1 heat_template_version: 2015-10-15
4 OpenStack controller node configured by Puppet.
8 default: 'admin@example.com'
9 description: The email for the keystone admin account.
13 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
17 description: The keystone auth secret and db password.
20 CeilometerApiVirtualIP:
25 description: The ceilometer backend type.
27 CeilometerMeteringSecret:
28 description: Secret shared by the ceilometer services.
32 description: The password for the ceilometer service and db account.
40 description: Number of workers for Ceilometer service.
45 Whether to create cron job for purging soft deleted rows in Cinder database.
47 CinderEnableNfsBackend:
49 description: Whether to enable or not the NFS backend for Cinder
51 CinderEnableIscsiBackend:
53 description: Whether to enable or not the Iscsi backend for Cinder
55 CinderEnableRbdBackend:
57 description: Whether to enable or not the Rbd backend for Cinder
61 description: The iSCSI helper to use with cinder.
63 CinderLVMLoopDeviceSize:
65 description: The size of the loopback file used by the cinder LVM driver.
67 CinderNfsMountOptions:
70 Mount options for NFS mounts used by Cinder NFS backend. Effective
71 when CinderEnableNfsBackend is true.
76 NFS servers used by Cinder NFS backend. Effective when
77 CinderEnableNfsBackend is true.
78 type: comma_delimited_list
80 description: The password for the cinder service and db account, used by cinder-api.
85 description: Contains parameters to configure Cinder backends. Typically
86 set via parameter_defaults in the resource registry.
90 description: Number of workers for Cinder service.
92 ControllerExtraConfig:
95 Controller specific hiera configuration data to inject into the cluster.
100 A network mapped list of IPs to assign to Controllers in the following form:
102 "internal_api": ["a.b.c.d", "e.f.g.h"],
106 ControlVirtualInterface:
108 description: Interface where virtual ip will be assigned.
112 description: Set to True to enable debugging on all services.
116 description: Whether to enable fencing in Pacemaker or not.
120 description: Whether to use Galera instead of regular MariaDB.
124 description: Whether to deploy a LoadBalancer on the Controller
128 description: Whether to deploy Ceph Storage (OSD) on the Controller
132 description: Whether to enable Swift Storage on the Controller
137 Additional hieradata to inject into the cluster, note that
138 ControllerExtraConfig takes precedence over ExtraConfig.
143 Pacemaker fencing configuration. The JSON should have
144 the following structure:
148 "agent": "AGENT_NAME",
149 "host_mac": "HOST_MAC_ADDRESS",
150 "params": {"PARAM_NAME": "PARAM_VALUE"}
158 "agent": "fence_xvm",
159 "host_mac": "52:54:00:aa:bb:cc",
161 "multicast_address": "225.0.0.12",
162 "port": "baremetal_0",
164 "manage_key_file": true,
165 "key_file": "/etc/fence_xvm.key",
166 "key_file_password": "abcdef"
173 description: Flavor for control nodes to request when deploying.
176 - custom_constraint: nova.flavor
177 GlanceNotifierStrategy:
178 description: Strategy to use for Glance notification queue
182 description: The filepath of the file to use for logging messages from Glance.
186 description: The password for the glance service and db account, used by the glance services.
191 description: The short name of the Glance backend to use. Should be one
192 of swift, rbd, or file
195 - allowed_values: ['swift', 'file', 'rbd']
196 GlanceFilePcmkDevice:
199 An exported storage device that should be mounted by Pacemaker
200 as Glance storage. Effective when GlanceFilePcmkManage is true.
202 GlanceFilePcmkFstype:
205 Filesystem type for Pacemaker mount used as Glance storage.
206 Effective when GlanceFilePcmkManage is true.
208 GlanceFilePcmkManage:
211 Whether to make Glance file backend a mount managed by Pacemaker.
212 Effective when GlanceBackend is 'file'.
214 GlanceFilePcmkOptions:
217 Mount options for Pacemaker mount used as Glance storage.
218 Effective when GlanceFilePcmkManage is true.
220 HAProxySyslogAddress:
222 description: Syslog address where HAproxy will send its log
226 description: Number of workers for Glance service.
229 description: The password for the Heat service and db account, used by the Heat services.
232 HeatStackDomainAdminPassword:
233 description: Password for heat_domain_admin user.
236 HeatAuthEncryptionKey:
237 description: Auth encryption key for heat-engine
242 description: A list of IP/Hostname allowed to connect to horizon
243 type: comma_delimited_list
246 description: Number of workers for Heat service.
252 Whether to create cron job for purging soft deleted rows in the Heat database.
254 description: Secret key for Django
259 default: overcloud-control
261 - custom_constraint: glance.image
263 default: 'REBUILD_PRESERVE_EPHEMERAL'
264 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
266 InstanceNameTemplate:
267 default: 'instance-%08x'
268 description: Template string to be used to generate instance names
272 description: Name of an existing Nova key pair to enable SSH access to the instances
275 - custom_constraint: nova.keypair
276 KeystoneCACertificate:
278 description: Keystone self-signed certificate authority certificate.
280 KeystoneEnableDBPurge:
283 Whether to create cron job for purging soft deleted rows in Keystone database.
285 KeystoneSigningCertificate:
287 description: Keystone certificate for verifying token validity.
291 description: Keystone key for signing tokens.
294 KeystoneSSLCertificate:
296 description: Keystone certificate for verifying token validity.
298 KeystoneSSLCertificateKey:
300 description: Keystone key for signing tokens.
