1 heat_template_version: 2016-04-08
4 OpenStack controller node configured by Puppet.
8 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
15 description: The password for the aodh services.
18 #TODO(composable Redis): Remove the Redis password param
19 #As is used by ceilometer
20 CeilometerApiVirtualIP:
25 description: The ceilometer backend type.
27 CeilometerMeteringSecret:
28 description: Secret shared by the ceilometer services.
32 description: The password for the ceilometer service and db account.
35 CeilometerStoreEvents:
37 description: Whether to store events in ceilometer.
39 CeilometerMeterDispatcher:
41 description: Dispatcher to process meter data
44 - allowed_values: ['gnocchi', 'database']
50 description: Number of workers for Ceilometer service.
52 controllerExtraConfig:
55 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
57 ControllerExtraConfig:
60 Controller specific hiera configuration data to inject into the cluster.
65 A network mapped list of IPs to assign to Controllers in the following form:
67 "internal_api": ["a.b.c.d", "e.f.g.h"],
71 ControlVirtualInterface:
73 description: Interface where virtual ip will be assigned.
77 description: Enable IPv6 in Corosync
81 description: Set to True to enable debugging on all services.
85 description: Whether to enable fencing in Pacemaker or not.
89 description: Whether to use Galera instead of regular MariaDB.
93 description: Whether to deploy a LoadBalancer on the Controller
97 description: Whether to deploy Ceph Storage (OSD) on the Controller
101 description: Whether to enable Swift Storage on the Controller
106 Additional hieradata to inject into the cluster, note that
107 ControllerExtraConfig takes precedence over ExtraConfig.
112 Pacemaker fencing configuration. The JSON should have
113 the following structure:
117 "agent": "AGENT_NAME",
118 "host_mac": "HOST_MAC_ADDRESS",
119 "params": {"PARAM_NAME": "PARAM_VALUE"}
127 "agent": "fence_xvm",
128 "host_mac": "52:54:00:aa:bb:cc",
130 "multicast_address": "225.0.0.12",
131 "port": "baremetal_0",
133 "manage_key_file": true,
134 "key_file": "/etc/fence_xvm.key",
135 "key_file_password": "abcdef"
142 description: Flavor for control nodes to request when deploying.
145 - custom_constraint: nova.flavor
148 description: The short name of the Gnocchi backend to use. Should be one
149 of swift, rbd, or file
152 - allowed_values: ['swift', 'file', 'rbd']
153 GnocchiIndexerBackend:
155 description: The short name of the Gnocchi indexer backend to use.
161 description: The password for the gnocchi service and db account.
164 HAProxyStatsPassword:
165 description: Password for HAProxy stats endpoint
168 description: User for HAProxy stats endpoint
171 HAProxySyslogAddress:
173 description: Syslog address where HAproxy will send its log
175 HeatAuthEncryptionKey:
176 description: Auth encryption key for heat-engine
181 description: A list of IP/Hostname allowed to connect to horizon
182 type: comma_delimited_list
184 description: Secret key for Django
189 default: overcloud-control
191 - custom_constraint: glance.image
193 default: 'REBUILD_PRESERVE_EPHEMERAL'
194 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
196 InstanceNameTemplate:
197 default: 'instance-%08x'
198 description: Template string to be used to generate instance names
202 description: Name of an existing Nova key pair to enable SSH access to the instances
205 - custom_constraint: nova.keypair
209 description: Keystone region for endpoint
212 description: Whether to manage IPtables rules.
216 description: Enable IPv6 features in Memcached.
220 description: Whether IPtables rules should be purged before setting up the new ones.
225 MysqlClusterUniquePart:
226 description: A unique identifier of the MySQL cluster the controller is in.
228 default: 'unset' # Has to be here because of the ignored empty value bug
229 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
231 # - length: {min: 4, max: 10}
232 MysqlInnodbBufferPoolSize:
234 Specifies the size of the buffer pool in megabytes. Setting to
235 zero should be interpreted as "no value" and will defer to the
240 description: Configures MySQL max_connections config setting
243 MysqlClustercheckPassword:
249 default: '' # Has to be here because of the ignored empty value bug
250 NeutronMetadataProxySharedSecret:
251 description: Shared secret to prevent spoofing
255 description: The password for the neutron service and db account, used by neutron agents.
