1 heat_template_version: 2016-04-08
4 OpenStack controller node configured by Puppet.
8 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The password for the aodh services.
15 #TODO(composable Redis): Remove the Redis password param
16 #As is used by ceilometer
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
22 description: Secret shared by the ceilometer services.
26 description: The password for the ceilometer service and db account.
29 CeilometerStoreEvents:
31 description: Whether to store events in ceilometer.
33 CeilometerMeterDispatcher:
35 description: Dispatcher to process meter data
38 - allowed_values: ['gnocchi', 'database']
41 description: Number of workers for Ceilometer service.
43 controllerExtraConfig:
46 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
48 ControllerExtraConfig:
51 Controller specific hiera configuration data to inject into the cluster.
56 A network mapped list of IPs to assign to Controllers in the following form:
58 "internal_api": ["a.b.c.d", "e.f.g.h"],
62 ControlVirtualInterface:
64 description: Interface where virtual ip will be assigned.
68 description: Enable IPv6 in Corosync
72 description: Set to True to enable debugging on all services.
76 description: Whether to enable fencing in Pacemaker or not.
80 description: Whether to use Galera instead of regular MariaDB.
84 description: Whether to deploy a LoadBalancer on the Controller
88 description: Whether to deploy Ceph Storage (OSD) on the Controller
93 Additional hieradata to inject into the cluster, note that
94 ControllerExtraConfig takes precedence over ExtraConfig.
99 Pacemaker fencing configuration. The JSON should have
100 the following structure:
104 "agent": "AGENT_NAME",
105 "host_mac": "HOST_MAC_ADDRESS",
106 "params": {"PARAM_NAME": "PARAM_VALUE"}
114 "agent": "fence_xvm",
115 "host_mac": "52:54:00:aa:bb:cc",
117 "multicast_address": "225.0.0.12",
118 "port": "baremetal_0",
120 "manage_key_file": true,
121 "key_file": "/etc/fence_xvm.key",
122 "key_file_password": "abcdef"
129 description: Flavor for control nodes to request when deploying.
132 - custom_constraint: nova.flavor
135 description: The short name of the Gnocchi backend to use. Should be one
136 of swift, rbd, or file
139 - allowed_values: ['swift', 'file', 'rbd']
140 GnocchiIndexerBackend:
142 description: The short name of the Gnocchi indexer backend to use.
145 description: The password for the gnocchi service and db account.
148 HAProxyStatsPassword:
149 description: Password for HAProxy stats endpoint
152 description: User for HAProxy stats endpoint
155 HAProxySyslogAddress:
157 description: Syslog address where HAproxy will send its log
159 HeatAuthEncryptionKey:
160 description: Auth encryption key for heat-engine
165 description: A list of IP/Hostname allowed to connect to horizon
166 type: comma_delimited_list
168 description: Secret key for Django
173 default: overcloud-control
175 - custom_constraint: glance.image
177 default: 'REBUILD_PRESERVE_EPHEMERAL'
178 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
180 InstanceNameTemplate:
181 default: 'instance-%08x'
182 description: Template string to be used to generate instance names
186 description: Name of an existing Nova key pair to enable SSH access to the instances
189 - custom_constraint: nova.keypair
193 description: Keystone region for endpoint
196 description: Whether to manage IPtables rules.
200 description: Enable IPv6 features in Memcached.
204 description: Whether IPtables rules should be purged before setting up the new ones.
206 MysqlClusterUniquePart:
207 description: A unique identifier of the MySQL cluster the controller is in.
209 default: 'unset' # Has to be here because of the ignored empty value bug
210 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
212 # - length: {min: 4, max: 10}
213 MysqlInnodbBufferPoolSize:
215 Specifies the size of the buffer pool in megabytes. Setting to
216 zero should be interpreted as "no value" and will defer to the
221 description: Configures MySQL max_connections config setting
224 MysqlClustercheckPassword:
230 default: '' # Has to be here because of the ignored empty value bug
231 NeutronMetadataProxySharedSecret:
232 description: Shared secret to prevent spoofing
236 description: The password for the neutron service and db account, used by neutron agents.
