1 heat_template_version: 2016-04-08
4 OpenStack controller node configured by Puppet.
8 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
15 description: The password for the aodh services.
18 #TODO(composable Redis): Remove the Redis password param
19 #As is used by ceilometer
20 CeilometerApiVirtualIP:
25 description: The ceilometer backend type.
27 CeilometerMeteringSecret:
28 description: Secret shared by the ceilometer services.
32 description: The password for the ceilometer service and db account.
35 CeilometerStoreEvents:
37 description: Whether to store events in ceilometer.
39 CeilometerMeterDispatcher:
41 description: Dispatcher to process meter data
44 - allowed_values: ['gnocchi', 'database']
50 description: Number of workers for Ceilometer service.
52 controllerExtraConfig:
55 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
57 ControllerExtraConfig:
60 Controller specific hiera configuration data to inject into the cluster.
65 A network mapped list of IPs to assign to Controllers in the following form:
67 "internal_api": ["a.b.c.d", "e.f.g.h"],
71 ControlVirtualInterface:
73 description: Interface where virtual ip will be assigned.
77 description: Enable IPv6 in Corosync
81 description: Set to True to enable debugging on all services.
85 description: Whether to enable fencing in Pacemaker or not.
89 description: Whether to use Galera instead of regular MariaDB.
93 description: Whether to deploy a LoadBalancer on the Controller
97 description: Whether to deploy Ceph Storage (OSD) on the Controller
101 description: Whether to enable Swift Storage on the Controller
106 Additional hieradata to inject into the cluster, note that
107 ControllerExtraConfig takes precedence over ExtraConfig.
112 Pacemaker fencing configuration. The JSON should have
113 the following structure:
117 "agent": "AGENT_NAME",
118 "host_mac": "HOST_MAC_ADDRESS",
119 "params": {"PARAM_NAME": "PARAM_VALUE"}
127 "agent": "fence_xvm",
128 "host_mac": "52:54:00:aa:bb:cc",
130 "multicast_address": "225.0.0.12",
131 "port": "baremetal_0",
133 "manage_key_file": true,
134 "key_file": "/etc/fence_xvm.key",
135 "key_file_password": "abcdef"
142 description: Flavor for control nodes to request when deploying.
145 - custom_constraint: nova.flavor
148 description: The short name of the Gnocchi backend to use. Should be one
149 of swift, rbd, or file
152 - allowed_values: ['swift', 'file', 'rbd']
153 GnocchiIndexerBackend:
155 description: The short name of the Gnocchi indexer backend to use.
161 description: The password for the gnocchi service and db account.
164 HAProxyStatsPassword:
165 description: Password for HAProxy stats endpoint
168 description: User for HAProxy stats endpoint
171 HAProxySyslogAddress:
173 description: Syslog address where HAproxy will send its log
175 HeatAuthEncryptionKey:
176 description: Auth encryption key for heat-engine
181 description: A list of IP/Hostname allowed to connect to horizon
182 type: comma_delimited_list
184 description: Secret key for Django
189 default: overcloud-control
191 - custom_constraint: glance.image
193 default: 'REBUILD_PRESERVE_EPHEMERAL'
194 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
196 InstanceNameTemplate:
197 default: 'instance-%08x'
198 description: Template string to be used to generate instance names
202 description: Name of an existing Nova key pair to enable SSH access to the instances
205 - custom_constraint: nova.keypair
209 description: Keystone region for endpoint
212 description: Whether to manage IPtables rules.
216 description: Enable IPv6 features in Memcached.
220 description: Whether IPtables rules should be purged before setting up the new ones.
225 MysqlClusterUniquePart:
226 description: A unique identifier of the MySQL cluster the controller is in.
228 default: 'unset' # Has to be here because of the ignored empty value bug
229 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
231 # - length: {min: 4, max: 10}
232 MysqlInnodbBufferPoolSize:
234 Specifies the size of the buffer pool in megabytes. Setting to
235 zero should be interpreted as "no value" and will defer to the
240 description: Configures MySQL max_connections config setting
243 MysqlClustercheckPassword:
249 default: '' # Has to be here because of the ignored empty value bug
252 description: Agent mode for the neutron-l3-agent on the controller hosts
256 description: Whether to configure Neutron Distributed Virtual Routers
258 NeutronMetadataProxySharedSecret:
259 description: Shared secret to prevent spoofing
265 The core plugin for Neutron. The value should be the entrypoint to be loaded
266 from neutron.core_plugins namespace.