258 NeutronPublicInterface:
260 description: What interface to bridge onto br-ex for network nodes.
264 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
265 be at least 50 bytes smaller than the MTU on the physical network. This
266 value will be used to set the MTU on the virtual Ethernet device.
267 This number is related to the value of NeutronDnsmasqOptions, since that
268 will determine the MTU that is assigned to the VM host through DHCP.
277 Whether to create cron job for purging soft deleted rows in Nova database.
281 description: Enable IPv6 features in Nova
284 description: The password for the nova service and db account, used by nova-api.
289 description: Number of workers for Nova service.
293 description: Should MongoDb journaling be disabled
297 description: Enable IPv6 if Mongo DB VIP is IPv6
301 description: Comma-separated list of ntp servers
302 type: comma_delimited_list
305 description: The password for the 'pcsd' user.
307 PublicVirtualInterface:
310 Specifies the interface where the public-facing virtual ip will be assigned.
311 This should be int_public when a VLAN is being used.
315 default: '' # Has to be here because of the ignored empty value bug
318 default: '' # Has to be here because of the ignored empty value bug
321 description: The password for RabbitMQ
326 description: The username for RabbitMQ
331 Rabbit client subscriber parameter to specify
332 an SSL connection to the RabbitMQ host.
336 description: Set rabbit subscriber port, change this if using SSL
339 description: The password for Redis
344 default: '' # Has to be here because of the ignored empty value bug
347 default: '' # Has to be here because of the ignored empty value bug
348 description: An IP address which is wrapped in brackets in case of IPv6
349 SnmpdReadonlyUserName:
350 default: ro_snmp_user
351 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
353 SnmpdReadonlyUserPassword:
354 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
358 description: A random string to be used as a salt when hashing to determine mappings
364 description: Value of mount_check in Swift account/container/object -server.conf
369 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
372 description: Partition Power to use when building Swift rings
376 description: Whether to manage Swift rings or not
384 description: How many replicas to use in the swift rings.
387 description: The timezone to be set on controller nodes.
389 UpgradeLevelNovaCompute:
391 description: Nova Compute upgrade level
393 VirtualIP: # DEPRECATED: use per service settings instead
395 default: '' # Has to be here because of the ignored empty value bug
408 EnablePackageInstall:
410 description: Set to true to enable package installation via Puppet
414 description: Mapping of service_name -> network name. Typically set
415 via parameter_defaults in the resource registry.
419 description: Mapping of service endpoint -> protocol. Typically set
420 via parameter_defaults in the resource registry.
426 Setting to a previously unused value during stack-update will trigger
427 package update on all nodes
430 default: '' # Defaults to Heat created hostname
434 description: Optional mapping to override hostnames
435 NetworkDeploymentActions:
436 type: comma_delimited_list
438 Heat action when to apply network configuration changes
443 SoftwareConfigTransport:
444 default: POLL_SERVER_CFN
446 How the server should receive the metadata required for software configuration.
449 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
454 The DNS domain used for the hosts. This should match the dhcp_domain
455 configured in the Undercloud neutron. Defaults to localdomain.
459 Extra properties or metadata passed to Nova for the created nodes in
460 the overcloud. It's accessible via the Nova metadata API.
464 description: Optional scheduler hints to pass to nova
466 ServiceConfigSettings:
472 description: Do not use deprecated params, they will be removed.