239 NeutronPublicInterface:
241 description: What interface to bridge onto br-ex for network nodes.
245 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
246 be at least 50 bytes smaller than the MTU on the physical network. This
247 value will be used to set the MTU on the virtual Ethernet device.
248 This number is related to the value of NeutronDnsmasqOptions, since that
249 will determine the MTU that is assigned to the VM host through DHCP.
255 Whether to create cron job for purging soft deleted rows in Nova database.
259 description: Enable IPv6 features in Nova
262 description: The password for the nova service and db account, used by nova-api.
267 description: The password for the 'pcsd' user.
269 PublicVirtualInterface:
272 Specifies the interface where the public-facing virtual ip will be assigned.
273 This should be int_public when a VLAN is being used.
277 default: '' # Has to be here because of the ignored empty value bug
280 description: The password for RabbitMQ
285 description: The username for RabbitMQ
290 Rabbit client subscriber parameter to specify
291 an SSL connection to the RabbitMQ host.
295 description: Set rabbit subscriber port, change this if using SSL
298 description: The password for Redis
303 default: '' # Has to be here because of the ignored empty value bug
306 default: '' # Has to be here because of the ignored empty value bug
307 description: An IP address which is wrapped in brackets in case of IPv6
308 SnmpdReadonlyUserName:
309 default: ro_snmp_user
310 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
312 SnmpdReadonlyUserPassword:
313 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
317 description: A random string to be used as a salt when hashing to determine mappings
324 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
327 description: Partition Power to use when building Swift rings
331 description: Whether to manage Swift rings or not
336 description: How many replicas to use in the swift rings.
339 description: The timezone to be set on controller nodes.
341 UpgradeLevelNovaCompute:
343 description: Nova Compute upgrade level
348 EnablePackageInstall:
350 description: Set to true to enable package installation via Puppet
354 description: Mapping of service_name -> network name. Typically set
355 via parameter_defaults in the resource registry.
359 description: Mapping of service endpoint -> protocol. Typically set
360 via parameter_defaults in the resource registry.
366 Setting to a previously unused value during stack-update will trigger
367 package update on all nodes
370 default: '' # Defaults to Heat created hostname
374 description: Optional mapping to override hostnames
375 NetworkDeploymentActions:
376 type: comma_delimited_list
378 Heat action when to apply network configuration changes
383 SoftwareConfigTransport:
384 default: POLL_SERVER_CFN
386 How the server should receive the metadata required for software configuration.
389 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
394 The DNS domain used for the hosts. This should match the dhcp_domain
395 configured in the Undercloud neutron. Defaults to localdomain.
399 Extra properties or metadata passed to Nova for the created nodes in
400 the overcloud. It's accessible via the Nova metadata API.
404 description: Optional scheduler hints to pass to nova
406 ServiceConfigSettings:
412 description: Do not use deprecated params, they will be removed.
