1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service and db account.
31 CinderEnableNfsBackend:
33 description: Whether to enable or not the NFS backend for Cinder
35 CinderEnableIscsiBackend:
37 description: Whether to enable or not the Iscsi backend for Cinder
39 CinderEnableRbdBackend:
41 description: Whether to enable or not the Rbd backend for Cinder
45 description: The iSCSI helper to use with cinder.
47 CinderLVMLoopDeviceSize:
49 description: The size of the loopback file used by the cinder LVM driver.
51 CinderNfsMountOptions:
54 Mount options for NFS mounts used by Cinder NFS backend. Effective
55 when CinderEnableNfsBackend is true.
60 NFS servers used by Cinder NFS backend. Effective when
61 CinderEnableNfsBackend is true.
62 type: comma_delimited_list
65 description: The password for the cinder service and db account, used by cinder-api.
70 description: Contains parameters to configure Cinder backends. Typically
71 set via parameter_defaults in the resource registry.
75 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
77 ControllerExtraConfig:
80 Controller specific hiera configuration data to inject into the cluster.
82 ControlVirtualInterface:
84 description: Interface where virtual ip will be assigned.
88 description: Set to True to enable debugging on all services.
92 description: Whether to enable fencing in Pacemaker or not.
96 description: Whether to use Galera instead of regular MariaDB.
100 description: Whether to deploy Ceph Storage (OSD) on the Controller
104 description: Whether to enable Swift Storage on the Controller
109 Additional hieradata to inject into the cluster, note that
110 ControllerExtraConfig takes precedence over ExtraConfig.
115 Pacemaker fencing configuration. The JSON should have
116 the following structure:
120 "agent": "AGENT_NAME",
121 "host_mac": "HOST_MAC_ADDRESS",
122 "params": {"PARAM_NAME": "PARAM_VALUE"}
130 "agent": "fence_xvm",
131 "host_mac": "52:54:00:aa:bb:cc",
133 "multicast_address": "225.0.0.12",
134 "port": "baremetal_0",
136 "manage_key_file": true,
137 "key_file": "/etc/fence_xvm.key",
138 "key_file_password": "abcdef"
145 description: Flavor for control nodes to request when deploying.
148 - custom_constraint: nova.flavor
149 GlanceNotifierStrategy:
150 description: Strategy to use for Glance notification queue
154 description: The filepath of the file to use for logging messages from Glance.
159 description: The password for the glance service and db account, used by the glance services.
164 description: Glance port.
168 description: Protocol to use when connecting to glance, set to https for SSL.
172 description: The short name of the Glance backend to use. Should be one
173 of swift, rbd, or file
176 - allowed_values: ['swift', 'file', 'rbd']
179 description: The password for the Heat service and db account, used by the Heat services.
182 HeatStackDomainAdminPassword:
183 description: Password for heat_domain_admin user.
187 HeatAuthEncryptionKey:
188 description: Auth encryption key for heat-engine
192 description: A list of IP/Hostname allowed to connect to horizon
193 type: comma_delimited_list
195 description: Secret key for Django
199 default: overcloud-control
201 - custom_constraint: glance.image
203 default: 'REBUILD_PRESERVE_EPHEMERAL'
204 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
208 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
211 - custom_constraint: nova.keypair
212 KeystoneCACertificate:
214 description: Keystone self-signed certificate authority certificate.
216 KeystoneSigningCertificate:
218 description: Keystone certificate for verifying token validity.
222 description: Keystone key for signing tokens.
225 KeystoneSSLCertificate:
227 description: Keystone certificate for verifying token validity.
229 KeystoneSSLCertificateKey:
231 description: Keystone key for signing tokens.
234 KeystoneNotificationDriver:
235 description: Comma-separated list of Oslo notification drivers used by Keystone
236 default: ['messaging']
237 type: comma_delimited_list
238 KeystoneNotificationFormat:
239 description: The Keystone notification format
243 - allowed_values: [ 'basic', 'cadf' ]
244 MysqlClusterUniquePart:
245 description: A unique identifier of the MySQL cluster the controller is in.
247 default: 'unset' # Has to be here because of the ignored empty value bug
248 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
250 # - length: {min: 4, max: 10}
251 MysqlInnodbBufferPoolSize:
253 Specifies the size of the buffer pool in megabytes. Setting to
254 zero should be interpreted as "no value" and will defer to the
259 description: Configures MySQL max_connections config setting
265 default: '' # Has to be here because of the ignored empty value bug
266 NeutronExternalNetworkBridge:
267 description: Name of bridge used for external network traffic.