474 - controllerExtraConfig
479 type: OS::Nova::Server
481 image: {get_param: Image}
482 image_update_policy: {get_param: ImageUpdatePolicy}
483 flavor: {get_param: Flavor}
484 key_name: {get_param: KeyName}
487 user_data_format: SOFTWARE_CONFIG
488 user_data: {get_resource: UserData}
491 template: {get_param: Hostname}
492 params: {get_param: HostnameMap}
493 software_config_transport: {get_param: SoftwareConfigTransport}
494 metadata: {get_param: ServerMetadata}
495 scheduler_hints: {get_param: SchedulerHints}
497 # Combine the NodeAdminUserData and NodeUserData mime archives
499 type: OS::Heat::MultipartMime
502 - config: {get_resource: NodeAdminUserData}
504 - config: {get_resource: NodeUserData}
507 # Creates the "heat-admin" user if configured via the environment
508 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
510 type: OS::TripleO::NodeAdminUserData
512 # For optional operator additional userdata
513 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
515 type: OS::TripleO::NodeUserData
518 type: OS::TripleO::Controller::Ports::ExternalPort
520 IPPool: {get_param: ControllerIPs}
521 NodeIndex: {get_param: NodeIndex}
522 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
525 type: OS::TripleO::Controller::Ports::InternalApiPort
527 IPPool: {get_param: ControllerIPs}
528 NodeIndex: {get_param: NodeIndex}
529 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
532 type: OS::TripleO::Controller::Ports::StoragePort
534 IPPool: {get_param: ControllerIPs}
535 NodeIndex: {get_param: NodeIndex}
536 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
539 type: OS::TripleO::Controller::Ports::StorageMgmtPort
541 IPPool: {get_param: ControllerIPs}
542 NodeIndex: {get_param: NodeIndex}
543 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
546 type: OS::TripleO::Controller::Ports::TenantPort
548 IPPool: {get_param: ControllerIPs}
549 NodeIndex: {get_param: NodeIndex}
550 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
553 type: OS::TripleO::Controller::Ports::ManagementPort
555 IPPool: {get_param: ControllerIPs}
556 NodeIndex: {get_param: NodeIndex}
557 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
560 type: OS::TripleO::Network::Ports::NetIpMap
562 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
563 ExternalIp: {get_attr: [ExternalPort, ip_address]}
564 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
565 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
566 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
567 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
568 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
569 StorageIp: {get_attr: [StoragePort, ip_address]}
570 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
571 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
572 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
573 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
574 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
575 TenantIp: {get_attr: [TenantPort, ip_address]}
576 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
577 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
578 ManagementIp: {get_attr: [ManagementPort, ip_address]}
579 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
580 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
583 type: OS::TripleO::Controller::Net::SoftwareConfig
585 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
586 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
587 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
588 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
589 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
590 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
591 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
594 type: OS::TripleO::SoftwareDeployment
596 name: NetworkDeployment
597 config: {get_resource: NetworkConfig}
598 server: {get_resource: Controller}
599 actions: {get_param: NetworkDeploymentActions}
602 interface_name: {get_param: NeutronPublicInterface}
604 # Resource for site-specific injection of root certificate
606 depends_on: NetworkDeployment
607 type: OS::TripleO::NodeTLSCAData
609 server: {get_resource: Controller}
611 # Resource for site-specific passing of private keys/certificates
613 depends_on: NodeTLSCAData
614 type: OS::TripleO::NodeTLSData
616 server: {get_resource: Controller}
617 NodeIndex: {get_param: NodeIndex}
620 ControllerDeployment:
621 type: OS::TripleO::SoftwareDeployment
622 depends_on: NetworkDeployment
624 name: ControllerDeployment
625 config: {get_resource: ControllerConfig}
626 server: {get_resource: Controller}
628 bootstack_nodeid: {get_attr: [Controller, name]}
629 ceilometer_workers: {get_param: CeilometerWorkers}
630 nova_workers: {get_param: NovaWorkers}
631 haproxy_log_address: {get_param: HAProxySyslogAddress}
632 haproxy_stats_password: {get_param: HAProxyStatsPassword}
633 haproxy_stats_user: {get_param: HAProxyStatsUser}
634 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
635 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
636 horizon_secret: {get_param: HorizonSecret}
637 admin_password: {get_param: AdminPassword}
638 debug: {get_param: Debug}
639 cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
640 cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
641 cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
642 cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
643 cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
644 cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
645 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
646 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
647 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
648 enable_fencing: {get_param: EnableFencing}
649 enable_galera: {get_param: EnableGalera}
650 enable_load_balancer: {get_param: EnableLoadBalancer}
651 enable_ceph_storage: {get_param: EnableCephStorage}
652 enable_swift_storage: {get_param: EnableSwiftStorage}
653 manage_firewall: {get_param: ManageFirewall}
654 purge_firewall_rules: {get_param: PurgeFirewallRules}
655 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