268 NeutronServicePlugins:
269 default: "router,qos"
271 Comma-separated list of service plugin entrypoints to be loaded from the
272 neutron.service_plugins namespace.
273 type: comma_delimited_list
275 description: The password for the neutron service and db account, used by neutron agents.
278 NeutronPublicInterface:
280 description: What interface to bridge onto br-ex for network nodes.
282 NeutronPublicInterfaceTag:
285 VLAN tag for creating a public VLAN. The tag will be used to
286 create an access port on the exterior bridge for each control plane node,
287 and that port will be given the IP address returned by neutron from the
288 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
289 overcloud.yaml to include the deployment of VLAN ports to the control
292 NeutronPublicInterfaceDefaultRoute:
294 description: A custom default route for the NeutronPublicInterface.
296 NeutronPublicInterfaceIP:
298 description: A custom IP address to put onto the NeutronPublicInterface.
300 NeutronPublicInterfaceRawDevice:
302 description: If set, the public interface is a vlan with this device as the raw device.
306 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
307 be at least 50 bytes smaller than the MTU on the physical network. This
308 value will be used to set the MTU on the virtual Ethernet device.
309 This number is related to the value of NeutronDnsmasqOptions, since that
310 will determine the MTU that is assigned to the VM host through DHCP.
319 Whether to create cron job for purging soft deleted rows in Nova database.
323 description: Enable IPv6 features in Nova
326 description: The password for the nova service and db account, used by nova-api.
331 description: Number of workers for Nova service.
335 description: Should MongoDb journaling be disabled
339 description: Enable IPv6 if Mongo DB VIP is IPv6
343 description: Comma-separated list of ntp servers
344 type: comma_delimited_list
347 description: The password for the 'pcsd' user.
349 PublicVirtualInterface:
352 Specifies the interface where the public-facing virtual ip will be assigned.
353 This should be int_public when a VLAN is being used.
357 default: '' # Has to be here because of the ignored empty value bug
360 default: '' # Has to be here because of the ignored empty value bug
363 description: The password for RabbitMQ
368 description: The username for RabbitMQ
373 Rabbit client subscriber parameter to specify
374 an SSL connection to the RabbitMQ host.
378 description: Set rabbit subscriber port, change this if using SSL
381 description: The password for Redis
386 default: '' # Has to be here because of the ignored empty value bug
389 default: '' # Has to be here because of the ignored empty value bug
390 description: An IP address which is wrapped in brackets in case of IPv6
391 SnmpdReadonlyUserName:
392 default: ro_snmp_user
393 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
395 SnmpdReadonlyUserPassword:
396 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
400 description: A random string to be used as a salt when hashing to determine mappings
406 description: Value of mount_check in Swift account/container/object -server.conf
411 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
414 description: Partition Power to use when building Swift rings
418 description: Whether to manage Swift rings or not
426 description: How many replicas to use in the swift rings.
429 description: The timezone to be set on controller nodes.
431 UpgradeLevelNovaCompute:
433 description: Nova Compute upgrade level
435 VirtualIP: # DEPRECATED: use per service settings instead
437 default: '' # Has to be here because of the ignored empty value bug
450 EnablePackageInstall:
452 description: Set to true to enable package installation via Puppet
456 description: Mapping of service_name -> network name. Typically set
457 via parameter_defaults in the resource registry.
461 description: Mapping of service endpoint -> protocol. Typically set
462 via parameter_defaults in the resource registry.
468 Setting to a previously unused value during stack-update will trigger
469 package update on all nodes
472 default: '' # Defaults to Heat created hostname
476 description: Optional mapping to override hostnames
477 NetworkDeploymentActions:
478 type: comma_delimited_list
480 Heat action when to apply network configuration changes
485 SoftwareConfigTransport:
486 default: POLL_SERVER_CFN
488 How the server should receive the metadata required for software configuration.
491 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
496 The DNS domain used for the hosts. This should match the dhcp_domain
497 configured in the Undercloud neutron. Defaults to localdomain.
501 Extra properties or metadata passed to Nova for the created nodes in
502 the overcloud. It's accessible via the Nova metadata API.
506 description: Optional scheduler hints to pass to nova
508 ServiceConfigSettings:
514 description: Do not use deprecated params, they will be removed.