270 NeutronBridgeMappings:
272 The OVS logical->physical bridge mappings to use. See the Neutron
273 documentation for details. Defaults to mapping br-ex - the external
274 bridge on hosts - to a physical name 'datacentre' which can be used
275 to create provider networks (and we use this for the default floating
276 network) - if changing this either use different post-install network
277 scripts or be sure to keep 'datacentre' as a mapping network name.
279 default: "datacentre:br-ex"
280 NeutronDnsmasqOptions:
281 default: 'dhcp-option-force=26,1400'
282 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
286 description: Agent mode for the neutron-l3-agent on the controller hosts
290 description: Whether to enable l3-agent HA
292 NeutronDhcpAgentsPerNetwork:
295 description: The number of neutron dhcp agents to schedule per network
298 description: Whether to configure Neutron Distributed Virtual Routers
300 NeutronMetadataProxySharedSecret:
302 description: Shared secret to prevent spoofing
307 The core plugin for Neutron. The value should be the entrypoint to be loaded
308 from neutron.core_plugins namespace.
310 NeutronServicePlugins:
313 Comma-separated list of service plugin entrypoints to be loaded from the
314 neutron.service_plugins namespace.
315 type: comma_delimited_list
317 default: "vxlan,vlan,flat,gre"
319 Comma-separated list of network type driver entrypoints to be loaded.
320 type: comma_delimited_list
321 NeutronMechanismDrivers:
322 default: 'openvswitch'
324 The mechanism drivers for the Neutron tenant network. To specify multiple
325 values, use a comma separated string, like so: 'openvswitch,l2_population'
327 NeutronAllowL3AgentFailover:
329 description: Allow automatic l3-agent failover
331 NeutronEnableTunnelling:
336 default: 'datacentre'
337 description: If set, flat networks to configure in neutron plugins.
340 description: Whether to enable l3-agent HA
344 description: The tenant network type for Neutron, either gre or vxlan.
346 NeutronNetworkVLANRanges:
347 default: 'datacentre'
349 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
350 Neutron documentation for permitted values. Defaults to permitting any
351 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
352 type: comma_delimited_list
355 description: The password for the neutron service and db account, used by neutron agents.
358 NeutronPublicInterface:
360 description: What interface to bridge onto br-ex for network nodes.
362 NeutronPublicInterfaceTag:
365 VLAN tag for creating a public VLAN. The tag will be used to
366 create an access port on the exterior bridge for each control plane node,
367 and that port will be given the IP address returned by neutron from the
368 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
369 overcloud.yaml to include the deployment of VLAN ports to the control
372 NeutronPublicInterfaceDefaultRoute:
374 description: A custom default route for the NeutronPublicInterface.
376 NeutronPublicInterfaceIP:
378 description: A custom IP address to put onto the NeutronPublicInterface.
380 NeutronPublicInterfaceRawDevice:
382 description: If set, the public interface is a vlan with this device as the raw device.
387 The tunnel types for the Neutron tenant network. To specify multiple
388 values, use a comma separated string, like so: 'gre,vxlan'
390 NeutronTunnelIdRanges:
392 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
393 of GRE tunnel IDs that are available for tenant network allocation
394 default: ["1:1000", ]
395 type: comma_delimited_list
398 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
399 of VXLAN VNI IDs that are available for tenant network allocation
400 default: ["1:1000", ]
401 type: comma_delimited_list
404 description: The password for the nova service and db account, used by nova-api.
409 description: Should MongoDb journaling be disabled
416 description: The password for the 'pcsd' user.
417 PublicVirtualInterface:
420 Specifies the interface where the public-facing virtual ip will be assigned.
421 This should be int_public when a VLAN is being used.
423 PublicVirtualIP: # DEPRECATED: use per service settings instead
425 default: '' # Has to be here because of the ignored empty value bug
428 default: '' # Has to be here because of the ignored empty value bug
432 description: The password for RabbitMQ
437 description: The username for RabbitMQ
442 Rabbit client subscriber parameter to specify
443 an SSL connection to the RabbitMQ host.
