1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
17 CeilometerApiVirtualIP:
22 description: The ceilometer backend type.
24 CeilometerMeteringSecret:
26 description: Secret shared by the ceilometer services.
31 description: The password for the ceilometer service and db account.
37 CinderEnableNfsBackend:
39 description: Whether to enable or not the NFS backend for Cinder
41 CinderEnableIscsiBackend:
43 description: Whether to enable or not the Iscsi backend for Cinder
45 CinderEnableRbdBackend:
47 description: Whether to enable or not the Rbd backend for Cinder
51 description: The iSCSI helper to use with cinder.
53 CinderLVMLoopDeviceSize:
55 description: The size of the loopback file used by the cinder LVM driver.
57 CinderNfsMountOptions:
60 Mount options for NFS mounts used by Cinder NFS backend. Effective
61 when CinderEnableNfsBackend is true.
66 NFS servers used by Cinder NFS backend. Effective when
67 CinderEnableNfsBackend is true.
68 type: comma_delimited_list
71 description: The password for the cinder service and db account, used by cinder-api.
76 description: Contains parameters to configure Cinder backends. Typically
77 set via parameter_defaults in the resource registry.
81 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
83 ControllerExtraConfig:
86 Controller specific hiera configuration data to inject into the cluster.
88 ControlVirtualInterface:
90 description: Interface where virtual ip will be assigned.
94 description: Set to True to enable debugging on all services.
98 description: Whether to enable fencing in Pacemaker or not.
102 description: Whether to use Galera instead of regular MariaDB.
106 description: Whether to deploy Ceph Storage (OSD) on the Controller
110 description: Whether to enable Swift Storage on the Controller
115 Additional hieradata to inject into the cluster, note that
116 ControllerExtraConfig takes precedence over ExtraConfig.
121 Pacemaker fencing configuration. The JSON should have
122 the following structure:
126 "agent": "AGENT_NAME",
127 "host_mac": "HOST_MAC_ADDRESS",
128 "params": {"PARAM_NAME": "PARAM_VALUE"}
136 "agent": "fence_xvm",
137 "host_mac": "52:54:00:aa:bb:cc",
139 "multicast_address": "225.0.0.12",
140 "port": "baremetal_0",
142 "manage_key_file": true,
143 "key_file": "/etc/fence_xvm.key",
144 "key_file_password": "abcdef"
151 description: Flavor for control nodes to request when deploying.
154 - custom_constraint: nova.flavor
155 GlanceNotifierStrategy:
156 description: Strategy to use for Glance notification queue
160 description: The filepath of the file to use for logging messages from Glance.
165 description: The password for the glance service and db account, used by the glance services.
170 description: Glance port.
174 description: Protocol to use when connecting to glance, set to https for SSL.
178 description: The short name of the Glance backend to use. Should be one
179 of swift, rbd, or file
182 - allowed_values: ['swift', 'file', 'rbd']
183 HAProxySyslogAddress:
185 description: Syslog address where HAproxy will send its log
189 description: The password for the Heat service and db account, used by the Heat services.
192 HeatStackDomainAdminPassword:
193 description: Password for heat_domain_admin user.
197 HeatAuthEncryptionKey:
198 description: Auth encryption key for heat-engine
203 description: A list of IP/Hostname allowed to connect to horizon
204 type: comma_delimited_list
206 description: Secret key for Django
211 default: overcloud-control
213 - custom_constraint: glance.image
215 default: 'REBUILD_PRESERVE_EPHEMERAL'
216 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
220 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
223 - custom_constraint: nova.keypair
224 KeystoneCACertificate:
226 description: Keystone self-signed certificate authority certificate.
228 KeystoneSigningCertificate:
230 description: Keystone certificate for verifying token validity.
234 description: Keystone key for signing tokens.
237 KeystoneSSLCertificate:
239 description: Keystone certificate for verifying token validity.
241 KeystoneSSLCertificateKey:
243 description: Keystone key for signing tokens.
246 KeystoneNotificationDriver:
247 description: Comma-separated list of Oslo notification drivers used by Keystone
248 default: ['messaging']
249 type: comma_delimited_list
250 KeystoneNotificationFormat:
251 description: The Keystone notification format
255 - allowed_values: [ 'basic', 'cadf' ]
256 MysqlClusterUniquePart:
257 description: A unique identifier of the MySQL cluster the controller is in.