414 - controllerExtraConfig
419 type: OS::Nova::Server
421 image: {get_param: Image}
422 image_update_policy: {get_param: ImageUpdatePolicy}
423 flavor: {get_param: Flavor}
424 key_name: {get_param: KeyName}
427 user_data_format: SOFTWARE_CONFIG
428 user_data: {get_resource: UserData}
431 template: {get_param: Hostname}
432 params: {get_param: HostnameMap}
433 software_config_transport: {get_param: SoftwareConfigTransport}
434 metadata: {get_param: ServerMetadata}
435 scheduler_hints: {get_param: SchedulerHints}
437 # Combine the NodeAdminUserData and NodeUserData mime archives
439 type: OS::Heat::MultipartMime
442 - config: {get_resource: NodeAdminUserData}
444 - config: {get_resource: NodeUserData}
447 # Creates the "heat-admin" user if configured via the environment
448 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
450 type: OS::TripleO::NodeAdminUserData
452 # For optional operator additional userdata
453 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
455 type: OS::TripleO::NodeUserData
458 type: OS::TripleO::Controller::Ports::ExternalPort
460 IPPool: {get_param: ControllerIPs}
461 NodeIndex: {get_param: NodeIndex}
462 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
465 type: OS::TripleO::Controller::Ports::InternalApiPort
467 IPPool: {get_param: ControllerIPs}
468 NodeIndex: {get_param: NodeIndex}
469 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
472 type: OS::TripleO::Controller::Ports::StoragePort
474 IPPool: {get_param: ControllerIPs}
475 NodeIndex: {get_param: NodeIndex}
476 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
479 type: OS::TripleO::Controller::Ports::StorageMgmtPort
481 IPPool: {get_param: ControllerIPs}
482 NodeIndex: {get_param: NodeIndex}
483 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
486 type: OS::TripleO::Controller::Ports::TenantPort
488 IPPool: {get_param: ControllerIPs}
489 NodeIndex: {get_param: NodeIndex}
490 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
493 type: OS::TripleO::Controller::Ports::ManagementPort
495 IPPool: {get_param: ControllerIPs}
496 NodeIndex: {get_param: NodeIndex}
497 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
500 type: OS::TripleO::Network::Ports::NetIpMap
502 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
503 ExternalIp: {get_attr: [ExternalPort, ip_address]}
504 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
505 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
506 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
507 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
508 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
509 StorageIp: {get_attr: [StoragePort, ip_address]}
510 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
511 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
512 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
513 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
514 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
515 TenantIp: {get_attr: [TenantPort, ip_address]}
516 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
517 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
518 ManagementIp: {get_attr: [ManagementPort, ip_address]}
519 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
520 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
523 type: OS::TripleO::Controller::Net::SoftwareConfig
525 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
526 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
527 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
528 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
529 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
530 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
531 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
534 type: OS::TripleO::SoftwareDeployment
536 name: NetworkDeployment
537 config: {get_resource: NetworkConfig}
538 server: {get_resource: Controller}
539 actions: {get_param: NetworkDeploymentActions}
542 interface_name: {get_param: NeutronPublicInterface}
544 # Resource for site-specific injection of root certificate
546 depends_on: NetworkDeployment
547 type: OS::TripleO::NodeTLSCAData
549 server: {get_resource: Controller}
551 # Resource for site-specific passing of private keys/certificates
553 depends_on: NodeTLSCAData
554 type: OS::TripleO::NodeTLSData
556 server: {get_resource: Controller}
557 NodeIndex: {get_param: NodeIndex}
560 ControllerDeployment:
561 type: OS::TripleO::SoftwareDeployment
562 depends_on: NetworkDeployment
564 name: ControllerDeployment
565 config: {get_resource: ControllerConfig}
566 server: {get_resource: Controller}
568 bootstack_nodeid: {get_attr: [Controller, name]}
569 ceilometer_workers: {get_param: CeilometerWorkers}
570 haproxy_log_address: {get_param: HAProxySyslogAddress}
571 haproxy_stats_password: {get_param: HAProxyStatsPassword}
572 haproxy_stats_user: {get_param: HAProxyStatsUser}
573 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
574 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
575 horizon_secret: {get_param: HorizonSecret}
576 admin_password: {get_param: AdminPassword}
577 debug: {get_param: Debug}
578 cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
579 cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
580 cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
581 cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
582 cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
583 cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
584 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
585 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
586 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