447 description: Set rabbit subscriber port, change this if using SSL
451 description: Configures RabbitMQ FD limit
455 default: '' # Has to be here because of the ignored empty value bug
456 SnmpdReadonlyUserName:
457 default: ro_snmp_user
458 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
460 SnmpdReadonlyUserPassword:
462 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
467 description: If set, the contents of an SSL certificate authority file.
471 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
476 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
481 description: A random string to be used as a salt when hashing to determine mappings
487 description: Value of mount_check in Swift account/container/object -server.conf
492 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
495 description: Partition Power to use when building Swift rings
499 description: The password for the swift service account, used by the swift proxy
506 description: How many replicas to use in the swift rings.
507 VirtualIP: # DEPRECATED: use per service settings instead
509 default: '' # Has to be here because of the ignored empty value bug
516 GlanceRegistryVirtualIP:
522 KeystoneAdminApiVirtualIP:
525 KeystonePublicApiVirtualIP:
531 EnablePackageInstall:
533 description: Set to true to enable package installation via Puppet
537 description: Mapping of service_name -> network name. Typically set
538 via parameter_defaults in the resource registry.
544 Setting to a previously unused value during stack-update will trigger
545 package update on all nodes
548 default: '' # Defaults to Heat created hostname
553 type: OS::Nova::Server
555 image: {get_param: Image}
556 image_update_policy: {get_param: ImageUpdatePolicy}
557 flavor: {get_param: Flavor}
558 key_name: {get_param: KeyName}
561 user_data_format: SOFTWARE_CONFIG
562 user_data: {get_resource: UserData}
563 name: {get_param: Hostname}
565 # Combine the NodeAdminUserData and NodeUserData mime archives
567 type: OS::Heat::MultipartMime
570 - config: {get_resource: NodeAdminUserData}
572 - config: {get_resource: NodeUserData}
575 # Creates the "heat-admin" user if configured via the environment
576 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
578 type: OS::TripleO::NodeAdminUserData
580 # For optional operator additional userdata
581 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
583 type: OS::TripleO::NodeUserData
586 type: OS::TripleO::Controller::Ports::ExternalPort
588 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
591 type: OS::TripleO::Controller::Ports::InternalApiPort
593 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
596 type: OS::TripleO::Controller::Ports::StoragePort
598 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
601 type: OS::TripleO::Controller::Ports::StorageMgmtPort
603 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
606 type: OS::TripleO::Controller::Ports::TenantPort
608 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
611 type: OS::TripleO::Network::Ports::NetIpMap
613 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
614 ExternalIp: {get_attr: [ExternalPort, ip_address]}
615 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
616 StorageIp: {get_attr: [StoragePort, ip_address]}
617 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
618 TenantIp: {get_attr: [TenantPort, ip_address]}
621 type: OS::TripleO::Network::Ports::NetIpSubnetMap
623 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
624 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
625 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
626 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
627 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
628 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
631 type: OS::TripleO::Controller::Net::SoftwareConfig
633 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
634 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
635 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
636 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
637 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
638 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
641 type: OS::TripleO::SoftwareDeployment
643 config: {get_resource: NetworkConfig}
644 server: {get_resource: Controller}
647 interface_name: {get_param: NeutronPublicInterface}
649 ControllerDeployment:
650 type: OS::TripleO::SoftwareDeployment
651 depends_on: NetworkDeployment
653 config: {get_resource: ControllerConfig}
654 server: {get_resource: Controller}
656 bootstack_nodeid: {get_attr: [Controller, name]}
657 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
658 heat.watch_server_url:
662 - {get_param: HeatApiVirtualIP}
664 heat.metadata_server_url:
668 - {get_param: HeatApiVirtualIP}
670 heat.waitcondition_server_url:
674 - {get_param: HeatApiVirtualIP}
675 - ':8000/v1/waitcondition'
676 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
677 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
678 horizon_secret: {get_param: HorizonSecret}
679 admin_password: {get_param: AdminPassword}
680 admin_token: {get_param: AdminToken}
681 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
682 debug: {get_param: Debug}