259 default: 'unset' # Has to be here because of the ignored empty value bug
260 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
262 # - length: {min: 4, max: 10}
263 MysqlInnodbBufferPoolSize:
265 Specifies the size of the buffer pool in megabytes. Setting to
266 zero should be interpreted as "no value" and will defer to the
271 description: Configures MySQL max_connections config setting
277 default: '' # Has to be here because of the ignored empty value bug
278 NeutronExternalNetworkBridge:
279 description: Name of bridge used for external network traffic.
282 NeutronBridgeMappings:
284 The OVS logical->physical bridge mappings to use. See the Neutron
285 documentation for details. Defaults to mapping br-ex - the external
286 bridge on hosts - to a physical name 'datacentre' which can be used
287 to create provider networks (and we use this for the default floating
288 network) - if changing this either use different post-install network
289 scripts or be sure to keep 'datacentre' as a mapping network name.
291 default: "datacentre:br-ex"
292 NeutronDnsmasqOptions:
293 default: 'dhcp-option-force=26,1400'
294 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
298 description: Agent mode for the neutron-l3-agent on the controller hosts
302 description: Whether to enable l3-agent HA
304 NeutronDhcpAgentsPerNetwork:
307 description: The number of neutron dhcp agents to schedule per network
310 description: Whether to configure Neutron Distributed Virtual Routers
312 NeutronMetadataProxySharedSecret:
314 description: Shared secret to prevent spoofing
320 The core plugin for Neutron. The value should be the entrypoint to be loaded
321 from neutron.core_plugins namespace.
323 NeutronServicePlugins:
326 Comma-separated list of service plugin entrypoints to be loaded from the
327 neutron.service_plugins namespace.
328 type: comma_delimited_list
330 default: "vxlan,vlan,flat,gre"
332 Comma-separated list of network type driver entrypoints to be loaded.
333 type: comma_delimited_list
334 NeutronMechanismDrivers:
335 default: 'openvswitch'
337 The mechanism drivers for the Neutron tenant network. To specify multiple
338 values, use a comma separated string, like so: 'openvswitch,l2_population'
340 NeutronAllowL3AgentFailover:
342 description: Allow automatic l3-agent failover
344 NeutronEnableTunnelling:
349 default: 'datacentre'
350 description: If set, flat networks to configure in neutron plugins.
353 description: Whether to enable l3-agent HA
357 description: The tenant network type for Neutron, either gre or vxlan.
359 NeutronNetworkVLANRanges:
360 default: 'datacentre'
362 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
363 Neutron documentation for permitted values. Defaults to permitting any
364 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
365 type: comma_delimited_list
368 description: The password for the neutron service and db account, used by neutron agents.
371 NeutronPublicInterface:
373 description: What interface to bridge onto br-ex for network nodes.
375 NeutronPublicInterfaceTag:
378 VLAN tag for creating a public VLAN. The tag will be used to
379 create an access port on the exterior bridge for each control plane node,
380 and that port will be given the IP address returned by neutron from the
381 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
382 overcloud.yaml to include the deployment of VLAN ports to the control
385 NeutronPublicInterfaceDefaultRoute:
387 description: A custom default route for the NeutronPublicInterface.
389 NeutronPublicInterfaceIP:
391 description: A custom IP address to put onto the NeutronPublicInterface.
393 NeutronPublicInterfaceRawDevice:
395 description: If set, the public interface is a vlan with this device as the raw device.
400 The tunnel types for the Neutron tenant network. To specify multiple
401 values, use a comma separated string, like so: 'gre,vxlan'
403 NeutronTunnelIdRanges:
405 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
406 of GRE tunnel IDs that are available for tenant network allocation
407 default: ["1:1000", ]
408 type: comma_delimited_list
411 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
412 of VXLAN VNI IDs that are available for tenant network allocation
413 default: ["1:1000", ]
414 type: comma_delimited_list
420 description: The password for the nova service and db account, used by nova-api.
425 description: Should MongoDb journaling be disabled
432 description: The password for the 'pcsd' user.
434 PublicVirtualInterface:
437 Specifies the interface where the public-facing virtual ip will be assigned.
438 This should be int_public when a VLAN is being used.
440 PublicVirtualIP: # DEPRECATED: use per service settings instead
442 default: '' # Has to be here because of the ignored empty value bug
445 default: '' # Has to be here because of the ignored empty value bug
449 description: The password for RabbitMQ
454 description: The username for RabbitMQ
459 Rabbit client subscriber parameter to specify
460 an SSL connection to the RabbitMQ host.