516 - controllerExtraConfig
521 type: OS::Nova::Server
523 image: {get_param: Image}
524 image_update_policy: {get_param: ImageUpdatePolicy}
525 flavor: {get_param: Flavor}
526 key_name: {get_param: KeyName}
529 user_data_format: SOFTWARE_CONFIG
530 user_data: {get_resource: UserData}
533 template: {get_param: Hostname}
534 params: {get_param: HostnameMap}
535 software_config_transport: {get_param: SoftwareConfigTransport}
536 metadata: {get_param: ServerMetadata}
537 scheduler_hints: {get_param: SchedulerHints}
539 # Combine the NodeAdminUserData and NodeUserData mime archives
541 type: OS::Heat::MultipartMime
544 - config: {get_resource: NodeAdminUserData}
546 - config: {get_resource: NodeUserData}
549 # Creates the "heat-admin" user if configured via the environment
550 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
552 type: OS::TripleO::NodeAdminUserData
554 # For optional operator additional userdata
555 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
557 type: OS::TripleO::NodeUserData
560 type: OS::TripleO::Controller::Ports::ExternalPort
562 IPPool: {get_param: ControllerIPs}
563 NodeIndex: {get_param: NodeIndex}
564 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
567 type: OS::TripleO::Controller::Ports::InternalApiPort
569 IPPool: {get_param: ControllerIPs}
570 NodeIndex: {get_param: NodeIndex}
571 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
574 type: OS::TripleO::Controller::Ports::StoragePort
576 IPPool: {get_param: ControllerIPs}
577 NodeIndex: {get_param: NodeIndex}
578 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
581 type: OS::TripleO::Controller::Ports::StorageMgmtPort
583 IPPool: {get_param: ControllerIPs}
584 NodeIndex: {get_param: NodeIndex}
585 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
588 type: OS::TripleO::Controller::Ports::TenantPort
590 IPPool: {get_param: ControllerIPs}
591 NodeIndex: {get_param: NodeIndex}
592 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
595 type: OS::TripleO::Controller::Ports::ManagementPort
597 IPPool: {get_param: ControllerIPs}
598 NodeIndex: {get_param: NodeIndex}
599 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
602 type: OS::TripleO::Network::Ports::NetIpMap
604 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
605 ExternalIp: {get_attr: [ExternalPort, ip_address]}
606 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
607 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
608 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
609 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
610 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
611 StorageIp: {get_attr: [StoragePort, ip_address]}
612 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
613 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
614 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
615 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
616 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
617 TenantIp: {get_attr: [TenantPort, ip_address]}
618 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
619 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
620 ManagementIp: {get_attr: [ManagementPort, ip_address]}
621 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
622 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
625 type: OS::TripleO::Controller::Net::SoftwareConfig
627 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
628 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
629 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
630 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
631 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
632 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
633 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
636 type: OS::TripleO::SoftwareDeployment
638 name: NetworkDeployment
639 config: {get_resource: NetworkConfig}
640 server: {get_resource: Controller}
641 actions: {get_param: NetworkDeploymentActions}
644 interface_name: {get_param: NeutronPublicInterface}
646 # Resource for site-specific injection of root certificate
648 depends_on: NetworkDeployment
649 type: OS::TripleO::NodeTLSCAData
651 server: {get_resource: Controller}
653 # Resource for site-specific passing of private keys/certificates
655 depends_on: NodeTLSCAData
656 type: OS::TripleO::NodeTLSData
658 server: {get_resource: Controller}
659 NodeIndex: {get_param: NodeIndex}
662 ControllerDeployment:
663 type: OS::TripleO::SoftwareDeployment
664 depends_on: NetworkDeployment
666 name: ControllerDeployment
667 config: {get_resource: ControllerConfig}
668 server: {get_resource: Controller}
670 bootstack_nodeid: {get_attr: [Controller, name]}
671 ceilometer_workers: {get_param: CeilometerWorkers}
672 nova_workers: {get_param: NovaWorkers}
673 haproxy_log_address: {get_param: HAProxySyslogAddress}
674 haproxy_stats_password: {get_param: HAProxyStatsPassword}
675 haproxy_stats_user: {get_param: HAProxyStatsUser}
676 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
677 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
678 horizon_secret: {get_param: HorizonSecret}
679 admin_password: {get_param: AdminPassword}
680 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
681 debug: {get_param: Debug}
682 cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
683 cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
684 cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
685 cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
686 cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
687 cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
688 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
689 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
690 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
691 enable_fencing: {get_param: EnableFencing}
692 enable_galera: {get_param: EnableGalera}
693 enable_load_balancer: {get_param: EnableLoadBalancer}
694 enable_ceph_storage: {get_param: EnableCephStorage}
695 enable_swift_storage: {get_param: EnableSwiftStorage}