303 KeystoneNotificationDriver:
304 description: Comma-separated list of Oslo notification drivers used by Keystone
305 default: ['messaging']
306 type: comma_delimited_list
307 KeystoneNotificationFormat:
308 description: The Keystone notification format
312 - allowed_values: [ 'basic', 'cadf' ]
316 description: Keystone region for endpoint
319 description: Whether to manage IPtables rules.
323 description: Whether IPtables rules should be purged before setting up the new ones.
327 description: Number of workers for Keystone service.
334 description: The password for the sahara service account, used by sahara-api.
337 MysqlClusterUniquePart:
338 description: A unique identifier of the MySQL cluster the controller is in.
340 default: 'unset' # Has to be here because of the ignored empty value bug
341 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
343 # - length: {min: 4, max: 10}
344 MysqlInnodbBufferPoolSize:
346 Specifies the size of the buffer pool in megabytes. Setting to
347 zero should be interpreted as "no value" and will defer to the
352 description: Configures MySQL max_connections config setting
358 default: '' # Has to be here because of the ignored empty value bug
359 NeutronExternalNetworkBridge:
360 description: Name of bridge used for external network traffic.
363 NeutronBridgeMappings:
365 The OVS logical->physical bridge mappings to use. See the Neutron
366 documentation for details. Defaults to mapping br-ex - the external
367 bridge on hosts - to a physical name 'datacentre' which can be used
368 to create provider networks (and we use this for the default floating
369 network) - if changing this either use different post-install network
370 scripts or be sure to keep 'datacentre' as a mapping network name.
371 type: comma_delimited_list
372 default: "datacentre:br-ex"
373 NeutronDnsmasqOptions:
374 default: 'dhcp-option-force=26,1400'
375 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
377 NeutronEnableDHCPAgent:
378 description: Knob to enable/disable DHCP Agent
381 NeutronEnableL3Agent:
382 description: Knob to enable/disable L3 agent
385 NeutronEnableMetadataAgent:
386 description: Knob to enable/disable Metadata agent
389 NeutronEnableOVSAgent:
390 description: Knob to enable/disable OVS Agent
395 description: Agent mode for the neutron-l3-agent on the controller hosts
399 description: Whether to enable l3-agent HA
401 NeutronDhcpAgentsPerNetwork:
404 description: The number of neutron dhcp agents to schedule per network
407 description: Whether to configure Neutron Distributed Virtual Routers
409 NeutronMetadataProxySharedSecret:
410 description: Shared secret to prevent spoofing
416 The core plugin for Neutron. The value should be the entrypoint to be loaded
417 from neutron.core_plugins namespace.
419 NeutronServicePlugins:
420 default: "router,qos"
422 Comma-separated list of service plugin entrypoints to be loaded from the
423 neutron.service_plugins namespace.
424 type: comma_delimited_list
426 default: "vxlan,vlan,flat,gre"
428 Comma-separated list of network type driver entrypoints to be loaded.
429 type: comma_delimited_list
430 NeutronMechanismDrivers:
431 default: 'openvswitch'
433 The mechanism drivers for the Neutron tenant network.
434 type: comma_delimited_list
435 NeutronAllowL3AgentFailover:
437 description: Allow automatic l3-agent failover
439 NeutronEnableIsolatedMetadata:
441 description: If True, DHCP provide metadata route to VM.
443 NeutronEnableTunnelling:
449 Enable/disable the L2 population feature in the Neutron agents.
452 type: comma_delimited_list
453 default: 'datacentre'
454 description: If set, flat networks to configure in neutron plugins.
457 description: Whether to enable l3-agent HA
461 description: The tenant network type for Neutron.
462 type: comma_delimited_list
463 NeutronNetworkVLANRanges:
464 default: 'datacentre:1:1000'
466 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
467 Neutron documentation for permitted values. Defaults to permitting any
468 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
469 type: comma_delimited_list
471 description: The password for the neutron service and db account, used by neutron agents.
474 NeutronPublicInterface:
476 description: What interface to bridge onto br-ex for network nodes.
478 NeutronPublicInterfaceTag:
481 VLAN tag for creating a public VLAN. The tag will be used to
482 create an access port on the exterior bridge for each control plane node,
483 and that port will be given the IP address returned by neutron from the
484 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
485 overcloud.yaml to include the deployment of VLAN ports to the control
488 NeutronPublicInterfaceDefaultRoute:
490 description: A custom default route for the NeutronPublicInterface.
492 NeutronPublicInterfaceIP:
494 description: A custom IP address to put onto the NeutronPublicInterface.
496 NeutronPublicInterfaceRawDevice:
498 description: If set, the public interface is a vlan with this device as the raw device.
502 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
503 be at least 50 bytes smaller than the MTU on the physical network. This
504 value will be used to set the MTU on the virtual Ethernet device.
505 This number is related to the value of NeutronDnsmasqOptions, since that
506 will determine the MTU that is assigned to the VM host through DHCP.
512 The tunnel types for the Neutron tenant network.
513 type: comma_delimited_list
514 NeutronTunnelIdRanges:
516 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
517 of GRE tunnel IDs that are available for tenant network allocation
518 default: ["1:4094", ]
519 type: comma_delimited_list
522 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
523 of VXLAN VNI IDs that are available for tenant network allocation
524 default: ["1:4094", ]
525 type: comma_delimited_list
526 NeutronPluginExtensions:
527 default: "qos,port_security"
529 Comma-separated list of extensions enabled for the Neutron plugin.
530 type: comma_delimited_list
531 NeutronAgentExtensions:
534 Comma-separated list of extensions enabled for the Neutron agents.
535 type: comma_delimited_list
541 description: Number of workers for Neutron service.