464 description: Set rabbit subscriber port, change this if using SSL
468 description: Configures RabbitMQ FD limit
472 default: '' # Has to be here because of the ignored empty value bug
473 SnmpdReadonlyUserName:
474 default: ro_snmp_user
475 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
477 SnmpdReadonlyUserPassword:
479 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
484 description: If set, the contents of an SSL certificate authority file.
488 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
493 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
498 description: A random string to be used as a salt when hashing to determine mappings
504 description: Value of mount_check in Swift account/container/object -server.conf
509 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
512 description: Partition Power to use when building Swift rings
516 description: The password for the swift service account, used by the swift proxy
526 description: How many replicas to use in the swift rings.
527 VirtualIP: # DEPRECATED: use per service settings instead
529 default: '' # Has to be here because of the ignored empty value bug
536 GlanceRegistryVirtualIP:
542 KeystoneAdminApiVirtualIP:
545 KeystonePublicApiVirtualIP:
551 EnablePackageInstall:
553 description: Set to true to enable package installation via Puppet
557 description: Mapping of service_name -> network name. Typically set
558 via parameter_defaults in the resource registry.
564 Setting to a previously unused value during stack-update will trigger
565 package update on all nodes
568 default: '' # Defaults to Heat created hostname
573 type: OS::Nova::Server
575 image: {get_param: Image}
576 image_update_policy: {get_param: ImageUpdatePolicy}
577 flavor: {get_param: Flavor}
578 key_name: {get_param: KeyName}
581 user_data_format: SOFTWARE_CONFIG
582 user_data: {get_resource: UserData}
583 name: {get_param: Hostname}
585 # Combine the NodeAdminUserData and NodeUserData mime archives
587 type: OS::Heat::MultipartMime
590 - config: {get_resource: NodeAdminUserData}
592 - config: {get_resource: NodeUserData}
595 # Creates the "heat-admin" user if configured via the environment
596 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
598 type: OS::TripleO::NodeAdminUserData
600 # For optional operator additional userdata
601 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
603 type: OS::TripleO::NodeUserData
606 type: OS::TripleO::Controller::Ports::ExternalPort
608 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
611 type: OS::TripleO::Controller::Ports::InternalApiPort
613 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
616 type: OS::TripleO::Controller::Ports::StoragePort
618 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
621 type: OS::TripleO::Controller::Ports::StorageMgmtPort
623 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
626 type: OS::TripleO::Controller::Ports::TenantPort
628 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
631 type: OS::TripleO::Network::Ports::NetIpMap
633 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
634 ExternalIp: {get_attr: [ExternalPort, ip_address]}
635 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
636 StorageIp: {get_attr: [StoragePort, ip_address]}
637 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
638 TenantIp: {get_attr: [TenantPort, ip_address]}
641 type: OS::TripleO::Network::Ports::NetIpSubnetMap
643 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
644 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
645 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
646 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
647 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
648 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
651 type: OS::TripleO::Controller::Net::SoftwareConfig
653 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
654 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
655 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
656 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
657 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
658 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
661 type: OS::TripleO::SoftwareDeployment
663 config: {get_resource: NetworkConfig}
664 server: {get_resource: Controller}
667 interface_name: {get_param: NeutronPublicInterface}
669 ControllerDeployment:
670 type: OS::TripleO::SoftwareDeployment
671 depends_on: NetworkDeployment
673 config: {get_resource: ControllerConfig}
674 server: {get_resource: Controller}
676 bootstack_nodeid: {get_attr: [Controller, name]}
677 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
678 haproxy_log_address: {get_param: HAProxySyslogAddress}
679 heat.watch_server_url:
683 - {get_param: HeatApiVirtualIP}
685 heat.metadata_server_url:
689 - {get_param: HeatApiVirtualIP}
691 heat.waitcondition_server_url:
695 - {get_param: HeatApiVirtualIP}
696 - ':8000/v1/waitcondition'
697 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
698 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
699 horizon_secret: {get_param: HorizonSecret}
700 admin_password: {get_param: AdminPassword}
701 admin_token: {get_param: AdminToken}
702 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
