1 heat_template_version: 2016-04-08
4 OpenStack controller node configured by Puppet.
8 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
15 description: The password for the aodh services.
18 #TODO(composable Redis): Remove the Redis password param
19 #As is used by ceilometer
20 CeilometerApiVirtualIP:
25 description: The ceilometer backend type.
27 CeilometerMeteringSecret:
28 description: Secret shared by the ceilometer services.
32 description: The password for the ceilometer service and db account.
35 CeilometerStoreEvents:
37 description: Whether to store events in ceilometer.
39 CeilometerMeterDispatcher:
41 description: Dispatcher to process meter data
44 - allowed_values: ['gnocchi', 'database']
50 description: Number of workers for Ceilometer service.
52 controllerExtraConfig:
55 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
57 ControllerExtraConfig:
60 Controller specific hiera configuration data to inject into the cluster.
65 A network mapped list of IPs to assign to Controllers in the following form:
67 "internal_api": ["a.b.c.d", "e.f.g.h"],
71 ControlVirtualInterface:
73 description: Interface where virtual ip will be assigned.
77 description: Enable IPv6 in Corosync
81 description: Set to True to enable debugging on all services.
85 description: Whether to enable fencing in Pacemaker or not.
89 description: Whether to use Galera instead of regular MariaDB.
93 description: Whether to deploy a LoadBalancer on the Controller
97 description: Whether to deploy Ceph Storage (OSD) on the Controller
101 description: Whether to enable Swift Storage on the Controller
106 Additional hieradata to inject into the cluster, note that
107 ControllerExtraConfig takes precedence over ExtraConfig.
112 Pacemaker fencing configuration. The JSON should have
113 the following structure:
117 "agent": "AGENT_NAME",
118 "host_mac": "HOST_MAC_ADDRESS",
119 "params": {"PARAM_NAME": "PARAM_VALUE"}
127 "agent": "fence_xvm",
128 "host_mac": "52:54:00:aa:bb:cc",
130 "multicast_address": "225.0.0.12",
131 "port": "baremetal_0",
133 "manage_key_file": true,
134 "key_file": "/etc/fence_xvm.key",
135 "key_file_password": "abcdef"
142 description: Flavor for control nodes to request when deploying.
145 - custom_constraint: nova.flavor
148 description: The short name of the Gnocchi backend to use. Should be one
149 of swift, rbd, or file
152 - allowed_values: ['swift', 'file', 'rbd']
153 GnocchiIndexerBackend:
155 description: The short name of the Gnocchi indexer backend to use.
161 description: The password for the gnocchi service and db account.
164 HAProxyStatsPassword:
165 description: Password for HAProxy stats endpoint
168 description: User for HAProxy stats endpoint
171 HAProxySyslogAddress:
173 description: Syslog address where HAproxy will send its log
175 HeatAuthEncryptionKey:
176 description: Auth encryption key for heat-engine
181 description: A list of IP/Hostname allowed to connect to horizon
182 type: comma_delimited_list
184 description: Secret key for Django
189 default: overcloud-control
191 - custom_constraint: glance.image
193 default: 'REBUILD_PRESERVE_EPHEMERAL'
194 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
196 InstanceNameTemplate:
197 default: 'instance-%08x'
198 description: Template string to be used to generate instance names
202 description: Name of an existing Nova key pair to enable SSH access to the instances
205 - custom_constraint: nova.keypair
209 description: Keystone region for endpoint
212 description: Whether to manage IPtables rules.
216 description: Enable IPv6 features in Memcached.
220 description: Whether IPtables rules should be purged before setting up the new ones.
225 MysqlClusterUniquePart:
226 description: A unique identifier of the MySQL cluster the controller is in.
228 default: 'unset' # Has to be here because of the ignored empty value bug
229 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
231 # - length: {min: 4, max: 10}
232 MysqlInnodbBufferPoolSize:
234 Specifies the size of the buffer pool in megabytes. Setting to
235 zero should be interpreted as "no value" and will defer to the
240 description: Configures MySQL max_connections config setting
243 MysqlClustercheckPassword:
249 default: '' # Has to be here because of the ignored empty value bug
250 NeutronMetadataProxySharedSecret:
251 description: Shared secret to prevent spoofing
255 description: The password for the neutron service and db account, used by neutron agents.
