1 heat_template_version: pike
4 OpenStack controller node configured by Puppet.
10 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
12 ControllerExtraConfig:
15 Controller specific hiera configuration data to inject into the cluster.
20 A network mapped list of IPs to assign to Controllers in the following form:
22 "internal_api": ["a.b.c.d", "e.f.g.h"],
28 description: Set to True to enable debugging on all services.
32 description: Whether to deploy a LoadBalancer on the Controller
37 Additional hieradata to inject into the cluster, note that
38 ControllerExtraConfig takes precedence over ExtraConfig.
40 OvercloudControlFlavor:
41 description: Flavor for control nodes to request when deploying.
45 - custom_constraint: nova.flavor
48 default: overcloud-full
50 - custom_constraint: glance.image
52 default: 'REBUILD_PRESERVE_EPHEMERAL'
53 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
57 description: Name of an existing Nova key pair to enable SSH access to the instances
60 - custom_constraint: nova.keypair
61 NeutronPublicInterface:
63 description: What interface to bridge onto br-ex for network nodes.
67 description: Mapping of service_name -> network name. Typically set
68 via parameter_defaults in the resource registry.
72 description: Mapping of service endpoint -> protocol. Typically set
73 via parameter_defaults in the resource registry.
79 Setting to a previously unused value during stack-update will trigger
80 package update on all nodes
83 default: '' # Defaults to Heat created hostname
87 description: Optional mapping to override hostnames
88 NetworkDeploymentActions:
89 type: comma_delimited_list
91 Heat action when to apply network configuration changes
96 SoftwareConfigTransport:
97 default: POLL_SERVER_CFN
99 How the server should receive the metadata required for software configuration.
102 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
104 default: 'localdomain'
107 The DNS domain used for the hosts. This should match the dhcp_domain
108 configured in the Undercloud neutron. Defaults to localdomain.
109 ControllerServerMetadata:
112 Extra properties or metadata passed to Nova for the created nodes in
113 the overcloud. It's accessible via the Nova metadata API. This option is
114 role-specific and is merged with the values given to the ServerMetadata
120 Extra properties or metadata passed to Nova for the created nodes in
121 the overcloud. It's accessible via the Nova metadata API. This applies to
122 all roles and is merged with a role-specific metadata parameter.
124 ControllerSchedulerHints:
126 description: Optional scheduler hints to pass to nova
128 ServiceConfigSettings:
132 type: comma_delimited_list
134 MonitoringSubscriptions:
135 type: comma_delimited_list
137 ServiceMetadataSettings:
142 description: Command which will be run whenever configuration data changes
143 default: os-refresh-config --timeout 14400
148 Maximum amount of time to possibly to delay configuation collection
149 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
150 the configuration collection to occur as soon as the collection process
151 starts. This setting is used to prevent the configuration collection
152 processes from polling all at the exact same time.
156 Command or script snippet to run on all overcloud nodes to
157 initialize the upgrade process. E.g. a repository switch.
159 UpgradeInitCommonCommand:
162 Common commands required by the upgrades process. This should not
163 normally be modified by the operator and is set and unset in the
164 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
167 DeploymentServerBlacklistDict:
171 Map of server hostnames to blacklist from any triggered
172 deployments. If the value is 1, the server will be blacklisted. This
173 parameter is generated from the parent template.
176 description: Role Specific Parameters
181 description: Do not use deprecated params, they will be removed.
183 - controllerExtraConfig
186 server_not_blacklisted:
189 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
196 type: OS::TripleO::ControllerServer
199 command: {get_param: ConfigCommand}
200 splay: {get_param: ConfigCollectSplay}
202 image: {get_param: controllerImage}
203 image_update_policy: {get_param: ImageUpdatePolicy}
204 flavor: {get_param: OvercloudControlFlavor}
205 key_name: {get_param: KeyName}
208 user_data_format: SOFTWARE_CONFIG
209 user_data: {get_resource: UserData}
212 template: {get_param: Hostname}
213 params: {get_param: HostnameMap}
214 software_config_transport: {get_param: SoftwareConfigTransport}
217 - {get_param: ServerMetadata}
218 - {get_param: ControllerServerMetadata}
219 - {get_param: ServiceMetadataSettings}
220 scheduler_hints: {get_param: ControllerSchedulerHints}
222 # Combine the NodeAdminUserData and NodeUserData mime archives
224 type: OS::Heat::MultipartMime
227 - config: {get_resource: NodeAdminUserData}
229 - config: {get_resource: NodeUserData}
231 - config: {get_resource: RoleUserData}
234 # Creates the "heat-admin" user if configured via the environment
235 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
237 type: OS::TripleO::NodeAdminUserData
239 # For optional operator additional userdata
240 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
242 type: OS::TripleO::NodeUserData
244 # For optional operator role-specific userdata
245 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
247 type: OS::TripleO::Controller::NodeUserData
250 type: OS::TripleO::Controller::Ports::ExternalPort
252 IPPool: {get_param: ControllerIPs}
253 NodeIndex: {get_param: NodeIndex}
254 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
257 type: OS::TripleO::Controller::Ports::InternalApiPort
259 IPPool: {get_param: ControllerIPs}
260 NodeIndex: {get_param: NodeIndex}
261 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
264 type: OS::TripleO::Controller::Ports::StoragePort
266 IPPool: {get_param: ControllerIPs}
267 NodeIndex: {get_param: NodeIndex}
268 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
271 type: OS::TripleO::Controller::Ports::StorageMgmtPort
273 IPPool: {get_param: ControllerIPs}