703 debug: {get_param: Debug}
704 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
705 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
706 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
709 template: "['SERVERS']"
714 - {get_param: CinderNfsServers}
715 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
716 cinder_password: {get_param: CinderPassword}
717 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
718 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
719 cinder_backend_config: {get_param: CinderBackendConfig}
723 - - 'mysql://cinder:'
724 - {get_param: CinderPassword}
726 - {get_param: MysqlVirtualIP}
728 glance_port: {get_param: GlancePort}
729 glance_password: {get_param: GlancePassword}
730 glance_backend: {get_param: GlanceBackend}
731 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
732 glance_log_file: {get_param: GlanceLogFile}
736 - - 'mysql://glance:'
737 - {get_param: GlancePassword}
739 - {get_param: MysqlVirtualIP}
741 heat_password: {get_param: HeatPassword}
742 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
747 - {get_param: HeatPassword}
749 - {get_param: MysqlVirtualIP}
751 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
752 keystone_ca_certificate: {get_param: KeystoneCACertificate}
753 keystone_signing_key: {get_param: KeystoneSigningKey}
754 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
755 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
756 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
757 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
758 keystone_notification_format: {get_param: KeystoneNotificationFormat}
762 - - 'mysql://keystone:'
763 - {get_param: AdminToken}
765 - {get_param: MysqlVirtualIP}
767 keystone_identity_uri:
771 - {get_param: KeystoneAdminApiVirtualIP}
777 - {get_param: KeystonePublicApiVirtualIP}
783 - {get_param: KeystonePublicApiVirtualIP}
784 - ':5000/v2.0/ec2tokens'
785 enable_fencing: {get_param: EnableFencing}
786 enable_galera: {get_param: EnableGalera}
787 enable_ceph_storage: {get_param: EnableCephStorage}
788 enable_swift_storage: {get_param: EnableSwiftStorage}
789 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
790 mysql_max_connections: {get_param: MysqlMaxConnections}
791 mysql_root_password: {get_param: MysqlRootPassword}
794 template: tripleo-CLUSTER
796 CLUSTER: {get_param: MysqlClusterUniquePart}
797 neutron_flat_networks: {get_param: NeutronFlatNetworks}
798 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
799 neutron_agent_mode: {get_param: NeutronAgentMode}
800 neutron_router_distributed: {get_param: NeutronDVR}
801 neutron_core_plugin: {get_param: NeutronCorePlugin}
802 neutron_service_plugins:
804 template: "['PLUGINS']"
809 - {get_param: NeutronServicePlugins}
810 neutron_type_drivers:
812 template: "['DRIVERS']"
817 - {get_param: NeutronTypeDrivers}
818 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
819 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
820 neutron_l3_ha: {get_param: NeutronL3HA}
821 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
822 neutron_network_vlan_ranges:
824 template: "['RANGES']"
829 - {get_param: NeutronNetworkVLANRanges}
830 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
831 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
832 neutron_public_interface: {get_param: NeutronPublicInterface}
833 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
834 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
835 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
836 neutron_tenant_network_type: {get_param: NeutronNetworkType}
837 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
838 neutron_tunnel_id_ranges:
840 template: "['RANGES']"
845 - {get_param: NeutronTunnelIdRanges}
848 template: "['RANGES']"
853 - {get_param: NeutronVniRanges}
854 neutron_password: {get_param: NeutronPassword}
855 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
859 - - 'mysql://neutron:'
860 - {get_param: NeutronPassword}
862 - {get_param: MysqlVirtualIP}
863 - '/ovs_neutron?charset=utf8'
868 - {get_param: NeutronApiVirtualIP}
870 neutron_admin_auth_url:
874 - {get_param: KeystoneAdminApiVirtualIP}
876 ceilometer_backend: {get_param: CeilometerBackend}
877 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
878 ceilometer_password: {get_param: CeilometerPassword}
879 ceilometer_coordination_url:
883 - {get_param: RedisVirtualIP}
888 - - 'mysql://ceilometer:unset@'
889 - {get_param: MysqlVirtualIP}
891 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
892 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
893 nova_password: {get_param: NovaPassword}
898 - {get_param: NovaPassword}
900 - {get_param: MysqlVirtualIP}
902 fencing_config: {get_param: FencingConfig}
903 pcsd_password: {get_param: PcsdPassword}
904 rabbit_username: {get_param: RabbitUserName}
905 rabbit_password: {get_param: RabbitPassword}
906 rabbit_cookie: {get_param: RabbitCookie}
907 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
908 rabbit_client_port: {get_param: RabbitClientPort}
909 mongodb_no_journal: {get_param: MongoDbNoJournal}
910 # We need to force this into quotes or hiera will return integer causing
911 # the puppet module validation regexp to fail.