258 NeutronPublicInterface:
260 description: What interface to bridge onto br-ex for network nodes.
264 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
265 be at least 50 bytes smaller than the MTU on the physical network. This
266 value will be used to set the MTU on the virtual Ethernet device.
267 This number is related to the value of NeutronDnsmasqOptions, since that
268 will determine the MTU that is assigned to the VM host through DHCP.
277 Whether to create cron job for purging soft deleted rows in Nova database.
281 description: Enable IPv6 features in Nova
284 description: The password for the nova service and db account, used by nova-api.
289 description: The password for the 'pcsd' user.
291 PublicVirtualInterface:
294 Specifies the interface where the public-facing virtual ip will be assigned.
295 This should be int_public when a VLAN is being used.
299 default: '' # Has to be here because of the ignored empty value bug
302 default: '' # Has to be here because of the ignored empty value bug
305 description: The password for RabbitMQ
310 description: The username for RabbitMQ
315 Rabbit client subscriber parameter to specify
316 an SSL connection to the RabbitMQ host.
320 description: Set rabbit subscriber port, change this if using SSL
323 description: The password for Redis
328 default: '' # Has to be here because of the ignored empty value bug
331 default: '' # Has to be here because of the ignored empty value bug
332 description: An IP address which is wrapped in brackets in case of IPv6
333 SnmpdReadonlyUserName:
334 default: ro_snmp_user
335 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
337 SnmpdReadonlyUserPassword:
338 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
342 description: A random string to be used as a salt when hashing to determine mappings
348 description: Value of mount_check in Swift account/container/object -server.conf
353 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
356 description: Partition Power to use when building Swift rings
360 description: Whether to manage Swift rings or not
368 description: How many replicas to use in the swift rings.
371 description: The timezone to be set on controller nodes.
373 UpgradeLevelNovaCompute:
375 description: Nova Compute upgrade level
377 VirtualIP: # DEPRECATED: use per service settings instead
379 default: '' # Has to be here because of the ignored empty value bug
392 EnablePackageInstall:
394 description: Set to true to enable package installation via Puppet
398 description: Mapping of service_name -> network name. Typically set
399 via parameter_defaults in the resource registry.
403 description: Mapping of service endpoint -> protocol. Typically set
404 via parameter_defaults in the resource registry.
410 Setting to a previously unused value during stack-update will trigger
411 package update on all nodes
414 default: '' # Defaults to Heat created hostname
418 description: Optional mapping to override hostnames
419 NetworkDeploymentActions:
420 type: comma_delimited_list
422 Heat action when to apply network configuration changes
427 SoftwareConfigTransport:
428 default: POLL_SERVER_CFN
430 How the server should receive the metadata required for software configuration.
433 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
438 The DNS domain used for the hosts. This should match the dhcp_domain
439 configured in the Undercloud neutron. Defaults to localdomain.
443 Extra properties or metadata passed to Nova for the created nodes in
444 the overcloud. It's accessible via the Nova metadata API.
448 description: Optional scheduler hints to pass to nova
450 ServiceConfigSettings:
456 description: Do not use deprecated params, they will be removed.