546 Whether to create cron job for purging soft deleted rows in Nova database.
550 description: Enable IPv6 features in Nova
553 description: The password for the nova service and db account, used by nova-api.
558 description: Number of workers for Nova service.
562 description: Should MongoDb journaling be disabled
566 description: Enable IPv6 if Mongo DB VIP is IPv6
570 description: Comma-separated list of ntp servers
571 type: comma_delimited_list
574 description: The password for the 'pcsd' user.
576 PublicVirtualInterface:
579 Specifies the interface where the public-facing virtual ip will be assigned.
580 This should be int_public when a VLAN is being used.
584 default: '' # Has to be here because of the ignored empty value bug
587 default: '' # Has to be here because of the ignored empty value bug
591 description: The password for RabbitMQ
596 description: The username for RabbitMQ
601 Rabbit client subscriber parameter to specify
602 an SSL connection to the RabbitMQ host.
606 description: Set rabbit subscriber port, change this if using SSL
610 description: Configures RabbitMQ FD limit
614 default: '' # Has to be here because of the ignored empty value bug
617 default: '' # Has to be here because of the ignored empty value bug
618 description: An IP address which is wrapped in brackets in case of IPv6
619 SnmpdReadonlyUserName:
620 default: ro_snmp_user
621 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
623 SnmpdReadonlyUserPassword:
624 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
628 description: A random string to be used as a salt when hashing to determine mappings
634 description: Value of mount_check in Swift account/container/object -server.conf
639 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
642 description: Partition Power to use when building Swift rings
645 description: The password for the swift service account, used by the swift proxy
655 description: How many replicas to use in the swift rings.
658 description: Number of workers for Swift service.
662 description: The timezone to be set on controller nodes.
664 UpgradeLevelNovaCompute:
666 description: Nova Compute upgrade level
668 VirtualIP: # DEPRECATED: use per service settings instead
670 default: '' # Has to be here because of the ignored empty value bug
680 GlanceRegistryVirtualIP:
689 KeystoneAdminApiVirtualIP:
692 KeystonePublicApiVirtualIP:
698 EnablePackageInstall:
700 description: Set to true to enable package installation via Puppet
704 description: Mapping of service_name -> network name. Typically set
705 via parameter_defaults in the resource registry.
709 description: Mapping of service endpoint -> protocol. Typically set
710 via parameter_defaults in the resource registry.
716 Setting to a previously unused value during stack-update will trigger
717 package update on all nodes
720 default: '' # Defaults to Heat created hostname
724 description: Optional mapping to override hostnames
725 NetworkDeploymentActions:
726 type: comma_delimited_list
728 Heat action when to apply network configuration changes
733 SoftwareConfigTransport:
734 default: POLL_SERVER_CFN
736 How the server should receive the metadata required for software configuration.
739 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
744 The DNS domain used for the hosts. This should match the dhcp_domain
745 configured in the Undercloud neutron. Defaults to localdomain.
749 Extra properties or metadata passed to Nova for the created nodes in
750 the overcloud. It's accessible via the Nova metadata API.
754 description: Optional scheduler hints to pass to nova
760 type: OS::Nova::Server
762 image: {get_param: Image}
763 image_update_policy: {get_param: ImageUpdatePolicy}
764 flavor: {get_param: Flavor}
765 key_name: {get_param: KeyName}
768 user_data_format: SOFTWARE_CONFIG
769 user_data: {get_resource: UserData}
772 template: {get_param: Hostname}
773 params: {get_param: HostnameMap}
774 software_config_transport: {get_param: SoftwareConfigTransport}
775 metadata: {get_param: ServerMetadata}
776 scheduler_hints: {get_param: SchedulerHints}
778 # Combine the NodeAdminUserData and NodeUserData mime archives
780 type: OS::Heat::MultipartMime
783 - config: {get_resource: NodeAdminUserData}
785 - config: {get_resource: NodeUserData}
788 # Creates the "heat-admin" user if configured via the environment
789 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
791 type: OS::TripleO::NodeAdminUserData
793 # For optional operator additional userdata
794 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
796 type: OS::TripleO::NodeUserData
799 type: OS::TripleO::Controller::Ports::ExternalPort
801 IPPool: {get_param: ControllerIPs}
802 NodeIndex: {get_param: NodeIndex}
803 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
806 type: OS::TripleO::Controller::Ports::InternalApiPort
808 IPPool: {get_param: ControllerIPs}
809 NodeIndex: {get_param: NodeIndex}
810 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
813 type: OS::TripleO::Controller::Ports::StoragePort
815 IPPool: {get_param: ControllerIPs}
816 NodeIndex: {get_param: NodeIndex}
817 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
820 type: OS::TripleO::Controller::Ports::StorageMgmtPort
822 IPPool: {get_param: ControllerIPs}
823 NodeIndex: {get_param: NodeIndex}
824 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
827 type: OS::TripleO::Controller::Ports::TenantPort
829 IPPool: {get_param: ControllerIPs}
830 NodeIndex: {get_param: NodeIndex}
831 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
834 type: OS::TripleO::Controller::Ports::ManagementPort
836 IPPool: {get_param: ControllerIPs}
837 NodeIndex: {get_param: NodeIndex}
838 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
841 type: OS::TripleO::Network::Ports::NetIpMap
843 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
844 ExternalIp: {get_attr: [ExternalPort, ip_address]}
845 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
846 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
847 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
848 StorageIp: {get_attr: [StoragePort, ip_address]}
849 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
850 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
851 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
852 TenantIp: {get_attr: [TenantPort, ip_address]}
853 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
854 ManagementIp: {get_attr: [ManagementPort, ip_address]}
855 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
858 type: OS::TripleO::Network::Ports::NetIpSubnetMap
860 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
861 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
862 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
863 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
864 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
865 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
866 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
869 type: OS::TripleO::Controller::Net::SoftwareConfig
871 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
872 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
873 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
874 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
875 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