683 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
684 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
685 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
688 template: "['SERVERS']"
693 - {get_param: CinderNfsServers}
694 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
695 cinder_password: {get_param: CinderPassword}
696 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
697 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
698 cinder_backend_config: {get_param: CinderBackendConfig}
702 - - 'mysql://cinder:'
703 - {get_param: CinderPassword}
705 - {get_param: MysqlVirtualIP}
707 glance_port: {get_param: GlancePort}
708 glance_password: {get_param: GlancePassword}
709 glance_backend: {get_param: GlanceBackend}
710 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
711 glance_log_file: {get_param: GlanceLogFile}
715 - - 'mysql://glance:'
716 - {get_param: GlancePassword}
718 - {get_param: MysqlVirtualIP}
720 heat_password: {get_param: HeatPassword}
721 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
726 - {get_param: HeatPassword}
728 - {get_param: MysqlVirtualIP}
730 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
731 keystone_ca_certificate: {get_param: KeystoneCACertificate}
732 keystone_signing_key: {get_param: KeystoneSigningKey}
733 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
734 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
735 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
736 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
737 keystone_notification_format: {get_param: KeystoneNotificationFormat}
741 - - 'mysql://keystone:'
742 - {get_param: AdminToken}
744 - {get_param: MysqlVirtualIP}
746 keystone_identity_uri:
750 - {get_param: KeystoneAdminApiVirtualIP}
756 - {get_param: KeystonePublicApiVirtualIP}
762 - {get_param: KeystonePublicApiVirtualIP}
763 - ':5000/v2.0/ec2tokens'
764 enable_fencing: {get_param: EnableFencing}
765 enable_galera: {get_param: EnableGalera}
766 enable_ceph_storage: {get_param: EnableCephStorage}
767 enable_swift_storage: {get_param: EnableSwiftStorage}
768 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
769 mysql_max_connections: {get_param: MysqlMaxConnections}
770 mysql_root_password: {get_param: MysqlRootPassword}
773 template: tripleo-CLUSTER
775 CLUSTER: {get_param: MysqlClusterUniquePart}
776 neutron_flat_networks: {get_param: NeutronFlatNetworks}
777 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
778 neutron_agent_mode: {get_param: NeutronAgentMode}
779 neutron_router_distributed: {get_param: NeutronDVR}
780 neutron_core_plugin: {get_param: NeutronCorePlugin}
781 neutron_service_plugins:
783 template: "['PLUGINS']"
788 - {get_param: NeutronServicePlugins}
789 neutron_type_drivers:
791 template: "['DRIVERS']"
796 - {get_param: NeutronTypeDrivers}
797 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
798 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
799 neutron_l3_ha: {get_param: NeutronL3HA}
800 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
801 neutron_network_vlan_ranges:
803 template: "['RANGES']"
808 - {get_param: NeutronNetworkVLANRanges}
809 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
810 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
811 neutron_public_interface: {get_param: NeutronPublicInterface}
812 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
813 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
814 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
815 neutron_tenant_network_type: {get_param: NeutronNetworkType}
816 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
817 neutron_tunnel_id_ranges:
819 template: "['RANGES']"
824 - {get_param: NeutronTunnelIdRanges}
827 template: "['RANGES']"
832 - {get_param: NeutronVniRanges}
833 neutron_password: {get_param: NeutronPassword}
834 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
838 - - 'mysql://neutron:'
839 - {get_param: NeutronPassword}
841 - {get_param: MysqlVirtualIP}
842 - '/ovs_neutron?charset=utf8'
847 - {get_param: NeutronApiVirtualIP}
849 neutron_admin_auth_url:
853 - {get_param: KeystoneAdminApiVirtualIP}
855 ceilometer_backend: {get_param: CeilometerBackend}
856 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
857 ceilometer_password: {get_param: CeilometerPassword}
858 ceilometer_coordination_url:
862 - {get_param: RedisVirtualIP}
867 - - 'mysql://ceilometer:unset@'
868 - {get_param: MysqlVirtualIP}
870 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
871 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
872 nova_password: {get_param: NovaPassword}
877 - {get_param: NovaPassword}
879 - {get_param: MysqlVirtualIP}
881 fencing_config: {get_param: FencingConfig}
882 pcsd_password: {get_param: PcsdPassword}
883 rabbit_username: {get_param: RabbitUserName}
884 rabbit_password: {get_param: RabbitPassword}
885 rabbit_cookie: {get_param: RabbitCookie}
886 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
887 rabbit_client_port: {get_param: RabbitClientPort}
888 mongodb_no_journal: {get_param: MongoDbNoJournal}
889 # We need to force this into quotes or hiera will return integer causing
890 # the puppet module validation regexp to fail.