458 - controllerExtraConfig
463 type: OS::Nova::Server
465 image: {get_param: Image}
466 image_update_policy: {get_param: ImageUpdatePolicy}
467 flavor: {get_param: Flavor}
468 key_name: {get_param: KeyName}
471 user_data_format: SOFTWARE_CONFIG
472 user_data: {get_resource: UserData}
475 template: {get_param: Hostname}
476 params: {get_param: HostnameMap}
477 software_config_transport: {get_param: SoftwareConfigTransport}
478 metadata: {get_param: ServerMetadata}
479 scheduler_hints: {get_param: SchedulerHints}
481 # Combine the NodeAdminUserData and NodeUserData mime archives
483 type: OS::Heat::MultipartMime
486 - config: {get_resource: NodeAdminUserData}
488 - config: {get_resource: NodeUserData}
491 # Creates the "heat-admin" user if configured via the environment
492 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
494 type: OS::TripleO::NodeAdminUserData
496 # For optional operator additional userdata
497 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
499 type: OS::TripleO::NodeUserData
502 type: OS::TripleO::Controller::Ports::ExternalPort
504 IPPool: {get_param: ControllerIPs}
505 NodeIndex: {get_param: NodeIndex}
506 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
509 type: OS::TripleO::Controller::Ports::InternalApiPort
511 IPPool: {get_param: ControllerIPs}
512 NodeIndex: {get_param: NodeIndex}
513 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
516 type: OS::TripleO::Controller::Ports::StoragePort
518 IPPool: {get_param: ControllerIPs}
519 NodeIndex: {get_param: NodeIndex}
520 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
523 type: OS::TripleO::Controller::Ports::StorageMgmtPort
525 IPPool: {get_param: ControllerIPs}
526 NodeIndex: {get_param: NodeIndex}
527 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
530 type: OS::TripleO::Controller::Ports::TenantPort
532 IPPool: {get_param: ControllerIPs}
533 NodeIndex: {get_param: NodeIndex}
534 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
537 type: OS::TripleO::Controller::Ports::ManagementPort
539 IPPool: {get_param: ControllerIPs}
540 NodeIndex: {get_param: NodeIndex}
541 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
544 type: OS::TripleO::Network::Ports::NetIpMap
546 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
547 ExternalIp: {get_attr: [ExternalPort, ip_address]}
548 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
549 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
550 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
551 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
552 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
553 StorageIp: {get_attr: [StoragePort, ip_address]}
554 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
555 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
556 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
557 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
558 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
559 TenantIp: {get_attr: [TenantPort, ip_address]}
560 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
561 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
562 ManagementIp: {get_attr: [ManagementPort, ip_address]}
563 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
564 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
567 type: OS::TripleO::Controller::Net::SoftwareConfig
569 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
570 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
571 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
572 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
573 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
574 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
575 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
578 type: OS::TripleO::SoftwareDeployment
580 name: NetworkDeployment
581 config: {get_resource: NetworkConfig}
582 server: {get_resource: Controller}
583 actions: {get_param: NetworkDeploymentActions}
586 interface_name: {get_param: NeutronPublicInterface}
588 # Resource for site-specific injection of root certificate
590 depends_on: NetworkDeployment
591 type: OS::TripleO::NodeTLSCAData
593 server: {get_resource: Controller}
595 # Resource for site-specific passing of private keys/certificates
597 depends_on: NodeTLSCAData
598 type: OS::TripleO::NodeTLSData
600 server: {get_resource: Controller}
601 NodeIndex: {get_param: NodeIndex}
604 ControllerDeployment:
605 type: OS::TripleO::SoftwareDeployment
606 depends_on: NetworkDeployment
608 name: ControllerDeployment
609 config: {get_resource: ControllerConfig}
610 server: {get_resource: Controller}
612 bootstack_nodeid: {get_attr: [Controller, name]}
613 ceilometer_workers: {get_param: CeilometerWorkers}
614 haproxy_log_address: {get_param: HAProxySyslogAddress}
615 haproxy_stats_password: {get_param: HAProxyStatsPassword}
616 haproxy_stats_user: {get_param: HAProxyStatsUser}
617 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
618 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
619 horizon_secret: {get_param: HorizonSecret}
620 admin_password: {get_param: AdminPassword}
621 debug: {get_param: Debug}
622 cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
623 cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
624 cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
625 cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
626 cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
627 cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
628 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
629 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
630 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
631 enable_fencing: {get_param: EnableFencing}