696 manage_firewall: {get_param: ManageFirewall}
697 purge_firewall_rules: {get_param: PurgeFirewallRules}
698 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
699 mysql_max_connections: {get_param: MysqlMaxConnections}
700 mysql_root_password: {get_param: MysqlRootPassword}
701 mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
704 template: tripleo-CLUSTER
706 CLUSTER: {get_param: MysqlClusterUniquePart}
707 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
708 neutron_agent_mode: {get_param: NeutronAgentMode}
709 neutron_router_distributed: {get_param: NeutronDVR}
710 neutron_core_plugin: {get_param: NeutronCorePlugin}
711 neutron_service_plugins:
715 PLUGINS: {get_param: NeutronServicePlugins}
716 neutron_public_interface: {get_param: NeutronPublicInterface}
717 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
718 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
719 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
720 neutron_password: {get_param: NeutronPassword}
721 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
722 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
723 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
724 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
725 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
726 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
727 ceilometer_backend: {get_param: CeilometerBackend}
728 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
729 ceilometer_password: {get_param: CeilometerPassword}
730 ceilometer_store_events: {get_param: CeilometerStoreEvents}
731 aodh_password: {get_param: AodhPassword}
732 aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
733 aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
734 aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
735 ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
736 gnocchi_password: {get_param: GnocchiPassword}
737 gnocchi_backend: {get_param: GnocchiBackend}
738 gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
739 ceilometer_coordination_url:
743 - {get_param: RedisPassword}
745 - {get_param: RedisVirtualIPUri}
750 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
752 - {get_param: CeilometerPassword}
754 - {get_param: [EndpointMap, MysqlInternal, host]}
759 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
761 - {get_param: GnocchiPassword}
763 - {get_param: [EndpointMap, MysqlInternal, host]}
765 gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
766 gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
767 gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
768 ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
769 ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
770 ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
771 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
772 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
773 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
774 nova_ipv6: {get_param: NovaIPv6}
775 corosync_ipv6: {get_param: CorosyncIPv6}
776 memcached_ipv6: {get_param: MemcachedIPv6}
777 nova_password: {get_param: NovaPassword}
781 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
783 - {get_param: NovaPassword}
785 - {get_param: [EndpointMap, MysqlInternal, host]}
790 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
792 - {get_param: NovaPassword}
794 - {get_param: [EndpointMap, MysqlInternal, host]}
796 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
797 instance_name_template: {get_param: InstanceNameTemplate}
798 nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
799 nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
800 nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
801 fencing_config: {get_param: FencingConfig}
802 pcsd_password: {get_param: PcsdPassword}
803 rabbit_username: {get_param: RabbitUserName}
804 rabbit_password: {get_param: RabbitPassword}
805 rabbit_cookie: {get_param: RabbitCookie}
806 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
807 rabbit_client_port: {get_param: RabbitClientPort}
808 mongodb_no_journal: {get_param: MongoDbNoJournal}
809 mongodb_ipv6: {get_param: MongoDbIPv6}
810 ntp_servers: {get_param: NtpServer}
811 timezone: {get_param: TimeZone}
812 control_virtual_interface: {get_param: ControlVirtualInterface}
813 public_virtual_interface: {get_param: PublicVirtualInterface}
814 swift_hash_suffix: {get_param: SwiftHashSuffix}
815 swift_part_power: {get_param: SwiftPartPower}
816 swift_ring_build: {get_param: SwiftRingBuild}
817 swift_replicas: {get_param: SwiftReplicas}
818 swift_min_part_hours: {get_param: SwiftMinPartHours}
819 swift_mount_check: {get_param: SwiftMountCheck}
820 enable_package_install: {get_param: EnablePackageInstall}
821 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
822 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
823 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
824 cinder_iscsi_network:
828 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
829 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
830 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
831 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
832 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
833 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
834 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
835 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
836 keystone_region: {get_param: KeystoneRegion}
837 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
838 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
839 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
840 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
841 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
842 gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
843 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
844 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
845 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