587 enable_fencing: {get_param: EnableFencing}
588 enable_galera: {get_param: EnableGalera}
589 enable_load_balancer: {get_param: EnableLoadBalancer}
590 enable_ceph_storage: {get_param: EnableCephStorage}
591 manage_firewall: {get_param: ManageFirewall}
592 purge_firewall_rules: {get_param: PurgeFirewallRules}
593 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
594 mysql_max_connections: {get_param: MysqlMaxConnections}
595 mysql_root_password: {get_param: MysqlRootPassword}
596 mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
599 template: tripleo-CLUSTER
601 CLUSTER: {get_param: MysqlClusterUniquePart}
602 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
603 neutron_password: {get_param: NeutronPassword}
604 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
605 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
606 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
607 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
608 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
609 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
610 ceilometer_backend: {get_param: CeilometerBackend}
611 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
612 ceilometer_password: {get_param: CeilometerPassword}
613 ceilometer_store_events: {get_param: CeilometerStoreEvents}
614 aodh_password: {get_param: AodhPassword}
615 aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
616 aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
617 aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
618 ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
619 gnocchi_password: {get_param: GnocchiPassword}
620 gnocchi_backend: {get_param: GnocchiBackend}
621 gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
622 ceilometer_coordination_url:
626 - {get_param: RedisPassword}
628 - {get_param: RedisVirtualIPUri}
633 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
635 - {get_param: CeilometerPassword}
637 - {get_param: [EndpointMap, MysqlInternal, host]}
642 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
644 - {get_param: GnocchiPassword}
646 - {get_param: [EndpointMap, MysqlInternal, host]}
651 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
653 - {get_param: AodhPassword}
655 - {get_param: [EndpointMap, MysqlInternal, host]}
657 gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
658 gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
659 gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
660 ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
661 ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
662 ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
663 ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
664 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
665 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
666 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
667 nova_ipv6: {get_param: NovaIPv6}
668 corosync_ipv6: {get_param: CorosyncIPv6}
669 memcached_ipv6: {get_param: MemcachedIPv6}
670 nova_password: {get_param: NovaPassword}
674 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
676 - {get_param: NovaPassword}
678 - {get_param: [EndpointMap, MysqlInternal, host]}
683 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
685 - {get_param: NovaPassword}
687 - {get_param: [EndpointMap, MysqlInternal, host]}
689 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
690 instance_name_template: {get_param: InstanceNameTemplate}
691 nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
692 nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
693 nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
694 fencing_config: {get_param: FencingConfig}
695 pcsd_password: {get_param: PcsdPassword}
696 rabbit_username: {get_param: RabbitUserName}
697 rabbit_password: {get_param: RabbitPassword}
698 rabbit_cookie: {get_param: RabbitCookie}
699 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
700 rabbit_client_port: {get_param: RabbitClientPort}
701 timezone: {get_param: TimeZone}
702 control_virtual_interface: {get_param: ControlVirtualInterface}
703 public_virtual_interface: {get_param: PublicVirtualInterface}
704 swift_hash_suffix: {get_param: SwiftHashSuffix}
705 swift_part_power: {get_param: SwiftPartPower}
706 swift_ring_build: {get_param: SwiftRingBuild}
707 swift_replicas: {get_param: SwiftReplicas}
708 swift_min_part_hours: {get_param: SwiftMinPartHours}
709 enable_package_install: {get_param: EnablePackageInstall}
710 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
711 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
712 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
713 cinder_iscsi_network:
717 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
718 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
719 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
720 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
721 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
722 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
723 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
724 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
725 keystone_region: {get_param: KeystoneRegion}
726 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
727 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
728 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
729 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
730 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
731 gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
732 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
733 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