912 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
917 LIMIT: {get_param: RabbitFDLimit}
920 template: '["server"]'
922 server: {get_param: NtpServer}
923 control_virtual_interface: {get_param: ControlVirtualInterface}
924 public_virtual_interface: {get_param: PublicVirtualInterface}
925 swift_hash_suffix: {get_param: SwiftHashSuffix}
926 swift_password: {get_param: SwiftPassword}
927 swift_part_power: {get_param: SwiftPartPower}
928 swift_replicas: {get_param: SwiftReplicas}
929 swift_min_part_hours: {get_param: SwiftMinPartHours}
930 swift_mount_check: {get_param: SwiftMountCheck}
931 enable_package_install: {get_param: EnablePackageInstall}
932 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
933 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
934 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
935 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
936 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
937 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
938 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
942 - - {get_param: GlanceProtocol}
944 - {get_param: GlanceApiVirtualIP}
946 - {get_param: GlancePort}
947 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
948 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
949 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
950 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
951 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
952 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
953 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
954 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
955 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
956 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
957 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
958 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
959 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
960 redis_vip: {get_param: RedisVirtualIP}
961 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
962 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
963 mysql_virtual_ip: {get_param: MysqlVirtualIP}
964 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
965 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
966 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
968 # Map heat metadata into hiera datafiles
970 type: OS::Heat::StructuredConfig
972 group: os-apply-config
977 - heat_config_%{::deploy_config_name}
978 - controller_extraconfig
983 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
984 - ceph_cluster # provided by CephClusterConfig
986 - bootstrap_node # provided by BootstrapNodeConfig
987 - all_nodes # provided by allNodesConfig
988 - vip_data # provided by vip-config
991 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
992 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
993 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
994 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
996 controller_extraconfig:
997 mapped_data: {get_param: ControllerExtraConfig}
999 mapped_data: {get_param: ExtraConfig}
1001 raw_data: {get_file: hieradata/common.yaml}
1003 raw_data: {get_file: hieradata/ceph.yaml}
1005 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1006 ceph::profile::params::public_network: {get_input: ceph_public_network}
1007 ceph::mon::public_addr: {get_input: ceph_public_ip}
1009 raw_data: {get_file: hieradata/database.yaml}
1011 raw_data: {get_file: hieradata/object.yaml}
1013 raw_data: {get_file: hieradata/controller.yaml}
1014 mapped_data: # data supplied directly to this deployment configuration, etc
1015 bootstack_nodeid: {get_input: bootstack_nodeid}
1018 enable_fencing: {get_input: enable_fencing}
1019 hacluster_pwd: {get_input: pcsd_password}
1020 tripleo::fencing::config: {get_input: fencing_config}
1023 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1024 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1025 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1026 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1027 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1028 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1029 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1030 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1031 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1032 swift_mount_check: {get_input: swift_mount_check}
1034 # NOTE(dprince): build_ring support is currently not wired in.
1035 # See: https://review.openstack.org/#/c/109225/
1036 tripleo::ringbuilder::build_ring: True
1039 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1040 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1041 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1042 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1043 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1044 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1045 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1046 cinder::database_connection: {get_input: cinder_dsn}
1047 cinder::api::keystone_password: {get_input: cinder_password}
1048 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1049 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1050 cinder::api::bind_host: {get_input: cinder_api_network}
1051 cinder::rabbit_userid: {get_input: rabbit_username}
1052 cinder::rabbit_password: {get_input: rabbit_password}
1053 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1054 cinder::rabbit_port: {get_input: rabbit_client_port}
1055 cinder::debug: {get_input: debug}
1056 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1057 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1058 cinder_backend_config: {get_input: CinderBackendConfig}
1059 cinder::db::mysql::password: {get_input: cinder_password}
1062 glance::api::bind_port: {get_input: glance_port}
1063 glance::api::bind_host: {get_input: glance_api_network}
1064 glance::api::auth_uri: {get_input: keystone_auth_uri}
1065 glance::api::identity_uri: {get_input: keystone_identity_uri}
1066 glance::api::registry_host: {get_input: glance_registry_host}