891 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
896 LIMIT: {get_param: RabbitFDLimit}
899 template: '["server"]'
901 server: {get_param: NtpServer}
902 control_virtual_interface: {get_param: ControlVirtualInterface}
903 public_virtual_interface: {get_param: PublicVirtualInterface}
904 swift_hash_suffix: {get_param: SwiftHashSuffix}
905 swift_password: {get_param: SwiftPassword}
906 swift_part_power: {get_param: SwiftPartPower}
907 swift_replicas: {get_param: SwiftReplicas}
908 swift_min_part_hours: {get_param: SwiftMinPartHours}
909 swift_mount_check: {get_param: SwiftMountCheck}
910 enable_package_install: {get_param: EnablePackageInstall}
911 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
912 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
913 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
914 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
915 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
916 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
917 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
921 - - {get_param: GlanceProtocol}
923 - {get_param: GlanceApiVirtualIP}
925 - {get_param: GlancePort}
926 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
927 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
928 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
929 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
930 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
931 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
932 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
933 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
934 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
935 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
936 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
937 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
938 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
939 redis_vip: {get_param: RedisVirtualIP}
940 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
941 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
942 mysql_virtual_ip: {get_param: MysqlVirtualIP}
943 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
944 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
945 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
947 # Map heat metadata into hiera datafiles
949 type: OS::Heat::StructuredConfig
951 group: os-apply-config
956 - heat_config_%{::deploy_config_name}
957 - controller_extraconfig
962 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
963 - ceph_cluster # provided by CephClusterConfig
965 - bootstrap_node # provided by BootstrapNodeConfig
966 - all_nodes # provided by allNodesConfig
967 - vip_data # provided by vip-config
970 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
971 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
972 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
973 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
975 controller_extraconfig:
976 mapped_data: {get_param: ControllerExtraConfig}
978 mapped_data: {get_param: ExtraConfig}
980 raw_data: {get_file: hieradata/common.yaml}
982 raw_data: {get_file: hieradata/ceph.yaml}
984 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
985 ceph::profile::params::public_network: {get_input: ceph_public_network}
986 ceph::mon::public_addr: {get_input: ceph_public_ip}
988 raw_data: {get_file: hieradata/database.yaml}
990 raw_data: {get_file: hieradata/object.yaml}
992 raw_data: {get_file: hieradata/controller.yaml}
993 mapped_data: # data supplied directly to this deployment configuration, etc
994 bootstack_nodeid: {get_input: bootstack_nodeid}
997 enable_fencing: {get_input: enable_fencing}
998 hacluster_pwd: {get_input: pcsd_password}
999 tripleo::fencing::config: {get_input: fencing_config}
1002 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1003 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1004 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1005 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1006 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1007 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1008 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1009 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1010 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1011 swift_mount_check: {get_input: swift_mount_check}
1013 # NOTE(dprince): build_ring support is currently not wired in.
1014 # See: https://review.openstack.org/#/c/109225/
1015 tripleo::ringbuilder::build_ring: True
1018 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1019 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1020 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1021 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1022 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1023 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1024 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1025 cinder::database_connection: {get_input: cinder_dsn}
1026 cinder::api::keystone_password: {get_input: cinder_password}
1027 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1028 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1029 cinder::api::bind_host: {get_input: cinder_api_network}
1030 cinder::rabbit_userid: {get_input: rabbit_username}
1031 cinder::rabbit_password: {get_input: rabbit_password}
1032 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1033 cinder::rabbit_port: {get_input: rabbit_client_port}
1034 cinder::debug: {get_input: debug}
1035 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1036 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1037 cinder_backend_config: {get_input: CinderBackendConfig}
1038 cinder::db::mysql::password: {get_input: cinder_password}
1041 glance::api::bind_port: {get_input: glance_port}
1042 glance::api::bind_host: {get_input: glance_api_network}
1043 glance::api::auth_uri: {get_input: keystone_auth_uri}
1044 glance::api::identity_uri: {get_input: keystone_identity_uri}
1045 glance::api::registry_host: {get_input: glance_registry_host}