734 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
737 template: "['SUBNET']"
739 SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
740 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
741 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
742 redis_vip: {get_param: RedisVirtualIP}
743 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
744 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
745 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
746 mysql_virtual_ip: {get_param: MysqlVirtualIP}
747 ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
748 ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
749 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
751 # Map heat metadata into hiera datafiles
753 type: OS::Heat::StructuredConfig
755 group: os-apply-config
760 - heat_config_%{::deploy_config_name}
761 - controller_extraconfig
767 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
768 - ceph_cluster # provided by CephClusterConfig
770 - bootstrap_node # provided by BootstrapNodeConfig
771 - all_nodes # provided by allNodesConfig
772 - vip_data # provided by vip-config
776 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
777 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
778 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
779 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
780 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
781 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
782 - midonet_data #Optionally provided by AllNodesExtraConfig
783 merge_behavior: deeper
786 mapped_data: {get_param: ServiceConfigSettings}
787 controller_extraconfig:
790 - {get_param: controllerExtraConfig}
791 - {get_param: ControllerExtraConfig}
793 mapped_data: {get_param: ExtraConfig}
795 raw_data: {get_file: hieradata/common.yaml}
798 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
799 net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
800 net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
802 raw_data: {get_file: hieradata/ceph.yaml}
804 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
805 ceph::profile::params::public_network: {get_input: ceph_public_network}
806 ceph::profile::params::public_addr: {get_input: ceph_public_ip}
808 raw_data: {get_file: hieradata/database.yaml}
810 raw_data: {get_file: hieradata/object.yaml}
812 raw_data: {get_file: hieradata/controller.yaml}
813 mapped_data: # data supplied directly to this deployment configuration, etc
814 bootstack_nodeid: {get_input: bootstack_nodeid}
817 enable_fencing: {get_input: enable_fencing}
818 enable_load_balancer: {get_input: enable_load_balancer}
819 hacluster_pwd: {get_input: pcsd_password}
820 corosync_ipv6: {get_input: corosync_ipv6}
821 tripleo::fencing::config: {get_input: fencing_config}
824 # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
825 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
826 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
827 swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
828 tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
829 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
830 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
831 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
834 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
835 cinder::api::bind_host: {get_input: cinder_api_network}
836 cinder::keystone::auth::public_url: {get_input: cinder_public_url }
837 cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
838 cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
839 cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
840 cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
841 cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
842 cinder::keystone::auth::password: {get_input: cinder_password }
843 cinder::keystone::auth::region: {get_input: keystone_region}
846 glance::api::bind_host: {get_input: glance_api_network}
847 glance::registry::bind_host: {get_input: glance_registry_network}
848 glance::keystone::auth::region: {get_input: keystone_region}
851 heat::api::bind_host: {get_input: heat_api_network}
852 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
853 heat::api_cfn::bind_host: {get_input: heat_api_network}
854 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
857 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
858 keystone::public_bind_host: {get_input: keystone_public_api_network}
859 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
860 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
863 mongodb::server::bind_ip: {get_input: mongo_db_network}
866 admin_password: {get_input: admin_password}
867 enable_galera: {get_input: enable_galera}
868 enable_ceph_storage: {get_input: enable_ceph_storage}
869 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
870 mysql_max_connections: {get_input: mysql_max_connections}
871 mysql::server::root_password: {get_input: mysql_root_password}
872 mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
873 mysql_cluster_name: {get_input: mysql_cluster_name}
874 mysql_bind_host: {get_input: mysql_network}
875 mysql_virtual_ip: {get_input: mysql_virtual_ip}
878 neutron::bind_host: {get_input: neutron_api_network}
879 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
880 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
881 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
882 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
883 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
884 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
885 neutron::keystone::auth::password: {get_input: neutron_password }
886 neutron::keystone::auth::region: {get_input: keystone_region}