848 template: "['SUBNET']"
850 SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
851 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
852 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
853 redis_vip: {get_param: RedisVirtualIP}
854 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
855 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
856 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
857 mysql_virtual_ip: {get_param: MysqlVirtualIP}
858 ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
859 ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
860 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
862 # Map heat metadata into hiera datafiles
864 type: OS::Heat::StructuredConfig
866 group: os-apply-config
871 - heat_config_%{::deploy_config_name}
872 - controller_extraconfig
878 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
879 - ceph_cluster # provided by CephClusterConfig
881 - bootstrap_node # provided by BootstrapNodeConfig
882 - all_nodes # provided by allNodesConfig
883 - vip_data # provided by vip-config
887 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
888 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
889 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
890 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
891 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
892 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
893 - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
894 - midonet_data #Optionally provided by AllNodesExtraConfig
895 - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
896 - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre
897 merge_behavior: deeper
900 mapped_data: {get_param: ServiceConfigSettings}
901 controller_extraconfig:
904 - {get_param: controllerExtraConfig}
905 - {get_param: ControllerExtraConfig}
907 mapped_data: {get_param: ExtraConfig}
909 raw_data: {get_file: hieradata/common.yaml}
912 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
913 net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
914 net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
916 raw_data: {get_file: hieradata/ceph.yaml}
918 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
919 ceph::profile::params::public_network: {get_input: ceph_public_network}
920 ceph::profile::params::public_addr: {get_input: ceph_public_ip}
922 raw_data: {get_file: hieradata/database.yaml}
924 raw_data: {get_file: hieradata/object.yaml}
926 raw_data: {get_file: hieradata/controller.yaml}
927 mapped_data: # data supplied directly to this deployment configuration, etc
928 bootstack_nodeid: {get_input: bootstack_nodeid}
931 enable_fencing: {get_input: enable_fencing}
932 enable_load_balancer: {get_input: enable_load_balancer}
933 hacluster_pwd: {get_input: pcsd_password}
934 corosync_ipv6: {get_input: corosync_ipv6}
935 tripleo::fencing::config: {get_input: fencing_config}
938 # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
939 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
940 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
941 swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
942 tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
943 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
944 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
945 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
946 swift_mount_check: {get_input: swift_mount_check}
949 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
950 cinder::api::bind_host: {get_input: cinder_api_network}
951 cinder::keystone::auth::public_url: {get_input: cinder_public_url }
952 cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
953 cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
954 cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
955 cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
956 cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
957 cinder::keystone::auth::password: {get_input: cinder_password }
958 cinder::keystone::auth::region: {get_input: keystone_region}
961 glance::api::bind_host: {get_input: glance_api_network}
962 glance::registry::bind_host: {get_input: glance_registry_network}
963 glance::keystone::auth::region: {get_input: keystone_region}
966 heat::api::bind_host: {get_input: heat_api_network}
967 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
968 heat::api_cfn::bind_host: {get_input: heat_api_network}
969 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
972 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
973 keystone::public_bind_host: {get_input: keystone_public_api_network}
974 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
975 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
977 mongodb::server::bind_ip: {get_input: mongo_db_network}
978 mongodb::server::nojournal: {get_input: mongodb_no_journal}
979 mongodb::server::ipv6: {get_input: mongodb_ipv6}
981 admin_password: {get_input: admin_password}
982 enable_galera: {get_input: enable_galera}
983 enable_ceph_storage: {get_input: enable_ceph_storage}
984 enable_swift_storage: {get_input: enable_swift_storage}
985 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
986 mysql_max_connections: {get_input: mysql_max_connections}
987 mysql::server::root_password: {get_input: mysql_root_password}
988 mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
989 mysql_cluster_name: {get_input: mysql_cluster_name}
990 mysql_bind_host: {get_input: mysql_network}
991 mysql_virtual_ip: {get_input: mysql_virtual_ip}
994 neutron::bind_host: {get_input: neutron_api_network}
995 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
996 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
997 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
998 neutron_agent_mode: {get_input: neutron_agent_mode}
999 neutron_router_distributed: {get_input: neutron_router_distributed}
1000 neutron::core_plugin: {get_input: neutron_core_plugin}
1001 neutron::service_plugins: {get_input: neutron_service_plugins}