274 NodeIndex: {get_param: NodeIndex}
275 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
278 type: OS::TripleO::Controller::Ports::TenantPort
280 IPPool: {get_param: ControllerIPs}
281 NodeIndex: {get_param: NodeIndex}
282 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
285 type: OS::TripleO::Controller::Ports::ManagementPort
287 IPPool: {get_param: ControllerIPs}
288 NodeIndex: {get_param: NodeIndex}
289 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
292 type: OS::TripleO::Network::Ports::NetIpMap
294 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
295 ExternalIp: {get_attr: [ExternalPort, ip_address]}
296 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
297 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
298 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
299 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
300 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
301 StorageIp: {get_attr: [StoragePort, ip_address]}
302 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
303 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
304 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
305 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
306 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
307 TenantIp: {get_attr: [TenantPort, ip_address]}
308 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
309 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
310 ManagementIp: {get_attr: [ManagementPort, ip_address]}
311 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
312 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
315 type: OS::Heat::Value
323 - - {get_attr: [Controller, name]}
325 - {get_param: CloudDomain}
329 - - {get_attr: [Controller, name]}
335 - - {get_attr: [Controller, name]}
337 - {get_param: CloudDomain}
341 - - {get_attr: [Controller, name]}
347 - - {get_attr: [Controller, name]}
349 - {get_param: CloudDomain}
353 - - {get_attr: [Controller, name]}
359 - - {get_attr: [Controller, name]}
361 - {get_param: CloudDomain}
365 - - {get_attr: [Controller, name]}
371 - - {get_attr: [Controller, name]}
373 - {get_param: CloudDomain}
377 - - {get_attr: [Controller, name]}
383 - - {get_attr: [Controller, name]}
385 - {get_param: CloudDomain}
389 - - {get_attr: [Controller, name]}
395 - - {get_attr: [Controller, name]}
397 - {get_param: CloudDomain}
401 - - {get_attr: [Controller, name]}
405 type: OS::TripleO::Controller::PreNetworkConfig
407 server: {get_resource: Controller}
408 RoleParameters: {get_param: RoleParameters}
411 type: OS::TripleO::Controller::Net::SoftwareConfig
413 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
414 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
415 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
416 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
417 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
418 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
419 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
422 type: OS::TripleO::SoftwareDeployment
423 depends_on: PreNetworkConfig
425 name: NetworkDeployment
426 config: {get_resource: NetworkConfig}
427 server: {get_resource: Controller}
430 - server_not_blacklisted
431 - {get_param: NetworkDeploymentActions}
435 interface_name: {get_param: NeutronPublicInterface}
437 # Resource for site-specific injection of root certificate
439 depends_on: NetworkDeployment
440 type: OS::TripleO::NodeTLSCAData
442 server: {get_resource: Controller}
444 # Resource for site-specific passing of private keys/certificates
446 depends_on: NodeTLSCAData
447 type: OS::TripleO::NodeTLSData
449 server: {get_resource: Controller}
450 NodeIndex: {get_param: NodeIndex}
452 ControllerUpgradeInitConfig:
453 type: OS::Heat::SoftwareConfig
459 - - "#!/bin/bash\n\n"
460 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
461 - get_param: UpgradeInitCommand
462 - get_param: UpgradeInitCommonCommand
464 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
465 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
466 ControllerUpgradeInitDeployment:
467 type: OS::Heat::SoftwareDeployment
468 depends_on: NetworkDeployment
470 name: ControllerUpgradeInitDeployment
473 - server_not_blacklisted
474 - ['CREATE', 'UPDATE']
476 server: {get_resource: Controller}
477 config: {get_resource: ControllerUpgradeInitConfig}
479 ControllerDeployment:
480 type: OS::TripleO::SoftwareDeployment
481 depends_on: ControllerUpgradeInitDeployment
483 name: ControllerDeployment
486 - server_not_blacklisted
487 - ['CREATE', 'UPDATE']
489 config: {get_resource: ControllerConfig}
490 server: {get_resource: Controller}
492 bootstack_nodeid: {get_attr: [Controller, name]}
493 enable_load_balancer: {get_param: EnableLoadBalancer}
494 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
496 # Map heat metadata into hiera datafiles
498 type: OS::Heat::StructuredConfig
504 - heat_config_%{::deploy_config_name}
506 - controller_extraconfig
511 - bootstrap_node # provided by BootstrapNodeConfig
512 - all_nodes # provided by allNodesConfig
513 - vip_data # provided by allNodesConfig
515 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
516 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
517 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
518 - midonet_data #Optionally provided by AllNodesExtraConfig
519 - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
520 merge_behavior: deeper
523 service_names: {get_param: ServiceNames}
524 sensu::subscriptions: {get_param: MonitoringSubscriptions}
527 - {get_param: ServiceConfigSettings}
528 - values: {get_attr: [NetIpMap, net_ip_map]}
529 controller_extraconfig:
531 - {get_param: controllerExtraConfig}
532 - {get_param: ControllerExtraConfig}
533 extraconfig: {get_param: ExtraConfig}
535 # data supplied directly to this deployment configuration, etc
536 bootstack_nodeid: {get_input: bootstack_nodeid}
538 enable_load_balancer: {get_input: enable_load_balancer}
541 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
542 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
543 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