632 enable_galera: {get_param: EnableGalera}
633 enable_load_balancer: {get_param: EnableLoadBalancer}
634 enable_ceph_storage: {get_param: EnableCephStorage}
635 enable_swift_storage: {get_param: EnableSwiftStorage}
636 manage_firewall: {get_param: ManageFirewall}
637 purge_firewall_rules: {get_param: PurgeFirewallRules}
638 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
639 mysql_max_connections: {get_param: MysqlMaxConnections}
640 mysql_root_password: {get_param: MysqlRootPassword}
641 mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
644 template: tripleo-CLUSTER
646 CLUSTER: {get_param: MysqlClusterUniquePart}
647 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
648 neutron_password: {get_param: NeutronPassword}
649 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
650 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
651 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
652 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
653 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
654 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
655 ceilometer_backend: {get_param: CeilometerBackend}
656 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
657 ceilometer_password: {get_param: CeilometerPassword}
658 ceilometer_store_events: {get_param: CeilometerStoreEvents}
659 aodh_password: {get_param: AodhPassword}
660 aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
661 aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
662 aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
663 ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
664 gnocchi_password: {get_param: GnocchiPassword}
665 gnocchi_backend: {get_param: GnocchiBackend}
666 gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
667 ceilometer_coordination_url:
671 - {get_param: RedisPassword}
673 - {get_param: RedisVirtualIPUri}
678 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
680 - {get_param: CeilometerPassword}
682 - {get_param: [EndpointMap, MysqlInternal, host]}
687 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
689 - {get_param: GnocchiPassword}
691 - {get_param: [EndpointMap, MysqlInternal, host]}
696 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
698 - {get_param: AodhPassword}
700 - {get_param: [EndpointMap, MysqlInternal, host]}
702 gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
703 gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
704 gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
705 ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
706 ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
707 ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
708 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
709 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
710 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
711 nova_ipv6: {get_param: NovaIPv6}
712 corosync_ipv6: {get_param: CorosyncIPv6}
713 memcached_ipv6: {get_param: MemcachedIPv6}
714 nova_password: {get_param: NovaPassword}
718 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
720 - {get_param: NovaPassword}
722 - {get_param: [EndpointMap, MysqlInternal, host]}
727 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
729 - {get_param: NovaPassword}
731 - {get_param: [EndpointMap, MysqlInternal, host]}
733 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
734 instance_name_template: {get_param: InstanceNameTemplate}
735 nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
736 nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
737 nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
738 fencing_config: {get_param: FencingConfig}
739 pcsd_password: {get_param: PcsdPassword}
740 rabbit_username: {get_param: RabbitUserName}
741 rabbit_password: {get_param: RabbitPassword}
742 rabbit_cookie: {get_param: RabbitCookie}
743 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
744 rabbit_client_port: {get_param: RabbitClientPort}
745 timezone: {get_param: TimeZone}
746 control_virtual_interface: {get_param: ControlVirtualInterface}
747 public_virtual_interface: {get_param: PublicVirtualInterface}
748 swift_hash_suffix: {get_param: SwiftHashSuffix}
749 swift_part_power: {get_param: SwiftPartPower}
750 swift_ring_build: {get_param: SwiftRingBuild}
751 swift_replicas: {get_param: SwiftReplicas}
752 swift_min_part_hours: {get_param: SwiftMinPartHours}
753 swift_mount_check: {get_param: SwiftMountCheck}
754 enable_package_install: {get_param: EnablePackageInstall}
755 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
756 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
757 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
758 cinder_iscsi_network:
762 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
763 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
764 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
765 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
766 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
767 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
768 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
769 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
770 keystone_region: {get_param: KeystoneRegion}
771 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
772 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
773 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
774 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
775 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
776 gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
777 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
778 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
779 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
782 template: "['SUBNET']"