876 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
877 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
880 type: OS::TripleO::SoftwareDeployment
882 name: NetworkDeployment
883 config: {get_resource: NetworkConfig}
884 server: {get_resource: Controller}
885 actions: {get_param: NetworkDeploymentActions}
888 interface_name: {get_param: NeutronPublicInterface}
890 # Resource for site-specific injection of root certificate
892 depends_on: NetworkDeployment
893 type: OS::TripleO::NodeTLSCAData
895 server: {get_resource: Controller}
897 # Resource for site-specific passing of private keys/certificates
899 depends_on: NodeTLSCAData
900 type: OS::TripleO::NodeTLSData
902 server: {get_resource: Controller}
903 NodeIndex: {get_param: NodeIndex}
906 ControllerDeployment:
907 type: OS::TripleO::SoftwareDeployment
908 depends_on: NetworkDeployment
910 name: ControllerDeployment
911 config: {get_resource: ControllerConfig}
912 server: {get_resource: Controller}
914 bootstack_nodeid: {get_attr: [Controller, name]}
915 ceilometer_workers: {get_param: CeilometerWorkers}
916 cinder_workers: {get_param: CinderWorkers}
917 glance_workers: {get_param: GlanceWorkers}
918 heat_workers: {get_param: HeatWorkers}
919 keystone_workers: {get_param: KeystoneWorkers}
920 nova_workers: {get_param: NovaWorkers}
921 neutron_workers: {get_param: NeutronWorkers}
922 swift_workers: {get_param: SwiftWorkers}
923 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
924 neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
925 neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
926 haproxy_log_address: {get_param: HAProxySyslogAddress}
927 heat.watch_server_url:
931 - {get_param: HeatApiVirtualIPUri}
933 heat.metadata_server_url:
937 - {get_param: HeatApiVirtualIPUri}
939 heat.waitcondition_server_url:
943 - {get_param: HeatApiVirtualIPUri}
944 - ':8000/v1/waitcondition'
945 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
946 heat_enable_db_purge: {get_param: HeatEnableDBPurge}
947 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
948 horizon_secret: {get_param: HorizonSecret}
949 admin_email: {get_param: AdminEmail}
950 admin_password: {get_param: AdminPassword}
951 admin_token: {get_param: AdminToken}
952 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
953 debug: {get_param: Debug}
954 cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
955 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
956 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
957 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
962 SERVERS: {get_param: CinderNfsServers}
963 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
964 cinder_password: {get_param: CinderPassword}
965 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
966 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
967 cinder_backend_config: {get_param: CinderBackendConfig}
971 - - 'mysql+pymysql://cinder:'
972 - {get_param: CinderPassword}
974 - {get_param: MysqlVirtualIPUri}
976 glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
977 glance_password: {get_param: GlancePassword}
978 glance_backend: {get_param: GlanceBackend}
979 glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
980 glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
981 glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
982 glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
983 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
984 glance_log_file: {get_param: GlanceLogFile}
988 - - 'mysql+pymysql://glance:'
989 - {get_param: GlancePassword}
991 - {get_param: MysqlVirtualIPUri}
993 heat_password: {get_param: HeatPassword}
994 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
998 - - 'mysql+pymysql://heat:'
999 - {get_param: HeatPassword}
1001 - {get_param: MysqlVirtualIPUri}
1003 keystone_ca_certificate: {get_param: KeystoneCACertificate}
1004 keystone_signing_key: {get_param: KeystoneSigningKey}
1005 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
1006 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
1007 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
1008 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
1009 keystone_notification_format: {get_param: KeystoneNotificationFormat}
1010 keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
1014 - - 'mysql+pymysql://keystone:'
1015 - {get_param: AdminToken}
1017 - {get_param: MysqlVirtualIPUri}
1019 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
1020 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
1021 keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
1022 keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
1023 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
1024 enable_fencing: {get_param: EnableFencing}
1025 enable_galera: {get_param: EnableGalera}
1026 enable_load_balancer: {get_param: EnableLoadBalancer}
1027 enable_ceph_storage: {get_param: EnableCephStorage}
1028 enable_swift_storage: {get_param: EnableSwiftStorage}
1029 manage_firewall: {get_param: ManageFirewall}
1030 purge_firewall_rules: {get_param: PurgeFirewallRules}
1031 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
1032 mysql_max_connections: {get_param: MysqlMaxConnections}
1033 mysql_root_password: {get_param: MysqlRootPassword}
1036 template: tripleo-CLUSTER
1038 CLUSTER: {get_param: MysqlClusterUniquePart}
1039 neutron_flat_networks:
1043 NETWORKS: {get_param: NeutronFlatNetworks}
1044 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
1045 neutron_agent_mode: {get_param: NeutronAgentMode}
1046 neutron_router_distributed: {get_param: NeutronDVR}
1047 neutron_core_plugin: {get_param: NeutronCorePlugin}
1048 neutron_service_plugins:
1052 PLUGINS: {get_param: NeutronServicePlugins}
1053 neutron_type_drivers:
1057 DRIVERS: {get_param: NeutronTypeDrivers}
1058 neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent}
1059 neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent}
1060 neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent}
1061 neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent}
1062 neutron_mechanism_drivers:
1064 template: MECHANISMS
1066 MECHANISMS: {get_param: NeutronMechanismDrivers}
1067 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
1068 neutron_l3_ha: {get_param: NeutronL3HA}
1069 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
1070 neutron_network_vlan_ranges:
1074 RANGES: {get_param: NeutronNetworkVLANRanges}
1075 neutron_bridge_mappings:
1079 MAPPINGS: {get_param: NeutronBridgeMappings}
1080 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
1081 neutron_public_interface: {get_param: NeutronPublicInterface}
1082 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
1083 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
1084 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
1085 neutron_tunnel_id_ranges:
1089 RANGES: {get_param: NeutronTunnelIdRanges}
1094 RANGES: {get_param: NeutronVniRanges}
1095 neutron_tenant_network_types:
1099 TYPES: {get_param: NeutronNetworkType}
1100 neutron_tunnel_types:
1104 TYPES: {get_param: NeutronTunnelTypes}
1105 neutron_plugin_extensions:
1107 template: PLUGIN_EXTENSIONS
1109 PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions}
1110 neutron_agent_extensions:
1112 template: AGENT_EXTENSIONS
1114 AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