889 ceilometer_backend: {get_input: ceilometer_backend}
890 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
891 ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
892 ceilometer::rabbit_userid: {get_input: rabbit_username}
893 ceilometer::rabbit_password: {get_input: rabbit_password}
894 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
895 ceilometer::rabbit_port: {get_input: rabbit_client_port}
896 ceilometer::debug: {get_input: debug}
897 ceilometer::api::host: {get_input: ceilometer_api_network}
898 ceilometer::api::keystone_password: {get_input: ceilometer_password}
899 ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
900 ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
901 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
902 ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
903 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
904 ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
905 ceilometer::db::mysql::password: {get_input: ceilometer_password}
906 ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
907 ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
908 ceilometer::dispatcher::gnocchi::filter_project: 'service'
909 ceilometer::dispatcher::gnocchi::archive_policy: 'low'
910 ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
911 ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
912 ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
913 ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
914 ceilometer::keystone::auth::password: {get_input: ceilometer_password }
915 ceilometer::keystone::auth::region: {get_input: keystone_region}
916 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
917 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
920 aodh_mysql_conn_string: {get_input: aodh_dsn}
921 aodh::rabbit_userid: {get_input: rabbit_username}
922 aodh::rabbit_password: {get_input: rabbit_password}
923 aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
924 aodh::rabbit_port: {get_input: rabbit_client_port}
925 aodh::debug: {get_input: debug}
926 aodh::wsgi::apache::ssl: false
927 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
928 aodh::api::service_name: 'httpd'
929 aodh::api::host: {get_input: aodh_api_network}
930 aodh::api::keystone_password: {get_input: aodh_password}
931 aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
932 aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
933 aodh::auth::auth_url: {get_input: keystone_auth_uri}
934 aodh::auth::auth_password: {get_input: aodh_password}
935 aodh::db::mysql::password: {get_input: aodh_password}
936 # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
937 aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
938 aodh::keystone::auth::public_url: {get_input: aodh_public_url }
939 aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
940 aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
941 aodh::keystone::auth::password: {get_input: aodh_password }
942 aodh::keystone::auth::region: {get_input: keystone_region}
945 gnocchi_backend: {get_input: gnocchi_backend}
946 gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
947 gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
948 gnocchi::debug: {get_input: debug}
949 gnocchi::wsgi::apache::ssl: false
950 gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
951 gnocchi::api::service_name: 'httpd'
952 gnocchi::api::host: {get_input: gnocchi_api_network}
953 gnocchi::api::keystone_password: {get_input: gnocchi_password}
954 gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
955 gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
956 gnocchi::db::mysql::password: {get_input: gnocchi_password}
957 gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
958 gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
959 gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
960 gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
961 gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
962 gnocchi::keystone::auth::password: {get_input: gnocchi_password }
963 gnocchi::keystone::auth::region: {get_input: keystone_region}
966 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
967 nova::use_ipv6: {get_input: nova_ipv6}
968 nova::api::auth_uri: {get_input: keystone_auth_uri}
969 nova::api::identity_uri: {get_input: keystone_identity_uri}
970 nova::api::api_bind_address: {get_input: nova_api_network}
971 nova::api::metadata_listen: {get_input: nova_metadata_network}
972 nova::api::admin_password: {get_input: nova_password}
973 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
974 nova::database_connection: {get_input: nova_dsn}
975 nova::api_database_connection: {get_input: nova_api_dsn}
976 nova::glance_api_servers: {get_input: glance_api_servers}
977 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
978 nova::api::instance_name_template: {get_input: instance_name_template}
979 nova::network::neutron::neutron_password: {get_input: neutron_password}
980 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
981 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
982 nova::vncproxy::host: {get_input: nova_api_network}
983 nova::db::mysql::password: {get_input: nova_password}
984 nova::db::mysql_api::password: {get_input: nova_password}
985 nova_enable_db_purge: {get_input: nova_enable_db_purge}
986 nova::keystone::auth::public_url: {get_input: nova_public_url}
987 nova::keystone::auth::internal_url: {get_input: nova_internal_url}
988 nova::keystone::auth::admin_url: {get_input: nova_admin_url}
989 nova::keystone::auth::password: {get_input: nova_password }
990 nova::keystone::auth::region: {get_input: keystone_region}