784 SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
785 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
786 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
787 redis_vip: {get_param: RedisVirtualIP}
788 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
789 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
790 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
791 mysql_virtual_ip: {get_param: MysqlVirtualIP}
792 ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
793 ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
794 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
796 # Map heat metadata into hiera datafiles
798 type: OS::Heat::StructuredConfig
800 group: os-apply-config
805 - heat_config_%{::deploy_config_name}
806 - controller_extraconfig
812 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
813 - ceph_cluster # provided by CephClusterConfig
815 - bootstrap_node # provided by BootstrapNodeConfig
816 - all_nodes # provided by allNodesConfig
817 - vip_data # provided by vip-config
821 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
822 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
823 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
824 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
825 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
826 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
827 - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
828 - midonet_data #Optionally provided by AllNodesExtraConfig
829 - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
830 merge_behavior: deeper
833 mapped_data: {get_param: ServiceConfigSettings}
834 controller_extraconfig:
837 - {get_param: controllerExtraConfig}
838 - {get_param: ControllerExtraConfig}
840 mapped_data: {get_param: ExtraConfig}
842 raw_data: {get_file: hieradata/common.yaml}
845 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
846 net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
847 net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
849 raw_data: {get_file: hieradata/ceph.yaml}
851 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
852 ceph::profile::params::public_network: {get_input: ceph_public_network}
853 ceph::profile::params::public_addr: {get_input: ceph_public_ip}
855 raw_data: {get_file: hieradata/database.yaml}
857 raw_data: {get_file: hieradata/object.yaml}
859 raw_data: {get_file: hieradata/controller.yaml}
860 mapped_data: # data supplied directly to this deployment configuration, etc
861 bootstack_nodeid: {get_input: bootstack_nodeid}
864 enable_fencing: {get_input: enable_fencing}
865 enable_load_balancer: {get_input: enable_load_balancer}
866 hacluster_pwd: {get_input: pcsd_password}
867 corosync_ipv6: {get_input: corosync_ipv6}
868 tripleo::fencing::config: {get_input: fencing_config}
871 # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
872 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
873 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
874 swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
875 tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
876 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
877 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
878 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
879 swift_mount_check: {get_input: swift_mount_check}
882 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
883 cinder::api::bind_host: {get_input: cinder_api_network}
884 cinder::keystone::auth::public_url: {get_input: cinder_public_url }
885 cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
886 cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
887 cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
888 cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
889 cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
890 cinder::keystone::auth::password: {get_input: cinder_password }
891 cinder::keystone::auth::region: {get_input: keystone_region}
894 glance::api::bind_host: {get_input: glance_api_network}
895 glance::registry::bind_host: {get_input: glance_registry_network}
896 glance::keystone::auth::region: {get_input: keystone_region}
899 heat::api::bind_host: {get_input: heat_api_network}
900 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
901 heat::api_cfn::bind_host: {get_input: heat_api_network}
902 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
905 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
906 keystone::public_bind_host: {get_input: keystone_public_api_network}
907 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
908 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
911 mongodb::server::bind_ip: {get_input: mongo_db_network}
914 admin_password: {get_input: admin_password}
915 enable_galera: {get_input: enable_galera}
916 enable_ceph_storage: {get_input: enable_ceph_storage}
917 enable_swift_storage: {get_input: enable_swift_storage}
918 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
919 mysql_max_connections: {get_input: mysql_max_connections}
920 mysql::server::root_password: {get_input: mysql_root_password}
921 mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
922 mysql_cluster_name: {get_input: mysql_cluster_name}
923 mysql_bind_host: {get_input: mysql_network}
924 mysql_virtual_ip: {get_input: mysql_virtual_ip}
927 neutron::bind_host: {get_input: neutron_api_network}
928 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
929 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
930 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
931 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
932 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
933 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