1115 neutron_password: {get_param: NeutronPassword}
1116 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
1117 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
1121 - - 'mysql+pymysql://neutron:'
1122 - {get_param: NeutronPassword}
1124 - {get_param: MysqlVirtualIPUri}
1125 - '/ovs_neutron?charset=utf8'
1126 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
1127 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
1128 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
1129 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
1130 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
1131 ceilometer_backend: {get_param: CeilometerBackend}
1132 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
1133 ceilometer_password: {get_param: CeilometerPassword}
1134 ceilometer_coordination_url:
1138 - {get_param: RedisVirtualIPUri}
1143 - - 'mysql+pymysql://ceilometer:'
1144 - {get_param: CeilometerPassword}
1146 - {get_param: MysqlVirtualIPUri}
1148 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
1149 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
1150 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
1151 nova_ipv6: {get_param: NovaIPv6}
1152 nova_password: {get_param: NovaPassword}
1156 - - 'mysql+pymysql://nova:'
1157 - {get_param: NovaPassword}
1159 - {get_param: MysqlVirtualIPUri}
1164 - - 'mysql+pymysql://nova_api:'
1165 - {get_param: NovaPassword}
1167 - {get_param: MysqlVirtualIPUri}
1169 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
1170 instance_name_template: {get_param: InstanceNameTemplate}
1171 fencing_config: {get_param: FencingConfig}
1172 pcsd_password: {get_param: PcsdPassword}
1173 rabbit_username: {get_param: RabbitUserName}
1174 rabbit_password: {get_param: RabbitPassword}
1175 rabbit_cookie: {get_param: RabbitCookie}
1176 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
1177 rabbit_client_port: {get_param: RabbitClientPort}
1178 mongodb_no_journal: {get_param: MongoDbNoJournal}
1179 mongodb_ipv6: {get_param: MongoDbIPv6}
1180 # We need to force this into quotes or hiera will return integer causing
1181 # the puppet module validation regexp to fail.
1182 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
1187 LIMIT: {get_param: RabbitFDLimit}
1188 ntp_servers: {get_param: NtpServer}
1189 timezone: {get_param: TimeZone}
1190 control_virtual_interface: {get_param: ControlVirtualInterface}
1191 public_virtual_interface: {get_param: PublicVirtualInterface}
1192 swift_hash_suffix: {get_param: SwiftHashSuffix}
1193 swift_password: {get_param: SwiftPassword}
1194 swift_part_power: {get_param: SwiftPartPower}
1195 swift_replicas: {get_param: SwiftReplicas}
1196 swift_min_part_hours: {get_param: SwiftMinPartHours}
1197 swift_mount_check: {get_param: SwiftMountCheck}
1198 enable_package_install: {get_param: EnablePackageInstall}
1199 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
1200 sahara_password: {get_param: SaharaPassword}
1204 - - 'mysql://sahara:'
1205 - {get_param: SaharaPassword}
1207 - {get_param: MysqlVirtualIPUri}
1209 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
1210 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1211 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
1212 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
1213 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
1214 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
1215 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
1216 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
1217 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
1218 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
1219 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
1220 keystone_region: {get_param: KeystoneRegion}
1221 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
1222 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
1223 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
1224 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
1225 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
1226 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
1227 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
1228 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
1229 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
1230 redis_vip: {get_param: RedisVirtualIP}
1231 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
1232 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1233 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
1234 mysql_virtual_ip: {get_param: MysqlVirtualIP}
1235 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
1236 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1237 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1239 # Map heat metadata into hiera datafiles
1241 type: OS::Heat::StructuredConfig
1243 group: os-apply-config
1248 - heat_config_%{::deploy_config_name}
1249 - controller_extraconfig
1254 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
1255 - ceph_cluster # provided by CephClusterConfig
1257 - bootstrap_node # provided by BootstrapNodeConfig
1258 - all_nodes # provided by allNodesConfig
1259 - vip_data # provided by vip-config
1262 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
1263 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
1264 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
1265 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
1266 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
1267 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
1268 - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
1269 - midonet_data #Optionally provided by AllNodesExtraConfig
1270 - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
1272 controller_extraconfig:
1273 mapped_data: {get_param: ControllerExtraConfig}
1275 mapped_data: {get_param: ExtraConfig}
1277 raw_data: {get_file: hieradata/common.yaml}
1279 raw_data: {get_file: hieradata/ceph.yaml}
1281 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1282 ceph::profile::params::public_network: {get_input: ceph_public_network}
1283 ceph::mon::public_addr: {get_input: ceph_public_ip}
1285 raw_data: {get_file: hieradata/database.yaml}
1287 raw_data: {get_file: hieradata/object.yaml}
1289 raw_data: {get_file: hieradata/controller.yaml}
1290 mapped_data: # data supplied directly to this deployment configuration, etc
1291 bootstack_nodeid: {get_input: bootstack_nodeid}
1294 enable_fencing: {get_input: enable_fencing}
1295 enable_load_balancer: {get_input: enable_load_balancer}
1296 hacluster_pwd: {get_input: pcsd_password}
1297 tripleo::fencing::config: {get_input: fencing_config}
1300 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1301 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1302 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1303 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1304 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1305 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1306 swift::proxy::workers: {get_input: swift_workers}
1307 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1308 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1309 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1310 swift_mount_check: {get_input: swift_mount_check}
1312 # NOTE(dprince): build_ring support is currently not wired in.
