1 heat_template_version: pike
4 OpenStack controller node configured by Puppet.
10 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
12 ControllerExtraConfig:
15 Controller specific hiera configuration data to inject into the cluster.
20 A network mapped list of IPs to assign to Controllers in the following form:
22 "internal_api": ["a.b.c.d", "e.f.g.h"],
28 description: Set to True to enable debugging on all services.
32 description: Whether to deploy a LoadBalancer on the Controller
37 Additional hieradata to inject into the cluster, note that
38 ControllerExtraConfig takes precedence over ExtraConfig.
40 OvercloudControlFlavor:
41 description: Flavor for control nodes to request when deploying.
45 - custom_constraint: nova.flavor
48 default: overcloud-full
50 - custom_constraint: glance.image
52 default: 'REBUILD_PRESERVE_EPHEMERAL'
53 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
57 description: Name of an existing Nova key pair to enable SSH access to the instances
60 - custom_constraint: nova.keypair
61 NeutronPhysicalBridge:
63 description: An OVS bridge to create for accessing external networks.
65 NeutronPublicInterface:
67 description: Which interface to add to the NeutronPhysicalBridge.
71 description: Mapping of service_name -> network name. Typically set
72 via parameter_defaults in the resource registry.
76 description: Mapping of service endpoint -> protocol. Typically set
77 via parameter_defaults in the resource registry.
83 Setting to a previously unused value during stack-update will trigger
84 package update on all nodes
87 default: '' # Defaults to Heat created hostname
91 description: Optional mapping to override hostnames
92 NetworkDeploymentActions:
93 type: comma_delimited_list
95 Heat action when to apply network configuration changes
100 SoftwareConfigTransport:
101 default: POLL_SERVER_CFN
103 How the server should receive the metadata required for software configuration.
106 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
108 default: 'localdomain'
111 The DNS domain used for the hosts. This must match the
112 overcloud_domain_name configured on the undercloud.
113 ControllerServerMetadata:
116 Extra properties or metadata passed to Nova for the created nodes in
117 the overcloud. It's accessible via the Nova metadata API. This option is
118 role-specific and is merged with the values given to the ServerMetadata
124 Extra properties or metadata passed to Nova for the created nodes in
125 the overcloud. It's accessible via the Nova metadata API. This applies to
126 all roles and is merged with a role-specific metadata parameter.
128 ControllerSchedulerHints:
130 description: Optional scheduler hints to pass to nova
132 ServiceConfigSettings:
136 type: comma_delimited_list
138 MonitoringSubscriptions:
139 type: comma_delimited_list
141 ServiceMetadataSettings:
146 description: Command which will be run whenever configuration data changes
147 default: os-refresh-config --timeout 14400
152 Maximum amount of time to possibly to delay configuation collection
153 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
154 the configuration collection to occur as soon as the collection process
155 starts. This setting is used to prevent the configuration collection
156 processes from polling all at the exact same time.
160 Command or script snippet to run on all overcloud nodes to
161 initialize the upgrade process. E.g. a repository switch.
163 UpgradeInitCommonCommand:
166 Common commands required by the upgrades process. This should not
167 normally be modified by the operator and is set and unset in the
168 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
171 DeploymentServerBlacklistDict:
175 Map of server hostnames to blacklist from any triggered
176 deployments. If the value is 1, the server will be blacklisted. This
177 parameter is generated from the parent template.
180 description: Role Specific Parameters
182 DeploymentSwiftDataMap:
185 Map of servers to Swift container and object for storing deployment data.
186 The keys are the Heat assigned hostnames, and the value is a map of the
187 container/object name in Swift. Example value:
188 overcloud-controller-0:
189 container: overcloud-controller
191 overcloud-controller-1:
192 container: overcloud-controller
194 overcloud-controller-2:
195 container: overcloud-controller
197 overcloud-novacompute-0:
198 container: overcloud-compute
204 description: Do not use deprecated params, they will be removed.