656 mysql_max_connections: {get_param: MysqlMaxConnections}
657 mysql_root_password: {get_param: MysqlRootPassword}
658 mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
661 template: tripleo-CLUSTER
663 CLUSTER: {get_param: MysqlClusterUniquePart}
664 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
665 neutron_password: {get_param: NeutronPassword}
666 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
667 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
668 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
669 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
670 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
671 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
672 ceilometer_backend: {get_param: CeilometerBackend}
673 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
674 ceilometer_password: {get_param: CeilometerPassword}
675 ceilometer_store_events: {get_param: CeilometerStoreEvents}
676 aodh_password: {get_param: AodhPassword}
677 aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
678 aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
679 aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
680 ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
681 gnocchi_password: {get_param: GnocchiPassword}
682 gnocchi_backend: {get_param: GnocchiBackend}
683 gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
684 ceilometer_coordination_url:
688 - {get_param: RedisPassword}
690 - {get_param: RedisVirtualIPUri}
695 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
697 - {get_param: CeilometerPassword}
699 - {get_param: [EndpointMap, MysqlInternal, host]}
704 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
706 - {get_param: GnocchiPassword}
708 - {get_param: [EndpointMap, MysqlInternal, host]}
710 gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
711 gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
712 gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
713 ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
714 ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
715 ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
716 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
717 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
718 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
719 nova_ipv6: {get_param: NovaIPv6}
720 corosync_ipv6: {get_param: CorosyncIPv6}
721 memcached_ipv6: {get_param: MemcachedIPv6}
722 nova_password: {get_param: NovaPassword}
726 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
728 - {get_param: NovaPassword}
730 - {get_param: [EndpointMap, MysqlInternal, host]}
735 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
737 - {get_param: NovaPassword}
739 - {get_param: [EndpointMap, MysqlInternal, host]}
741 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
742 instance_name_template: {get_param: InstanceNameTemplate}
743 nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
744 nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
745 nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
746 fencing_config: {get_param: FencingConfig}
747 pcsd_password: {get_param: PcsdPassword}
748 rabbit_username: {get_param: RabbitUserName}
749 rabbit_password: {get_param: RabbitPassword}
750 rabbit_cookie: {get_param: RabbitCookie}
751 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
752 rabbit_client_port: {get_param: RabbitClientPort}
753 mongodb_no_journal: {get_param: MongoDbNoJournal}
754 mongodb_ipv6: {get_param: MongoDbIPv6}
755 ntp_servers: {get_param: NtpServer}
756 timezone: {get_param: TimeZone}
757 control_virtual_interface: {get_param: ControlVirtualInterface}
758 public_virtual_interface: {get_param: PublicVirtualInterface}
759 swift_hash_suffix: {get_param: SwiftHashSuffix}
760 swift_part_power: {get_param: SwiftPartPower}
761 swift_ring_build: {get_param: SwiftRingBuild}
762 swift_replicas: {get_param: SwiftReplicas}
763 swift_min_part_hours: {get_param: SwiftMinPartHours}
764 swift_mount_check: {get_param: SwiftMountCheck}
765 enable_package_install: {get_param: EnablePackageInstall}
766 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
767 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
768 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
769 cinder_iscsi_network:
773 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
774 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
775 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
776 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
777 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
778 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
779 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
780 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
781 keystone_region: {get_param: KeystoneRegion}
782 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
783 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
784 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
785 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
786 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
787 gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
788 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
789 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
790 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
793 template: "['SUBNET']"
795 SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
796 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
797 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
798 redis_vip: {get_param: RedisVirtualIP}
799 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
800 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
801 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
802 mysql_virtual_ip: {get_param: MysqlVirtualIP}
803 ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
804 ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
805 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
807 # Map heat metadata into hiera datafiles
809 type: OS::Heat::StructuredConfig
811 group: os-apply-config
816 - heat_config_%{::deploy_config_name}
817 - controller_extraconfig
823 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