1046 glance::api::keystone_password: {get_input: glance_password}
1047 glance::api::debug: {get_input: debug}
1048 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1049 glance_log_file: {get_input: glance_log_file}
1050 glance_log_file: {get_input: glance_log_file}
1051 glance::api::database_connection: {get_input: glance_dsn}
1052 glance::registry::keystone_password: {get_input: glance_password}
1053 glance::registry::database_connection: {get_input: glance_dsn}
1054 glance::registry::bind_host: {get_input: glance_registry_network}
1055 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1056 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1057 glance::registry::debug: {get_input: debug}
1058 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1059 glance::backend::swift::swift_store_user: service:glance
1060 glance::backend::swift::swift_store_key: {get_input: glance_password}
1061 glance_backend: {get_input: glance_backend}
1062 glance::db::mysql::password: {get_input: glance_password}
1065 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1066 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1067 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1068 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1069 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1070 heat::rabbit_userid: {get_input: rabbit_username}
1071 heat::rabbit_password: {get_input: rabbit_password}
1072 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1073 heat::rabbit_port: {get_input: rabbit_client_port}
1074 heat::auth_uri: {get_input: keystone_auth_uri}
1075 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1076 heat::identity_uri: {get_input: keystone_identity_uri}
1077 heat::keystone_password: {get_input: heat_password}
1078 heat::api::bind_host: {get_input: heat_api_network}
1079 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1080 heat::api_cfn::bind_host: {get_input: heat_api_network}
1081 heat::database_connection: {get_input: heat_dsn}
1082 heat::debug: {get_input: debug}
1083 heat::db::mysql::password: {get_input: heat_password}
1086 keystone::admin_token: {get_input: admin_token}
1087 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1088 keystone_signing_key: {get_input: keystone_signing_key}
1089 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1090 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1091 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1092 keystone::database_connection: {get_input: keystone_dsn}
1093 keystone::public_bind_host: {get_input: keystone_public_api_network}
1094 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1095 keystone::debug: {get_input: debug}
1096 keystone::db::mysql::password: {get_input: admin_token}
1097 keystone::rabbit_userid: {get_input: rabbit_username}
1098 keystone::rabbit_password: {get_input: rabbit_password}
1099 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1100 keystone::rabbit_port: {get_input: rabbit_client_port}
1101 keystone::notification_driver: {get_input: keystone_notification_driver}
1102 keystone::notification_format: {get_input: keystone_notification_format}
1104 mongodb::server::bind_ip: {get_input: mongo_db_network}
1105 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1107 admin_password: {get_input: admin_password}
1108 enable_galera: {get_input: enable_galera}
1109 enable_ceph_storage: {get_input: enable_ceph_storage}
1110 enable_swift_storage: {get_input: enable_swift_storage}
1111 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1112 mysql_max_connections: {get_input: mysql_max_connections}
1113 mysql::server::root_password: {get_input: mysql_root_password}
1114 mysql_cluster_name: {get_input: mysql_cluster_name}
1115 mysql_bind_host: {get_input: mysql_network}
1116 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1119 neutron::bind_host: {get_input: neutron_api_network}
1120 neutron::rabbit_password: {get_input: rabbit_password}
1121 neutron::rabbit_user: {get_input: rabbit_user}
1122 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1123 neutron::rabbit_port: {get_input: rabbit_client_port}
1124 neutron::debug: {get_input: debug}
1125 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1126 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1127 neutron::server::database_connection: {get_input: neutron_dsn}
1128 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1129 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1130 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1131 neutron_flat_networks: {get_input: neutron_flat_networks}
1132 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1133 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1134 neutron_agent_mode: {get_input: neutron_agent_mode}
1135 neutron_router_distributed: {get_input: neutron_router_distributed}
1136 neutron::core_plugin: {get_input: neutron_core_plugin}
1137 neutron::service_plugins: {get_input: neutron_service_plugins}
1138 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1139 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1140 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1141 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1142 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1143 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1144 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1145 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1146 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1147 neutron_public_interface: {get_input: neutron_public_interface}
1148 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1149 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1150 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1151 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1152 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1153 neutron::server::auth_password: {get_input: neutron_password}
1154 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1155 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1156 neutron_dsn: {get_input: neutron_dsn}