206 - controllerExtraConfig
209 server_not_blacklisted:
212 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
214 deployment_swift_data_map_unset:
217 - DeploymentSwiftDataMap
218 - {get_param: Hostname}
224 type: OS::TripleO::ControllerServer
227 command: {get_param: ConfigCommand}
228 splay: {get_param: ConfigCollectSplay}
230 image: {get_param: controllerImage}
231 image_update_policy: {get_param: ImageUpdatePolicy}
232 flavor: {get_param: OvercloudControlFlavor}
233 key_name: {get_param: KeyName}
236 user_data_format: SOFTWARE_CONFIG
237 user_data: {get_resource: UserData}
240 template: {get_param: Hostname}
241 params: {get_param: HostnameMap}
242 software_config_transport: {get_param: SoftwareConfigTransport}
245 - {get_param: ServerMetadata}
246 - {get_param: ControllerServerMetadata}
247 - {get_param: ServiceMetadataSettings}
248 scheduler_hints: {get_param: ControllerSchedulerHints}
249 deployment_swift_data:
251 - deployment_swift_data_map_unset
253 - {get_param: [DeploymentSwiftDataMap,
254 {get_param: Hostname}]}
256 # Combine the NodeAdminUserData and NodeUserData mime archives
258 type: OS::Heat::MultipartMime
261 - config: {get_resource: NodeAdminUserData}
263 - config: {get_resource: NodeUserData}
265 - config: {get_resource: RoleUserData}
268 # Creates the "heat-admin" user if configured via the environment
269 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
271 type: OS::TripleO::NodeAdminUserData
273 # For optional operator additional userdata
274 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
276 type: OS::TripleO::NodeUserData
278 # For optional operator role-specific userdata
279 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
281 type: OS::TripleO::Controller::NodeUserData
284 type: OS::TripleO::Controller::Ports::ExternalPort
286 IPPool: {get_param: ControllerIPs}
287 NodeIndex: {get_param: NodeIndex}
288 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
291 type: OS::TripleO::Controller::Ports::InternalApiPort
293 IPPool: {get_param: ControllerIPs}
294 NodeIndex: {get_param: NodeIndex}
295 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
298 type: OS::TripleO::Controller::Ports::StoragePort
300 IPPool: {get_param: ControllerIPs}
301 NodeIndex: {get_param: NodeIndex}
302 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
305 type: OS::TripleO::Controller::Ports::StorageMgmtPort
307 IPPool: {get_param: ControllerIPs}
308 NodeIndex: {get_param: NodeIndex}
309 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
312 type: OS::TripleO::Controller::Ports::TenantPort
314 IPPool: {get_param: ControllerIPs}
315 NodeIndex: {get_param: NodeIndex}
316 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
319 type: OS::TripleO::Controller::Ports::ManagementPort
321 IPPool: {get_param: ControllerIPs}
322 NodeIndex: {get_param: NodeIndex}
323 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
326 type: OS::TripleO::Network::Ports::NetIpMap
328 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
329 ExternalIp: {get_attr: [ExternalPort, ip_address]}
330 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
331 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
332 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
333 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
334 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
335 StorageIp: {get_attr: [StoragePort, ip_address]}
336 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
337 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
338 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
339 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
340 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
341 TenantIp: {get_attr: [TenantPort, ip_address]}
342 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
343 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
344 ManagementIp: {get_attr: [ManagementPort, ip_address]}
345 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
346 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
349 type: OS::Heat::Value
357 - - {get_attr: [Controller, name]}
359 - {get_param: CloudDomain}
363 - - {get_attr: [Controller, name]}
369 - - {get_attr: [Controller, name]}
371 - {get_param: CloudDomain}
375 - - {get_attr: [Controller, name]}
381 - - {get_attr: [Controller, name]}
383 - {get_param: CloudDomain}
387 - - {get_attr: [Controller, name]}
393 - - {get_attr: [Controller, name]}
395 - {get_param: CloudDomain}
399 - - {get_attr: [Controller, name]}
405 - - {get_attr: [Controller, name]}
407 - {get_param: CloudDomain}
411 - - {get_attr: [Controller, name]}
417 - - {get_attr: [Controller, name]}
419 - {get_param: CloudDomain}
423 - - {get_attr: [Controller, name]}
429 - - {get_attr: [Controller, name]}
431 - {get_param: CloudDomain}
435 - - {get_attr: [Controller, name]}
439 type: OS::TripleO::Controller::PreNetworkConfig
441 server: {get_resource: Controller}
442 RoleParameters: {get_param: RoleParameters}
443 ServiceNames: {get_param: ServiceNames}
444 deployment_actions: {get_attr: [DeploymentActions, value]}
447 type: OS::TripleO::Controller::Net::SoftwareConfig
449 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
450 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
451 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
452 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