1067 glance::api::keystone_password: {get_input: glance_password}
1068 glance::api::debug: {get_input: debug}
1069 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1070 glance_log_file: {get_input: glance_log_file}
1071 glance_log_file: {get_input: glance_log_file}
1072 glance::api::database_connection: {get_input: glance_dsn}
1073 glance::registry::keystone_password: {get_input: glance_password}
1074 glance::registry::database_connection: {get_input: glance_dsn}
1075 glance::registry::bind_host: {get_input: glance_registry_network}
1076 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1077 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1078 glance::registry::debug: {get_input: debug}
1079 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1080 glance::backend::swift::swift_store_user: service:glance
1081 glance::backend::swift::swift_store_key: {get_input: glance_password}
1082 glance_backend: {get_input: glance_backend}
1083 glance::db::mysql::password: {get_input: glance_password}
1086 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1087 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1088 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1089 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1090 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1091 heat::rabbit_userid: {get_input: rabbit_username}
1092 heat::rabbit_password: {get_input: rabbit_password}
1093 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1094 heat::rabbit_port: {get_input: rabbit_client_port}
1095 heat::auth_uri: {get_input: keystone_auth_uri}
1096 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1097 heat::identity_uri: {get_input: keystone_identity_uri}
1098 heat::keystone_password: {get_input: heat_password}
1099 heat::api::bind_host: {get_input: heat_api_network}
1100 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1101 heat::api_cfn::bind_host: {get_input: heat_api_network}
1102 heat::database_connection: {get_input: heat_dsn}
1103 heat::debug: {get_input: debug}
1104 heat::db::mysql::password: {get_input: heat_password}
1107 keystone::admin_token: {get_input: admin_token}
1108 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1109 keystone_signing_key: {get_input: keystone_signing_key}
1110 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1111 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1112 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1113 keystone::database_connection: {get_input: keystone_dsn}
1114 keystone::public_bind_host: {get_input: keystone_public_api_network}
1115 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1116 keystone::debug: {get_input: debug}
1117 keystone::db::mysql::password: {get_input: admin_token}
1118 keystone::rabbit_userid: {get_input: rabbit_username}
1119 keystone::rabbit_password: {get_input: rabbit_password}
1120 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1121 keystone::rabbit_port: {get_input: rabbit_client_port}
1122 keystone::notification_driver: {get_input: keystone_notification_driver}
1123 keystone::notification_format: {get_input: keystone_notification_format}
1125 mongodb::server::bind_ip: {get_input: mongo_db_network}
1126 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1128 admin_password: {get_input: admin_password}
1129 enable_galera: {get_input: enable_galera}
1130 enable_ceph_storage: {get_input: enable_ceph_storage}
1131 enable_swift_storage: {get_input: enable_swift_storage}
1132 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1133 mysql_max_connections: {get_input: mysql_max_connections}
1134 mysql::server::root_password: {get_input: mysql_root_password}
1135 mysql_cluster_name: {get_input: mysql_cluster_name}
1136 mysql_bind_host: {get_input: mysql_network}
1137 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1140 neutron::bind_host: {get_input: neutron_api_network}
1141 neutron::rabbit_password: {get_input: rabbit_password}
1142 neutron::rabbit_user: {get_input: rabbit_user}
1143 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1144 neutron::rabbit_port: {get_input: rabbit_client_port}
1145 neutron::debug: {get_input: debug}
1146 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1147 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1148 neutron::server::database_connection: {get_input: neutron_dsn}
1149 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1150 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1151 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1152 neutron_flat_networks: {get_input: neutron_flat_networks}
1153 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1154 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1155 neutron_agent_mode: {get_input: neutron_agent_mode}
1156 neutron_router_distributed: {get_input: neutron_router_distributed}
1157 neutron::core_plugin: {get_input: neutron_core_plugin}
1158 neutron::service_plugins: {get_input: neutron_service_plugins}
1159 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1160 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1161 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1162 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1163 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1164 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1165 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1166 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1167 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1168 neutron_public_interface: {get_input: neutron_public_interface}
1169 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1170 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1171 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1172 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1173 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1174 neutron::server::auth_password: {get_input: neutron_password}
1175 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1176 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1177 neutron_dsn: {get_input: neutron_dsn}