1313 # See: https://review.openstack.org/#/c/109225/
1314 tripleo::ringbuilder::build_ring: True
1317 cinder_enable_db_purge: {get_input: cinder_enable_db_purge}
1318 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1319 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1320 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1321 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1322 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1323 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1324 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1325 cinder::database_connection: {get_input: cinder_dsn}
1326 cinder::api::keystone_password: {get_input: cinder_password}
1327 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1328 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1329 cinder::api::bind_host: {get_input: cinder_api_network}
1330 cinder::rabbit_userid: {get_input: rabbit_username}
1331 cinder::rabbit_password: {get_input: rabbit_password}
1332 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1333 cinder::rabbit_port: {get_input: rabbit_client_port}
1334 cinder::debug: {get_input: debug}
1335 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1336 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1337 cinder_backend_config: {get_input: CinderBackendConfig}
1338 cinder::db::mysql::password: {get_input: cinder_password}
1341 glance::api::bind_port: {get_input: glance_port}
1342 glance::api::bind_host: {get_input: glance_api_network}
1343 glance::api::auth_uri: {get_input: keystone_auth_uri}
1344 glance::api::identity_uri: {get_input: keystone_identity_uri}
1345 glance::api::registry_host: {get_input: glance_registry_host}
1346 glance::api::keystone_password: {get_input: glance_password}
1347 glance::api::debug: {get_input: debug}
1348 glance::api::workers: {get_input: glance_workers}
1349 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1350 glance_log_file: {get_input: glance_log_file}
1351 glance_log_file: {get_input: glance_log_file}
1352 glance::api::database_connection: {get_input: glance_dsn}
1353 glance::registry::keystone_password: {get_input: glance_password}
1354 glance::registry::database_connection: {get_input: glance_dsn}
1355 glance::registry::bind_host: {get_input: glance_registry_network}
1356 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1357 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1358 glance::registry::debug: {get_input: debug}
1359 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
1360 glance::registry::workers: {get_input: glance_workers}
1361 glance::backend::swift::swift_store_user: service:glance
1362 glance::backend::swift::swift_store_key: {get_input: glance_password}
1363 glance_backend: {get_input: glance_backend}
1364 glance::db::mysql::password: {get_input: glance_password}
1365 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
1366 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
1367 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
1368 glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
1369 glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username}
1370 glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password}
1371 glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1374 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1375 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1376 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1377 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1378 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1379 heat::rabbit_userid: {get_input: rabbit_username}
1380 heat::rabbit_password: {get_input: rabbit_password}
1381 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1382 heat::rabbit_port: {get_input: rabbit_client_port}
1383 heat::auth_uri: {get_input: keystone_auth_uri}
1384 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1385 heat::identity_uri: {get_input: keystone_identity_uri}
1386 heat::keystone_password: {get_input: heat_password}
1387 heat::api::bind_host: {get_input: heat_api_network}
1388 heat::api::workers: {get_input: heat_workers}
1389 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1390 heat::api_cloudwatch::workers: {get_input: heat_workers}
1391 heat::api_cfn::bind_host: {get_input: heat_api_network}
1392 heat::api_cfn::workers: {get_input: heat_workers}
1393 heat::database_connection: {get_input: heat_dsn}
1394 heat::debug: {get_input: debug}
1395 heat::db::mysql::password: {get_input: heat_password}
1396 heat_enable_db_purge: {get_input: heat_enable_db_purge}
1399 keystone::admin_token: {get_input: admin_token}
1400 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1401 keystone_signing_key: {get_input: keystone_signing_key}
1402 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1403 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1404 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1405 keystone::database_connection: {get_input: keystone_dsn}
1406 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1407 keystone::public_bind_host: {get_input: keystone_public_api_network}
1408 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
1409 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
1410 keystone::debug: {get_input: debug}
1411 keystone::db::mysql::password: {get_input: admin_token}
1412 keystone::rabbit_userid: {get_input: rabbit_username}
1413 keystone::rabbit_password: {get_input: rabbit_password}
1414 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1415 keystone::rabbit_port: {get_input: rabbit_client_port}
1416 keystone::notification_driver: {get_input: keystone_notification_driver}
1417 keystone::notification_format: {get_input: keystone_notification_format}
1418 keystone::roles::admin::email: {get_input: admin_email}
1419 keystone::roles::admin::password: {get_input: admin_password}
1420 keystone::endpoint::public_url: {get_input: keystone_public_url}
1421 keystone::endpoint::internal_url: {get_input: keystone_internal_url}
1422 keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
1423 keystone::endpoint::region: {get_input: keystone_region}
1424 keystone::admin_workers: {get_input: keystone_workers}
1425 keystone::public_workers: {get_input: keystone_workers}
1426 keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
1427 keystone::public_endpoint: {get_input: keystone_public_url}
1429 mongodb::server::bind_ip: {get_input: mongo_db_network}
1430 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1431 mongodb::server::ipv6: {get_input: mongodb_ipv6}
1433 admin_password: {get_input: admin_password}
1434 enable_galera: {get_input: enable_galera}