453 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
454 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
455 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
458 type: OS::TripleO::SoftwareDeployment
459 depends_on: PreNetworkConfig
461 name: NetworkDeployment
462 config: {get_resource: NetworkConfig}
463 server: {get_resource: Controller}
466 - server_not_blacklisted
467 - {get_param: NetworkDeploymentActions}
470 bridge_name: {get_param: NeutronPhysicalBridge}
471 interface_name: {get_param: NeutronPublicInterface}
473 # Resource for site-specific injection of root certificate
475 depends_on: NetworkDeployment
476 type: OS::TripleO::NodeTLSCAData
478 server: {get_resource: Controller}
480 # Resource for site-specific passing of private keys/certificates
482 depends_on: NodeTLSCAData
483 type: OS::TripleO::NodeTLSData
485 server: {get_resource: Controller}
486 NodeIndex: {get_param: NodeIndex}
488 ControllerUpgradeInitConfig:
489 type: OS::Heat::SoftwareConfig
495 - - "#!/bin/bash\n\n"
496 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
497 - get_param: UpgradeInitCommand
498 - get_param: UpgradeInitCommonCommand
500 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
501 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
502 ControllerUpgradeInitDeployment:
503 type: OS::Heat::SoftwareDeployment
504 depends_on: NetworkDeployment
506 name: ControllerUpgradeInitDeployment
509 - server_not_blacklisted
510 - ['CREATE', 'UPDATE']
512 server: {get_resource: Controller}
513 config: {get_resource: ControllerUpgradeInitConfig}
515 ControllerDeployment:
516 type: OS::TripleO::SoftwareDeployment
517 depends_on: ControllerUpgradeInitDeployment
519 name: ControllerDeployment
522 - server_not_blacklisted
523 - ['CREATE', 'UPDATE']
525 config: {get_resource: ControllerConfig}
526 server: {get_resource: Controller}
528 enable_load_balancer: {get_param: EnableLoadBalancer}
529 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
531 # Map heat metadata into hiera datafiles
533 type: OS::Heat::StructuredConfig
539 - heat_config_%{::deploy_config_name}
541 - controller_extraconfig
546 - bootstrap_node # provided by BootstrapNodeConfig
547 - all_nodes # provided by allNodesConfig
548 - vip_data # provided by allNodesConfig
550 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
551 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
552 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
553 - midonet_data #Optionally provided by AllNodesExtraConfig
554 - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
555 merge_behavior: deeper
558 service_names: {get_param: ServiceNames}
559 sensu::subscriptions: {get_param: MonitoringSubscriptions}
562 - {get_param: ServiceConfigSettings}
563 - values: {get_attr: [NetIpMap, net_ip_map]}
564 controller_extraconfig:
566 - {get_param: controllerExtraConfig}
567 - {get_param: ControllerExtraConfig}
568 extraconfig: {get_param: ExtraConfig}
570 enable_load_balancer: {get_input: enable_load_balancer}
573 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
574 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
575 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
576 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
577 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
578 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
579 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
580 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
581 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
583 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
584 ControllerExtraConfigPre:
585 depends_on: ControllerDeployment
586 type: OS::TripleO::ControllerExtraConfigPre
587 # We have to use conditions here so that we don't break backwards
588 # compatibility with templates everywhere
589 condition: server_not_blacklisted
591 server: {get_resource: Controller}
593 # Hook for site-specific additional pre-deployment config,
594 # applying to all nodes, e.g node registration/unregistration
596 depends_on: [ControllerExtraConfigPre, NodeTLSData]
597 type: OS::TripleO::NodeExtraConfig
598 # We have to use conditions here so that we don't break backwards
599 # compatibility with templates everywhere
600 condition: server_not_blacklisted
602 server: {get_resource: Controller}
605 type: OS::TripleO::Tasks::PackageUpdate
608 type: OS::Heat::SoftwareDeployment
609 depends_on: NetworkDeployment
611 name: UpdateDeployment
614 - server_not_blacklisted
615 - ['CREATE', 'UPDATE']
617 config: {get_resource: UpdateConfig}
618 server: {get_resource: Controller}
621 get_param: UpdateIdentifier
624 type: OS::Heat::Value
628 - server_not_blacklisted
629 - ['CREATE', 'UPDATE']
633 type: OS::TripleO::Ssh::HostPubKey
634 depends_on: ControllerDeployment
636 server: {get_resource: Controller}
637 deployment_actions: {get_attr: [DeploymentActions, value]}
641 description: IP address of the server in the ctlplane network
642 value: {get_attr: [Controller, networks, ctlplane, 0]}
644 description: IP address of the server in the external network
645 value: {get_attr: [ExternalPort, ip_address]}
646 internal_api_ip_address:
647 description: IP address of the server in the internal_api network
648 value: {get_attr: [InternalApiPort, ip_address]}
650 description: IP address of the server in the storage network