993 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
994 apache::ip: {get_input: horizon_network}
995 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
996 horizon::django_debug: {get_input: debug}
997 horizon::secret_key: {get_input: horizon_secret}
998 horizon::bind_address: {get_input: horizon_network}
999 horizon::keystone_url: {get_input: keystone_auth_uri}
1002 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1003 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1005 redis::bind: {get_input: redis_network}
1006 redis_vip: {get_input: redis_vip}
1008 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
1009 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
1011 memcached_ipv6: {get_input: memcached_ipv6}
1012 memcached::listen_ip: {get_input: memcached_network}
1013 timezone::timezone: {get_input: timezone}
1014 control_virtual_interface: {get_input: control_virtual_interface}
1015 public_virtual_interface: {get_input: public_virtual_interface}
1016 tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
1017 tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
1018 tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
1019 tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
1020 tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
1021 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1022 tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
1023 tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
1024 tripleo::haproxy::redis_password: {get_input: redis_password}
1025 tripleo::packages::enable_install: {get_input: enable_package_install}
1026 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1028 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1029 ControllerExtraConfigPre:
1030 depends_on: ControllerDeployment
1031 type: OS::TripleO::ControllerExtraConfigPre
1033 server: {get_resource: Controller}
1035 # Hook for site-specific additional pre-deployment config,
1036 # applying to all nodes, e.g node registration/unregistration
1038 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1039 type: OS::TripleO::NodeExtraConfig
1041 server: {get_resource: Controller}
1044 type: OS::TripleO::Tasks::PackageUpdate
1047 type: OS::Heat::SoftwareDeployment
1049 name: UpdateDeployment
1050 config: {get_resource: UpdateConfig}
1051 server: {get_resource: Controller}
1054 get_param: UpdateIdentifier
1058 description: IP address of the server in the ctlplane network
1059 value: {get_attr: [Controller, networks, ctlplane, 0]}
1060 external_ip_address:
1061 description: IP address of the server in the external network
1062 value: {get_attr: [ExternalPort, ip_address]}
1063 internal_api_ip_address:
1064 description: IP address of the server in the internal_api network
1065 value: {get_attr: [InternalApiPort, ip_address]}
1067 description: IP address of the server in the storage network
1068 value: {get_attr: [StoragePort, ip_address]}
1069 storage_mgmt_ip_address:
1070 description: IP address of the server in the storage_mgmt network
1071 value: {get_attr: [StorageMgmtPort, ip_address]}
1073 description: IP address of the server in the tenant network
1074 value: {get_attr: [TenantPort, ip_address]}
1075 management_ip_address:
1076 description: IP address of the server in the management network
1077 value: {get_attr: [ManagementPort, ip_address]}
1079 description: Hostname of the server
1080 value: {get_attr: [Controller, name]}
1083 Server's IP address and hostname in the /etc/hosts format
1087 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1088 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
1089 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
1090 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
1091 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
1092 TENANTIP TENANTHOST.DOMAIN TENANTHOST
1093 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
1095 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1096 DOMAIN: {get_param: CloudDomain}
1097 PRIMARYHOST: {get_attr: [Controller, name]}
1098 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1102 - - {get_attr: [Controller, name]}
1104 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1108 - - {get_attr: [Controller, name]}
1110 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1114 - - {get_attr: [Controller, name]}
1116 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1120 - - {get_attr: [Controller, name]}
1122 TENANTIP: {get_attr: [TenantPort, ip_address]}
1126 - - {get_attr: [Controller, name]}
1128 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1132 - - {get_attr: [Controller, name]}
1134 nova_server_resource:
1135 description: Heat resource handle for the Nova compute server
1137 {get_resource: Controller}
1139 description: Swift device formatted for swift-ring-builder
1142 template: 'r1z1-IP:%PORT%/d1'
1144 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1145 swift_proxy_memcache:
1146 description: Swift proxy-memcache value
1149 template: "IP:11211"
1151 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1153 description: identifier which changes if the controller configuration may need re-applying
1157 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1158 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1159 - {get_attr: [NodeTLSData, deploy_stdout]}
1160 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1161 - {get_param: UpdateIdentifier}
1162 tls_key_modulus_md5:
1163 description: MD5 checksum of the TLS Key Modulus
1164 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1165 tls_cert_modulus_md5:
1166 description: MD5 checksum of the TLS Certificate Modulus
1167 value: {get_attr: [NodeTLSData, cert_modulus_md5]}