1435 enable_ceph_storage: {get_input: enable_ceph_storage}
1436 enable_swift_storage: {get_input: enable_swift_storage}
1437 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1438 mysql_max_connections: {get_input: mysql_max_connections}
1439 mysql::server::root_password: {get_input: mysql_root_password}
1440 mysql_cluster_name: {get_input: mysql_cluster_name}
1441 mysql_bind_host: {get_input: mysql_network}
1442 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1445 neutron::bind_host: {get_input: neutron_api_network}
1446 neutron::rabbit_password: {get_input: rabbit_password}
1447 neutron::rabbit_user: {get_input: rabbit_username}
1448 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1449 neutron::rabbit_port: {get_input: rabbit_client_port}
1450 neutron::debug: {get_input: debug}
1451 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1452 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1453 neutron::server::database_connection: {get_input: neutron_dsn}
1454 neutron::server::api_workers: {get_input: neutron_workers}
1455 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1456 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
1457 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1458 neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
1459 neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
1460 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1461 neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks}
1462 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1463 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1464 neutron::agents::metadata::metadata_workers: {get_input: neutron_workers}
1465 neutron_agent_mode: {get_input: neutron_agent_mode}
1466 neutron_router_distributed: {get_input: neutron_router_distributed}
1467 neutron::core_plugin: {get_input: neutron_core_plugin}
1468 neutron::service_plugins: {get_input: neutron_service_plugins}
1469 neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent}
1470 neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent}
1471 neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent}
1472 neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent}
1473 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1474 neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers}
1475 neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions}
1476 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1477 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1478 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1479 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1480 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1481 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1482 neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings}
1483 neutron_public_interface: {get_input: neutron_public_interface}
1484 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1485 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1486 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1487 neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types}
1488 neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types}
1489 neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions}
1490 neutron::server::auth_password: {get_input: neutron_password}
1491 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1492 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1493 neutron_dsn: {get_input: neutron_dsn}
1494 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1495 neutron::db::mysql::password: {get_input: neutron_password}
1496 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
1497 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
1498 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
1499 neutron::keystone::auth::password: {get_input: neutron_password }
1500 neutron::keystone::auth::region: {get_input: keystone_region}
1501 neutron::server::notifications::nova_url: {get_input: nova_internal_url}
1502 neutron::server::notifications::auth_url: {get_input: neutron_auth_url}
1503 neutron::server::notifications::tenant_name: 'service'
1504 neutron::server::notifications::project_name: 'service'
1505 neutron::server::notifications::password: {get_input: nova_password}
1508 ceilometer_backend: {get_input: ceilometer_backend}
1509 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1510 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1511 ceilometer::rabbit_userid: {get_input: rabbit_username}
1512 ceilometer::rabbit_password: {get_input: rabbit_password}
1513 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1514 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1515 ceilometer::debug: {get_input: debug}
1516 ceilometer::api::host: {get_input: ceilometer_api_network}
1517 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1518 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1519 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1520 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1521 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
1522 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1523 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1524 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1525 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1528 nova::rabbit_userid: {get_input: rabbit_username}
1529 nova::rabbit_password: {get_input: rabbit_password}
1530 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1531 nova::rabbit_port: {get_input: rabbit_client_port}
1532 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
1533 nova::debug: {get_input: debug}
1534 nova::use_ipv6: {get_input: nova_ipv6}
1535 nova::api::auth_uri: {get_input: keystone_auth_uri}
1536 nova::api::identity_uri: {get_input: keystone_identity_uri}
1537 nova::api::api_bind_address: {get_input: nova_api_network}
1538 nova::api::metadata_listen: {get_input: nova_metadata_network}
1539 nova::api::admin_password: {get_input: nova_password}
1540 nova::api::osapi_compute_workers: {get_input: nova_workers}
1541 nova::api::ec2_workers: {get_input: nova_workers}
1542 nova::api::metadata_workers: {get_input: nova_workers}
1543 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
1544 nova::database_connection: {get_input: nova_dsn}
1545 nova::api_database_connection: {get_input: nova_api_dsn}
1546 nova::glance_api_servers: {get_input: glance_api_servers}
1547 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1548 nova::api::instance_name_template: {get_input: instance_name_template}
1549 nova::network::neutron::neutron_password: {get_input: neutron_password}