1157 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1158 neutron::db::mysql::password: {get_input: neutron_password}
1161 ceilometer_backend: {get_input: ceilometer_backend}
1162 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1163 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1164 ceilometer::rabbit_userid: {get_input: rabbit_username}
1165 ceilometer::rabbit_password: {get_input: rabbit_password}
1166 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1167 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1168 ceilometer::debug: {get_input: debug}
1169 ceilometer::api::host: {get_input: ceilometer_api_network}
1170 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1171 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1172 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1173 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1174 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1175 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1176 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1177 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1178 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1181 nova::rabbit_userid: {get_input: rabbit_username}
1182 nova::rabbit_password: {get_input: rabbit_password}
1183 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1184 nova::rabbit_port: {get_input: rabbit_client_port}
1185 nova::debug: {get_input: debug}
1186 nova::api::auth_uri: {get_input: keystone_auth_uri}
1187 nova::api::identity_uri: {get_input: keystone_identity_uri}
1188 nova::api::api_bind_address: {get_input: nova_api_network}
1189 nova::api::metadata_listen: {get_input: nova_metadata_network}
1190 nova::api::admin_password: {get_input: nova_password}
1191 nova::database_connection: {get_input: nova_dsn}
1192 nova::glance_api_servers: {get_input: glance_api_servers}
1193 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1194 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1195 nova::network::neutron::neutron_url: {get_input: neutron_url}
1196 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1197 nova::vncproxy::host: {get_input: nova_api_network}
1198 nova::db::mysql::password: {get_input: nova_password}
1201 apache::ip: {get_input: horizon_network}
1202 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1203 horizon::django_debug: {get_input: debug}
1204 horizon::secret_key: {get_input: horizon_secret}
1205 horizon::bind_address: {get_input: horizon_network}
1206 horizon::keystone_url: {get_input: keystone_auth_uri}
1209 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1210 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1211 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1213 redis::bind: {get_input: redis_network}
1214 redis_vip: {get_input: redis_vip}
1216 memcached::listen_ip: {get_input: memcached_network}
1217 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1218 ntp::servers: {get_input: ntp_servers}
1219 control_virtual_interface: {get_input: control_virtual_interface}
1220 public_virtual_interface: {get_input: public_virtual_interface}
1221 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1222 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1223 tripleo::packages::enable_install: {get_input: enable_package_install}
1224 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1226 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1227 ControllerExtraConfigPre:
1228 depends_on: ControllerDeployment
1229 type: OS::TripleO::ControllerExtraConfigPre
1231 server: {get_resource: Controller}
1233 # Hook for site-specific additional pre-deployment config,
1234 # applying to all nodes, e.g node registration/unregistration
1236 depends_on: ControllerExtraConfigPre
1237 type: OS::TripleO::NodeExtraConfig
1239 server: {get_resource: Controller}
1242 type: OS::TripleO::Tasks::PackageUpdate
1245 type: OS::Heat::SoftwareDeployment
1247 config: {get_resource: UpdateConfig}
1248 server: {get_resource: Controller}
1251 get_param: UpdateIdentifier
1255 description: IP address of the server in the ctlplane network
1256 value: {get_attr: [Controller, networks, ctlplane, 0]}
1257 external_ip_address:
1258 description: IP address of the server in the external network
1259 value: {get_attr: [ExternalPort, ip_address]}
1260 internal_api_ip_address:
1261 description: IP address of the server in the internal_api network
1262 value: {get_attr: [InternalApiPort, ip_address]}
1264 description: IP address of the server in the storage network
1265 value: {get_attr: [StoragePort, ip_address]}
1266 storage_mgmt_ip_address:
1267 description: IP address of the server in the storage_mgmt network
1268 value: {get_attr: [StorageMgmtPort, ip_address]}
1270 description: IP address of the server in the tenant network
1271 value: {get_attr: [TenantPort, ip_address]}
1273 description: Hostname of the server
1274 value: {get_attr: [Controller, name]}
1277 Node object in the format {ip: ..., name: ...} format that the corosync
1280 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1281 name: {get_attr: [Controller, name]}
1284 Server's IP address and hostname in the /etc/hosts format
1287 template: IP HOST.localdomain HOST CLOUDNAME
1289 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1290 HOST: {get_attr: [Controller, name]}
1291 CLOUDNAME: {get_param: CloudName}
1292 nova_server_resource:
1293 description: Heat resource handle for the Nova compute server
1295 {get_resource: Controller}
1297 description: Swift device formatted for swift-ring-builder
1300 template: 'r1z1-IP:%PORT%/d1'
1302 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1303 swift_proxy_memcache:
1304 description: Swift proxy-memcache value
1307 template: "IP:11211"
1309 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1311 description: identifier which changes if the controller configuration may need re-applying
1315 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1316 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1317 - {get_param: UpdateIdentifier}