]}
  external_ip_address:
    description: IP address of the server in the external network
    value: {get_attr: [ExternalPort, ip_address]}
  internal_api_ip_address:
    description: IP address of the server in the internal_api network
    value: {get_attr: [InternalApiPort, ip_address]}
  storage_ip_address:
    description: IP address of the server in the storage network
    value: {get_attr: [StoragePort, ip_address]}
  storage_mgmt_ip_address:
    description: IP address of the server in the storage_mgmt network
    value: {get_attr: [StorageMgmtPort, ip_address]}
  tenant_ip_address:
    description: IP address of the server in the tenant network
    value: {get_attr: [TenantPort, ip_address]}
  management_ip_address:
    description: IP address of the server in the management network
    value: {get_attr: [ManagementPort, ip_address]}
  hostname:
    description: Hostname of the server
    value: {get_attr: [Controller, name]}
  hostname_map:
    description: Mapping of network names to hostnames
    value:
      external: {get_attr: [NetHostMap, value, external, fqdn]}
      internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
      storage: {get_attr: [NetHostMap, value, storage, fqdn]}
      storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
      tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
      management: {get_attr: [NetHostMap, value, management, fqdn]}
      ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
  hosts_entry:
    description: >
      Server's IP address and hostname in the /etc/hosts format
    value:
      str_replace:
        template: |
          PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
          EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
          INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
          STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
          STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
          TENANTIP TENANTHOST.DOMAIN TENANTHOST
          MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
          CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
        params:
          PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
          DOMAIN: {get_param: CloudDomain}
          PRIMARYHOST: {get_attr: [Controller, name]}
          EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
          EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
          INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
          INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
          STORAGEIP: {get_attr: [StoragePort, ip_address]}
          STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
          STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
          STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
          TENANTIP: {get_attr: [TenantPort, ip_address]}
          TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
          MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
          MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
          CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
          CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
  known_hosts_entry:
    description: Entry for ssh known hosts
    value:
      str_replace:
        template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
        params:
          PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
          DOMAIN: {get_param: CloudDomain}
          PRIMARYHOST: {get_attr: [Controller, name]}
          EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
          EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
          INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
          INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
          STORAGEIP: {get_attr: [StoragePort, ip_address]}
          STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
          STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
          STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
          TENANTIP: {get_attr: [TenantPort, ip_address]}
          TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
          MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
          MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
          CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
          CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
          HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
  nova_server_resource:
    description: Heat resource handle for the Nova compute server
    value:
      {get_resource: Controller}
  tls_key_modulus_md5:
    description: MD5 checksum of the TLS Key Modulus
    value: {get_attr: [NodeTLSData, key_modulus_md5]}
  tls_cert_modulus_md5:
    description: MD5 checksum of the TLS Certificate Modulus
    value: {get_attr: [NodeTLSData, cert_modulus_md5]}