651 value: {get_attr: [StoragePort, ip_address]}
652 storage_mgmt_ip_address:
653 description: IP address of the server in the storage_mgmt network
654 value: {get_attr: [StorageMgmtPort, ip_address]}
656 description: IP address of the server in the tenant network
657 value: {get_attr: [TenantPort, ip_address]}
658 management_ip_address:
659 description: IP address of the server in the management network
660 value: {get_attr: [ManagementPort, ip_address]}
661 deployed_server_port_map:
663 Map of Heat created hostname of the server to ip address. This is the
664 hostname before it has been mapped with the HostnameMap parameter, and
665 the IP address from the ctlplane network. This map can be used to construct
666 the DeployedServerPortMap parameter when using split-stack.
671 - ip_address: {get_attr: [Controller, networks, ctlplane, 0]}
676 - - {get_param: Hostname}
678 deployed_server_deployment_swift_data_map:
680 Map of Heat created hostname of the server to the Swift container and object
681 used to created the temporary url for metadata polling with
689 - {get_attr: [Controller, os_collect_config, request, metadata_url]}
696 - {get_attr: [Controller, os_collect_config, request, metadata_url]}
699 - keys: {hostname: {get_param: Hostname}}
701 description: Hostname of the server
702 value: {get_attr: [Controller, name]}
704 description: Mapping of network names to hostnames
706 external: {get_attr: [NetHostMap, value, external, fqdn]}
707 internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
708 storage: {get_attr: [NetHostMap, value, storage, fqdn]}
709 storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
710 tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
711 management: {get_attr: [NetHostMap, value, management, fqdn]}
712 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
715 Server's IP address and hostname in the /etc/hosts format
719 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
720 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
721 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
722 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
723 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
724 TENANTIP TENANTHOST.DOMAIN TENANTHOST
725 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
726 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
728 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
729 DOMAIN: {get_param: CloudDomain}
730 PRIMARYHOST: {get_attr: [Controller, name]}
731 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
732 EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
733 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
734 INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
735 STORAGEIP: {get_attr: [StoragePort, ip_address]}
736 STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
737 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
738 STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
739 TENANTIP: {get_attr: [TenantPort, ip_address]}
740 TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
741 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
742 MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
743 CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
744 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
746 description: Entry for ssh known hosts
749 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
750 EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
751 INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
752 STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
753 STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
754 TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
755 MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
756 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
758 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
759 DOMAIN: {get_param: CloudDomain}
760 PRIMARYHOST: {get_attr: [Controller, name]}
761 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
762 EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
763 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
764 INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
765 STORAGEIP: {get_attr: [StoragePort, ip_address]}
766 STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
767 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
768 STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
769 TENANTIP: {get_attr: [TenantPort, ip_address]}
770 TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
771 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
772 MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
773 CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
774 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
775 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
776 nova_server_resource:
777 description: Heat resource handle for the Nova compute server
779 {get_resource: Controller}
780 condition: server_not_blacklisted
782 description: MD5 checksum of the TLS Key Modulus
783 value: {get_attr: [NodeTLSData, key_modulus_md5]}
784 tls_cert_modulus_md5:
785 description: MD5 checksum of the TLS Certificate Modulus
786 value: {get_attr: [NodeTLSData, cert_modulus_md5]}
788 description: The os-collect-config configuration associated with this server resource
789 value: {get_attr: [Controller, os_collect_config]}