1002 neutron_public_interface: {get_input: neutron_public_interface}
1003 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1004 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1005 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1006 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
1007 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
1008 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
1009 neutron::keystone::auth::password: {get_input: neutron_password }
1010 neutron::keystone::auth::region: {get_input: keystone_region}
1013 ceilometer_backend: {get_input: ceilometer_backend}
1014 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1015 ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
1016 ceilometer::rabbit_userid: {get_input: rabbit_username}
1017 ceilometer::rabbit_password: {get_input: rabbit_password}
1018 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1019 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1020 ceilometer::debug: {get_input: debug}
1021 ceilometer::api::host: {get_input: ceilometer_api_network}
1022 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1023 ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
1024 ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
1025 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1026 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
1027 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1028 ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
1029 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1030 ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
1031 ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
1032 ceilometer::dispatcher::gnocchi::filter_project: 'service'
1033 ceilometer::dispatcher::gnocchi::archive_policy: 'low'
1034 ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
1035 ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
1036 ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
1037 ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
1038 ceilometer::keystone::auth::password: {get_input: ceilometer_password }
1039 ceilometer::keystone::auth::region: {get_input: keystone_region}
1040 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1041 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1044 aodh::rabbit_userid: {get_input: rabbit_username}
1045 aodh::rabbit_password: {get_input: rabbit_password}
1046 aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1047 aodh::rabbit_port: {get_input: rabbit_client_port}
1048 aodh::debug: {get_input: debug}
1049 aodh::wsgi::apache::ssl: false
1050 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
1051 aodh::api::service_name: 'httpd'
1052 aodh::api::host: {get_input: aodh_api_network}
1053 aodh::api::keystone_password: {get_input: aodh_password}
1054 aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1055 aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1056 aodh::auth::auth_password: {get_input: aodh_password}
1057 aodh::db::mysql::password: {get_input: aodh_password}
1058 # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
1059 aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
1060 aodh::keystone::auth::public_url: {get_input: aodh_public_url }
1061 aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
1062 aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
1063 aodh::keystone::auth::password: {get_input: aodh_password }
1064 aodh::keystone::auth::region: {get_input: keystone_region}
1067 gnocchi_backend: {get_input: gnocchi_backend}
1068 gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
1069 gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
1070 gnocchi::debug: {get_input: debug}
1071 gnocchi::wsgi::apache::ssl: false
1072 gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
1073 gnocchi::api::service_name: 'httpd'
1074 gnocchi::api::host: {get_input: gnocchi_api_network}
1075 gnocchi::api::keystone_password: {get_input: gnocchi_password}
1076 gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1077 gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1078 gnocchi::db::mysql::password: {get_input: gnocchi_password}
1079 gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
1080 gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
1081 gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
1082 gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
1083 gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
1084 gnocchi::keystone::auth::password: {get_input: gnocchi_password }
1085 gnocchi::keystone::auth::region: {get_input: keystone_region}
1088 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
1089 nova::use_ipv6: {get_input: nova_ipv6}
1090 nova::api::auth_uri: {get_input: keystone_auth_uri}
1091 nova::api::identity_uri: {get_input: keystone_identity_uri}
1092 nova::api::api_bind_address: {get_input: nova_api_network}
1093 nova::api::metadata_listen: {get_input: nova_metadata_network}
1094 nova::api::admin_password: {get_input: nova_password}
1095 nova::api::osapi_compute_workers: {get_input: nova_workers}
1096 nova::api::metadata_workers: {get_input: nova_workers}
1097 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
1098 nova::database_connection: {get_input: nova_dsn}
1099 nova::api_database_connection: {get_input: nova_api_dsn}
1100 nova::glance_api_servers: {get_input: glance_api_servers}
1101 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1102 nova::api::instance_name_template: {get_input: instance_name_template}
1103 nova::network::neutron::neutron_password: {get_input: neutron_password}
1104 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
1105 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
1106 nova::vncproxy::host: {get_input: nova_api_network}
1107 nova::db::mysql::password: {get_input: nova_password}
1108 nova::db::mysql_api::password: {get_input: nova_password}
1109 nova_enable_db_purge: {get_input: nova_enable_db_purge}
1110 nova::keystone::auth::public_url: {get_input: nova_public_url}
1111 nova::keystone::auth::internal_url: {get_input: nova_internal_url}