934 neutron::keystone::auth::password: {get_input: neutron_password }
935 neutron::keystone::auth::region: {get_input: keystone_region}
938 ceilometer_backend: {get_input: ceilometer_backend}
939 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
940 ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
941 ceilometer::rabbit_userid: {get_input: rabbit_username}
942 ceilometer::rabbit_password: {get_input: rabbit_password}
943 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
944 ceilometer::rabbit_port: {get_input: rabbit_client_port}
945 ceilometer::debug: {get_input: debug}
946 ceilometer::api::host: {get_input: ceilometer_api_network}
947 ceilometer::api::keystone_password: {get_input: ceilometer_password}
948 ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
949 ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
950 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
951 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
952 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
953 ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
954 ceilometer::db::mysql::password: {get_input: ceilometer_password}
955 ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
956 ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
957 ceilometer::dispatcher::gnocchi::filter_project: 'service'
958 ceilometer::dispatcher::gnocchi::archive_policy: 'low'
959 ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
960 ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
961 ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
962 ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
963 ceilometer::keystone::auth::password: {get_input: ceilometer_password }
964 ceilometer::keystone::auth::region: {get_input: keystone_region}
965 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
966 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
969 aodh_mysql_conn_string: {get_input: aodh_dsn}
970 aodh::rabbit_userid: {get_input: rabbit_username}
971 aodh::rabbit_password: {get_input: rabbit_password}
972 aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
973 aodh::rabbit_port: {get_input: rabbit_client_port}
974 aodh::debug: {get_input: debug}
975 aodh::wsgi::apache::ssl: false
976 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
977 aodh::api::service_name: 'httpd'
978 aodh::api::host: {get_input: aodh_api_network}
979 aodh::api::keystone_password: {get_input: aodh_password}
980 aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
981 aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
982 aodh::auth::auth_url: {get_input: keystone_auth_uri}
983 aodh::auth::auth_password: {get_input: aodh_password}
984 aodh::db::mysql::password: {get_input: aodh_password}
985 # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
986 aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
987 aodh::keystone::auth::public_url: {get_input: aodh_public_url }
988 aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
989 aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
990 aodh::keystone::auth::password: {get_input: aodh_password }
991 aodh::keystone::auth::region: {get_input: keystone_region}
994 gnocchi_backend: {get_input: gnocchi_backend}
995 gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
996 gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
997 gnocchi::debug: {get_input: debug}
998 gnocchi::wsgi::apache::ssl: false
999 gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
1000 gnocchi::api::service_name: 'httpd'
1001 gnocchi::api::host: {get_input: gnocchi_api_network}
1002 gnocchi::api::keystone_password: {get_input: gnocchi_password}
1003 gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1004 gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1005 gnocchi::db::mysql::password: {get_input: gnocchi_password}
1006 gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
1007 gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
1008 gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
1009 gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
1010 gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
1011 gnocchi::keystone::auth::password: {get_input: gnocchi_password }
1012 gnocchi::keystone::auth::region: {get_input: keystone_region}
1015 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
1016 nova::use_ipv6: {get_input: nova_ipv6}
1017 nova::api::auth_uri: {get_input: keystone_auth_uri}
1018 nova::api::identity_uri: {get_input: keystone_identity_uri}
1019 nova::api::api_bind_address: {get_input: nova_api_network}
1020 nova::api::metadata_listen: {get_input: nova_metadata_network}
1021 nova::api::admin_password: {get_input: nova_password}
1022 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
1023 nova::database_connection: {get_input: nova_dsn}
1024 nova::api_database_connection: {get_input: nova_api_dsn}
1025 nova::glance_api_servers: {get_input: glance_api_servers}
1026 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1027 nova::api::instance_name_template: {get_input: instance_name_template}
1028 nova::network::neutron::neutron_password: {get_input: neutron_password}
1029 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
1030 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
1031 nova::vncproxy::host: {get_input: nova_api_network}
1032 nova::db::mysql::password: {get_input: nova_password}
1033 nova::db::mysql_api::password: {get_input: nova_password}
1034 nova_enable_db_purge: {get_input: nova_enable_db_purge}
1035 nova::keystone::auth::public_url: {get_input: nova_public_url}
1036 nova::keystone::auth::internal_url: {get_input: nova_internal_url}
1037 nova::keystone::auth::admin_url: {get_input: nova_admin_url}
1038 nova::keystone::auth::password: {get_input: nova_password }