1178 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1179 neutron::db::mysql::password: {get_input: neutron_password}
1182 ceilometer_backend: {get_input: ceilometer_backend}
1183 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1184 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1185 ceilometer::rabbit_userid: {get_input: rabbit_username}
1186 ceilometer::rabbit_password: {get_input: rabbit_password}
1187 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1188 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1189 ceilometer::debug: {get_input: debug}
1190 ceilometer::api::host: {get_input: ceilometer_api_network}
1191 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1192 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1193 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1194 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1195 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1196 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1197 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1198 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1199 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1202 nova::rabbit_userid: {get_input: rabbit_username}
1203 nova::rabbit_password: {get_input: rabbit_password}
1204 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1205 nova::rabbit_port: {get_input: rabbit_client_port}
1206 nova::debug: {get_input: debug}
1207 nova::api::auth_uri: {get_input: keystone_auth_uri}
1208 nova::api::identity_uri: {get_input: keystone_identity_uri}
1209 nova::api::api_bind_address: {get_input: nova_api_network}
1210 nova::api::metadata_listen: {get_input: nova_metadata_network}
1211 nova::api::admin_password: {get_input: nova_password}
1212 nova::database_connection: {get_input: nova_dsn}
1213 nova::glance_api_servers: {get_input: glance_api_servers}
1214 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1215 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1216 nova::network::neutron::neutron_url: {get_input: neutron_url}
1217 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1218 nova::vncproxy::host: {get_input: nova_api_network}
1219 nova::db::mysql::password: {get_input: nova_password}
1222 apache::ip: {get_input: horizon_network}
1223 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1224 horizon::django_debug: {get_input: debug}
1225 horizon::secret_key: {get_input: horizon_secret}
1226 horizon::bind_address: {get_input: horizon_network}
1227 horizon::keystone_url: {get_input: keystone_auth_uri}
1230 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1231 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1232 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1234 redis::bind: {get_input: redis_network}
1235 redis_vip: {get_input: redis_vip}
1237 memcached::listen_ip: {get_input: memcached_network}
1238 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1239 ntp::servers: {get_input: ntp_servers}
1240 control_virtual_interface: {get_input: control_virtual_interface}
1241 public_virtual_interface: {get_input: public_virtual_interface}
1242 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1243 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1244 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1245 tripleo::packages::enable_install: {get_input: enable_package_install}
1246 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1248 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1249 ControllerExtraConfigPre:
1250 depends_on: ControllerDeployment
1251 type: OS::TripleO::ControllerExtraConfigPre
1253 server: {get_resource: Controller}
1255 # Hook for site-specific additional pre-deployment config,
1256 # applying to all nodes, e.g node registration/unregistration
1258 depends_on: ControllerExtraConfigPre
1259 type: OS::TripleO::NodeExtraConfig
1261 server: {get_resource: Controller}
1264 type: OS::TripleO::Tasks::PackageUpdate
1267 type: OS::Heat::SoftwareDeployment
1269 config: {get_resource: UpdateConfig}
1270 server: {get_resource: Controller}
1273 get_param: UpdateIdentifier
1277 description: IP address of the server in the ctlplane network
1278 value: {get_attr: [Controller, networks, ctlplane, 0]}
1279 external_ip_address:
1280 description: IP address of the server in the external network
1281 value: {get_attr: [ExternalPort, ip_address]}
1282 internal_api_ip_address:
1283 description: IP address of the server in the internal_api network
1284 value: {get_attr: [InternalApiPort, ip_address]}
1286 description: IP address of the server in the storage network
1287 value: {get_attr: [StoragePort, ip_address]}
1288 storage_mgmt_ip_address:
1289 description: IP address of the server in the storage_mgmt network
1290 value: {get_attr: [StorageMgmtPort, ip_address]}
1292 description: IP address of the server in the tenant network
1293 value: {get_attr: [TenantPort, ip_address]}
1295 description: Hostname of the server
1296 value: {get_attr: [Controller, name]}
1299 Node object in the format {ip: ..., name: ...} format that the corosync
1302 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1303 name: {get_attr: [Controller, name]}
1306 Server's IP address and hostname in the /etc/hosts format
1309 template: IP HOST.localdomain HOST CLOUDNAME
1311 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1312 HOST: {get_attr: [Controller, name]}
1313 CLOUDNAME: {get_param: CloudName}
1314 nova_server_resource:
1315 description: Heat resource handle for the Nova compute server
1317 {get_resource: Controller}
1319 description: Swift device formatted for swift-ring-builder
1322 template: 'r1z1-IP:%PORT%/d1'
1324 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1325 swift_proxy_memcache:
1326 description: Swift proxy-memcache value
1329 template: "IP:11211"
1331 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1333 description: identifier which changes if the controller configuration may need re-applying
1337 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1338 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1339 - {get_param: UpdateIdentifier}