1112 nova::keystone::auth::admin_url: {get_input: nova_admin_url}
1113 nova::keystone::auth::password: {get_input: nova_password }
1114 nova::keystone::auth::region: {get_input: keystone_region}
1117 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
1118 apache::ip: {get_input: horizon_network}
1119 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1120 horizon::django_debug: {get_input: debug}
1121 horizon::secret_key: {get_input: horizon_secret}
1122 horizon::bind_address: {get_input: horizon_network}
1123 horizon::keystone_url: {get_input: keystone_auth_uri}
1126 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1127 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1129 redis::bind: {get_input: redis_network}
1130 redis_vip: {get_input: redis_vip}
1132 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
1133 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
1135 memcached_ipv6: {get_input: memcached_ipv6}
1136 memcached::listen_ip: {get_input: memcached_network}
1137 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1138 ntp::servers: {get_input: ntp_servers}
1139 timezone::timezone: {get_input: timezone}
1140 control_virtual_interface: {get_input: control_virtual_interface}
1141 public_virtual_interface: {get_input: public_virtual_interface}
1142 tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
1143 tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
1144 tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
1145 tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
1146 tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
1147 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1148 tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
1149 tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
1150 tripleo::haproxy::redis_password: {get_input: redis_password}
1151 tripleo::packages::enable_install: {get_input: enable_package_install}
1152 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1154 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1155 ControllerExtraConfigPre:
1156 depends_on: ControllerDeployment
1157 type: OS::TripleO::ControllerExtraConfigPre
1159 server: {get_resource: Controller}
1161 # Hook for site-specific additional pre-deployment config,
1162 # applying to all nodes, e.g node registration/unregistration
1164 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1165 type: OS::TripleO::NodeExtraConfig
1167 server: {get_resource: Controller}
1170 type: OS::TripleO::Tasks::PackageUpdate
1173 type: OS::Heat::SoftwareDeployment
1175 name: UpdateDeployment
1176 config: {get_resource: UpdateConfig}
1177 server: {get_resource: Controller}
1180 get_param: UpdateIdentifier
1184 description: IP address of the server in the ctlplane network
1185 value: {get_attr: [Controller, networks, ctlplane, 0]}
1186 external_ip_address:
1187 description: IP address of the server in the external network
1188 value: {get_attr: [ExternalPort, ip_address]}
1189 internal_api_ip_address:
1190 description: IP address of the server in the internal_api network
1191 value: {get_attr: [InternalApiPort, ip_address]}
1193 description: IP address of the server in the storage network
1194 value: {get_attr: [StoragePort, ip_address]}
1195 storage_mgmt_ip_address:
1196 description: IP address of the server in the storage_mgmt network
1197 value: {get_attr: [StorageMgmtPort, ip_address]}
1199 description: IP address of the server in the tenant network
1200 value: {get_attr: [TenantPort, ip_address]}
1201 management_ip_address:
1202 description: IP address of the server in the management network
1203 value: {get_attr: [ManagementPort, ip_address]}
1205 description: Hostname of the server
1206 value: {get_attr: [Controller, name]}
1209 Server's IP address and hostname in the /etc/hosts format
1213 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1214 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
1215 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
1216 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
1217 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
1218 TENANTIP TENANTHOST.DOMAIN TENANTHOST
1219 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
1221 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1222 DOMAIN: {get_param: CloudDomain}
1223 PRIMARYHOST: {get_attr: [Controller, name]}
1224 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1228 - - {get_attr: [Controller, name]}
1230 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1234 - - {get_attr: [Controller, name]}
1236 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1240 - - {get_attr: [Controller, name]}
1242 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1246 - - {get_attr: [Controller, name]}
1248 TENANTIP: {get_attr: [TenantPort, ip_address]}
1252 - - {get_attr: [Controller, name]}
1254 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1258 - - {get_attr: [Controller, name]}
1260 nova_server_resource:
1261 description: Heat resource handle for the Nova compute server
1263 {get_resource: Controller}
1265 description: Swift device formatted for swift-ring-builder
1268 template: 'r1z1-IP:%PORT%/d1'
1270 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1271 swift_proxy_memcache:
1272 description: Swift proxy-memcache value
1275 template: "IP:11211"
1277 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1279 description: identifier which changes if the controller configuration may need re-applying
1283 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1284 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1285 - {get_attr: [NodeTLSData, deploy_stdout]}
1286 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1287 - {get_param: UpdateIdentifier}
1288 tls_key_modulus_md5:
1289 description: MD5 checksum of the TLS Key Modulus
1290 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1291 tls_cert_modulus_md5:
1292 description: MD5 checksum of the TLS Certificate Modulus
1293 value: {get_attr: [NodeTLSData, cert_modulus_md5]}