544 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
545 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
546 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
547 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
548 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
549 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
551 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
552 ControllerExtraConfigPre:
553 depends_on: ControllerDeployment
554 type: OS::TripleO::ControllerExtraConfigPre
556 server: {get_resource: Controller}
558 # Hook for site-specific additional pre-deployment config,
559 # applying to all nodes, e.g node registration/unregistration
561 depends_on: [ControllerExtraConfigPre, NodeTLSData]
562 type: OS::TripleO::NodeExtraConfig
564 server: {get_resource: Controller}
567 type: OS::TripleO::Tasks::PackageUpdate
570 type: OS::Heat::SoftwareDeployment
571 depends_on: NetworkDeployment
573 name: UpdateDeployment
576 - server_not_blacklisted
577 - ['CREATE', 'UPDATE']
579 config: {get_resource: UpdateConfig}
580 server: {get_resource: Controller}
583 get_param: UpdateIdentifier
586 type: OS::TripleO::Ssh::HostPubKey
587 depends_on: ControllerDeployment
589 server: {get_resource: Controller}
593 description: IP address of the server in the ctlplane network
594 value: {get_attr: [Controller, networks, ctlplane, 0]}
596 description: IP address of the server in the external network
597 value: {get_attr: [ExternalPort, ip_address]}
598 internal_api_ip_address:
599 description: IP address of the server in the internal_api network
600 value: {get_attr: [InternalApiPort, ip_address]}
602 description: IP address of the server in the storage network
603 value: {get_attr: [StoragePort, ip_address]}
604 storage_mgmt_ip_address:
605 description: IP address of the server in the storage_mgmt network
606 value: {get_attr: [StorageMgmtPort, ip_address]}
608 description: IP address of the server in the tenant network
609 value: {get_attr: [TenantPort, ip_address]}
610 management_ip_address:
611 description: IP address of the server in the management network
612 value: {get_attr: [ManagementPort, ip_address]}
614 description: Hostname of the server
615 value: {get_attr: [Controller, name]}
617 description: Mapping of network names to hostnames
619 external: {get_attr: [NetHostMap, value, external, fqdn]}
620 internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
621 storage: {get_attr: [NetHostMap, value, storage, fqdn]}
622 storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
623 tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
624 management: {get_attr: [NetHostMap, value, management, fqdn]}
625 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
628 Server's IP address and hostname in the /etc/hosts format
632 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
633 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
634 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
635 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
636 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
637 TENANTIP TENANTHOST.DOMAIN TENANTHOST
638 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
639 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
641 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
642 DOMAIN: {get_param: CloudDomain}
643 PRIMARYHOST: {get_attr: [Controller, name]}
644 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
645 EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
646 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
647 INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
648 STORAGEIP: {get_attr: [StoragePort, ip_address]}
649 STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
650 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
651 STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
652 TENANTIP: {get_attr: [TenantPort, ip_address]}
653 TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
654 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
655 MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
656 CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
657 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
659 description: Entry for ssh known hosts
662 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
663 EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
664 INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
665 STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
666 STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
667 TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
668 MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
669 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
671 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
672 DOMAIN: {get_param: CloudDomain}
673 PRIMARYHOST: {get_attr: [Controller, name]}
674 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
675 EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
676 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
677 INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
678 STORAGEIP: {get_attr: [StoragePort, ip_address]}
679 STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
680 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
681 STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
682 TENANTIP: {get_attr: [TenantPort, ip_address]}
683 TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
684 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
685 MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
686 CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
687 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
688 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
689 nova_server_resource:
690 description: Heat resource handle for the Nova compute server
692 {get_resource: Controller}
693 condition: server_not_blacklisted
695 description: MD5 checksum of the TLS Key Modulus
696 value: {get_attr: [NodeTLSData, key_modulus_md5]}
697 tls_cert_modulus_md5:
698 description: MD5 checksum of the TLS Certificate Modulus
699 value: {get_attr: [NodeTLSData, cert_modulus_md5]}