1550 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
1551 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
1552 nova::vncproxy::host: {get_input: nova_api_network}
1553 nova::db::mysql::password: {get_input: nova_password}
1554 nova::db::mysql_api::password: {get_input: nova_password}
1555 nova_enable_db_purge: {get_input: nova_enable_db_purge}
1558 apache::ip: {get_input: horizon_network}
1559 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1560 horizon::django_debug: {get_input: debug}
1561 horizon::secret_key: {get_input: horizon_secret}
1562 horizon::bind_address: {get_input: horizon_network}
1563 horizon::keystone_url: {get_input: keystone_auth_uri}
1566 sahara::host: {get_input: sahara_api_network}
1574 sahara::admin_password: {get_input: sahara_password}
1575 sahara::auth_uri: {get_input: keystone_auth_uri}
1576 sahara::admin_user: sahara
1577 sahara::identity_uri: {get_input: keystone_identity_uri}
1578 sahara::use_neutron: true
1579 sahara::database_connection: {get_input: sahara_dsn}
1580 sahara::debug: {get_input: debug}
1581 sahara::rpc_backend: rabbit
1582 sahara::rabbit_userid: {get_input: rabbit_username}
1583 sahara::rabbit_password: {get_input: rabbit_password}
1584 sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1585 sahara::rabbit_port: {get_input: rabbit_client_port}
1586 sahara::db::mysql::password: {get_input: sahara_password}
1589 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1590 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1591 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1592 rabbitmq::default_user: {get_input: rabbit_username}
1593 rabbitmq::default_pass: {get_input: rabbit_password}
1595 redis::bind: {get_input: redis_network}
1596 redis_vip: {get_input: redis_vip}
1598 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
1599 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
1601 memcached::listen_ip: {get_input: memcached_network}
1602 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1603 ntp::servers: {get_input: ntp_servers}
1604 timezone::timezone: {get_input: timezone}
1605 control_virtual_interface: {get_input: control_virtual_interface}
1606 public_virtual_interface: {get_input: public_virtual_interface}
1607 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1608 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1609 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1610 tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1611 tripleo::packages::enable_install: {get_input: enable_package_install}
1612 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1614 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1615 ControllerExtraConfigPre:
1616 depends_on: ControllerDeployment
1617 type: OS::TripleO::ControllerExtraConfigPre
1619 server: {get_resource: Controller}
1621 # Hook for site-specific additional pre-deployment config,
1622 # applying to all nodes, e.g node registration/unregistration
1624 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1625 type: OS::TripleO::NodeExtraConfig
1627 server: {get_resource: Controller}
1630 type: OS::TripleO::Tasks::PackageUpdate
1633 type: OS::Heat::SoftwareDeployment
1635 name: UpdateDeployment
1636 config: {get_resource: UpdateConfig}
1637 server: {get_resource: Controller}
1640 get_param: UpdateIdentifier
1644 description: IP address of the server in the ctlplane network
1645 value: {get_attr: [Controller, networks, ctlplane, 0]}
1646 external_ip_address:
1647 description: IP address of the server in the external network
1648 value: {get_attr: [ExternalPort, ip_address]}
1649 internal_api_ip_address:
1650 description: IP address of the server in the internal_api network
1651 value: {get_attr: [InternalApiPort, ip_address]}
1653 description: IP address of the server in the storage network
1654 value: {get_attr: [StoragePort, ip_address]}
1655 storage_mgmt_ip_address:
1656 description: IP address of the server in the storage_mgmt network
1657 value: {get_attr: [StorageMgmtPort, ip_address]}
1659 description: IP address of the server in the tenant network
1660 value: {get_attr: [TenantPort, ip_address]}
1661 management_ip_address:
1662 description: IP address of the server in the management network
1663 value: {get_attr: [ManagementPort, ip_address]}
1665 description: Hostname of the server
1666 value: {get_attr: [Controller, name]}
1669 Node object in the format {ip: ..., name: ...} format that the corosync
1672 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1673 name: {get_attr: [Controller, name]}
1676 Server's IP address and hostname in the /etc/hosts format
1680 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1681 EXTERNALIP EXTERNALHOST
1682 INTERNAL_APIIP INTERNAL_APIHOST
1683 STORAGEIP STORAGEHOST
1684 STORAGE_MGMTIP STORAGE_MGMTHOST
1686 MANAGEMENTIP MANAGEMENTHOST
1688 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1689 DOMAIN: {get_param: CloudDomain}
1690 PRIMARYHOST: {get_attr: [Controller, name]}
1691 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1695 - - {get_attr: [Controller, name]}
1697 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1701 - - {get_attr: [Controller, name]}
1703 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1707 - - {get_attr: [Controller, name]}
1709 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1713 - - {get_attr: [Controller, name]}
1715 TENANTIP: {get_attr: [TenantPort, ip_address]}
1719 - - {get_attr: [Controller, name]}
1721 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1725 - - {get_attr: [Controller, name]}
1727 nova_server_resource:
1728 description: Heat resource handle for the Nova compute server
1730 {get_resource: Controller}
1732 description: Swift device formatted for swift-ring-builder
1735 template: 'r1z1-IP:%PORT%/d1'
1737 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1738 swift_proxy_memcache:
1739 description: Swift proxy-memcache value
1742 template: "IP:11211"
1744 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1746 description: identifier which changes if the controller configuration may need re-applying
1750 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1751 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1752 - {get_attr: [NodeTLSData, deploy_stdout]}
1753 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1754 - {get_param: UpdateIdentifier}
1755 tls_key_modulus_md5:
1756 description: MD5 checksum of the TLS Key Modulus
1757 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1758 tls_cert_modulus_md5:
1759 description: MD5 checksum of the TLS Certificate Modulus
1760 value: {get_attr: [NodeTLSData, cert_modulus_md5]}