1039 nova::keystone::auth::region: {get_input: keystone_region}
1042 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
1043 apache::ip: {get_input: horizon_network}
1044 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1045 horizon::django_debug: {get_input: debug}
1046 horizon::secret_key: {get_input: horizon_secret}
1047 horizon::bind_address: {get_input: horizon_network}
1048 horizon::keystone_url: {get_input: keystone_auth_uri}
1051 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1052 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1054 redis::bind: {get_input: redis_network}
1055 redis_vip: {get_input: redis_vip}
1057 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
1058 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
1060 memcached_ipv6: {get_input: memcached_ipv6}
1061 memcached::listen_ip: {get_input: memcached_network}
1062 timezone::timezone: {get_input: timezone}
1063 control_virtual_interface: {get_input: control_virtual_interface}
1064 public_virtual_interface: {get_input: public_virtual_interface}
1065 tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
1066 tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
1067 tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
1068 tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
1069 tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
1070 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1071 tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
1072 tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
1073 tripleo::haproxy::redis_password: {get_input: redis_password}
1074 tripleo::packages::enable_install: {get_input: enable_package_install}
1075 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1077 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1078 ControllerExtraConfigPre:
1079 depends_on: ControllerDeployment
1080 type: OS::TripleO::ControllerExtraConfigPre
1082 server: {get_resource: Controller}
1084 # Hook for site-specific additional pre-deployment config,
1085 # applying to all nodes, e.g node registration/unregistration
1087 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1088 type: OS::TripleO::NodeExtraConfig
1090 server: {get_resource: Controller}
1093 type: OS::TripleO::Tasks::PackageUpdate
1096 type: OS::Heat::SoftwareDeployment
1098 name: UpdateDeployment
1099 config: {get_resource: UpdateConfig}
1100 server: {get_resource: Controller}
1103 get_param: UpdateIdentifier
1107 description: IP address of the server in the ctlplane network
1108 value: {get_attr: [Controller, networks, ctlplane, 0]}
1109 external_ip_address:
1110 description: IP address of the server in the external network
1111 value: {get_attr: [ExternalPort, ip_address]}
1112 internal_api_ip_address:
1113 description: IP address of the server in the internal_api network
1114 value: {get_attr: [InternalApiPort, ip_address]}
1116 description: IP address of the server in the storage network
1117 value: {get_attr: [StoragePort, ip_address]}
1118 storage_mgmt_ip_address:
1119 description: IP address of the server in the storage_mgmt network
1120 value: {get_attr: [StorageMgmtPort, ip_address]}
1122 description: IP address of the server in the tenant network
1123 value: {get_attr: [TenantPort, ip_address]}
1124 management_ip_address:
1125 description: IP address of the server in the management network
1126 value: {get_attr: [ManagementPort, ip_address]}
1128 description: Hostname of the server
1129 value: {get_attr: [Controller, name]}
1132 Server's IP address and hostname in the /etc/hosts format
1136 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1137 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
1138 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
1139 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
1140 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
1141 TENANTIP TENANTHOST.DOMAIN TENANTHOST
1142 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
1144 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1145 DOMAIN: {get_param: CloudDomain}
1146 PRIMARYHOST: {get_attr: [Controller, name]}
1147 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1151 - - {get_attr: [Controller, name]}
1153 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1157 - - {get_attr: [Controller, name]}
1159 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1163 - - {get_attr: [Controller, name]}
1165 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1169 - - {get_attr: [Controller, name]}
1171 TENANTIP: {get_attr: [TenantPort, ip_address]}
1175 - - {get_attr: [Controller, name]}
1177 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1181 - - {get_attr: [Controller, name]}
1183 nova_server_resource:
1184 description: Heat resource handle for the Nova compute server
1186 {get_resource: Controller}
1188 description: Swift device formatted for swift-ring-builder
1191 template: 'r1z1-IP:%PORT%/d1'
1193 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1194 swift_proxy_memcache:
1195 description: Swift proxy-memcache value
1198 template: "IP:11211"
1200 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1202 description: identifier which changes if the controller configuration may need re-applying
1206 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1207 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1208 - {get_attr: [NodeTLSData, deploy_stdout]}
1209 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1210 - {get_param: UpdateIdentifier}
1211 tls_key_modulus_md5:
1212 description: MD5 checksum of the TLS Key Modulus
1213 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1214 tls_cert_modulus_md5:
1215 description: MD5 checksum of the TLS Certificate Modulus
1216 value: {get_attr: [NodeTLSData, cert_modulus_md5]}