824 - ceph_cluster # provided by CephClusterConfig
826 - bootstrap_node # provided by BootstrapNodeConfig
827 - all_nodes # provided by allNodesConfig
828 - vip_data # provided by vip-config
832 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
833 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
834 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
835 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
836 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
837 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
838 - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
839 - midonet_data #Optionally provided by AllNodesExtraConfig
840 - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
841 - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre
842 merge_behavior: deeper
845 mapped_data: {get_param: ServiceConfigSettings}
846 controller_extraconfig:
849 - {get_param: controllerExtraConfig}
850 - {get_param: ControllerExtraConfig}
852 mapped_data: {get_param: ExtraConfig}
854 raw_data: {get_file: hieradata/common.yaml}
857 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
858 net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
859 net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
861 raw_data: {get_file: hieradata/ceph.yaml}
863 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
864 ceph::profile::params::public_network: {get_input: ceph_public_network}
865 ceph::profile::params::public_addr: {get_input: ceph_public_ip}
867 raw_data: {get_file: hieradata/database.yaml}
869 raw_data: {get_file: hieradata/object.yaml}
871 raw_data: {get_file: hieradata/controller.yaml}
872 mapped_data: # data supplied directly to this deployment configuration, etc
873 bootstack_nodeid: {get_input: bootstack_nodeid}
876 enable_fencing: {get_input: enable_fencing}
877 enable_load_balancer: {get_input: enable_load_balancer}
878 hacluster_pwd: {get_input: pcsd_password}
879 corosync_ipv6: {get_input: corosync_ipv6}
880 tripleo::fencing::config: {get_input: fencing_config}
883 # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
884 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
885 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
886 swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
887 tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
888 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
889 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
890 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
891 swift_mount_check: {get_input: swift_mount_check}
894 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
895 cinder::api::bind_host: {get_input: cinder_api_network}
896 cinder::keystone::auth::public_url: {get_input: cinder_public_url }
897 cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
898 cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
899 cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
900 cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
901 cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
902 cinder::keystone::auth::password: {get_input: cinder_password }
903 cinder::keystone::auth::region: {get_input: keystone_region}
906 glance::api::bind_host: {get_input: glance_api_network}
907 glance::registry::bind_host: {get_input: glance_registry_network}
908 glance::keystone::auth::region: {get_input: keystone_region}
911 heat::api::bind_host: {get_input: heat_api_network}
912 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
913 heat::api_cfn::bind_host: {get_input: heat_api_network}
914 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
917 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
918 keystone::public_bind_host: {get_input: keystone_public_api_network}
919 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
920 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
922 mongodb::server::bind_ip: {get_input: mongo_db_network}
923 mongodb::server::nojournal: {get_input: mongodb_no_journal}
924 mongodb::server::ipv6: {get_input: mongodb_ipv6}
926 admin_password: {get_input: admin_password}
927 enable_galera: {get_input: enable_galera}
928 enable_ceph_storage: {get_input: enable_ceph_storage}
929 enable_swift_storage: {get_input: enable_swift_storage}
930 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
931 mysql_max_connections: {get_input: mysql_max_connections}
932 mysql::server::root_password: {get_input: mysql_root_password}
933 mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
934 mysql_cluster_name: {get_input: mysql_cluster_name}
935 mysql_bind_host: {get_input: mysql_network}
936 mysql_virtual_ip: {get_input: mysql_virtual_ip}
939 neutron::bind_host: {get_input: neutron_api_network}
940 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
941 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
942 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
943 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
944 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
945 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
946 neutron::keystone::auth::password: {get_input: neutron_password }
947 neutron::keystone::auth::region: {get_input: keystone_region}
950 ceilometer_backend: {get_input: ceilometer_backend}
951 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
952 ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
953 ceilometer::rabbit_userid: {get_input: rabbit_username}
954 ceilometer::rabbit_password: {get_input: rabbit_password}
955 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
956 ceilometer::rabbit_port: {get_input: rabbit_client_port}
957 ceilometer::debug: {get_input: debug}
958 ceilometer::api::host: {get_input: ceilometer_api_network}
959 ceilometer::api::keystone_password: {get_input: ceilometer_password}
960 ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
961 ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
962 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
963 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
964 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
965 ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
966 ceilometer::db::mysql::password: {get_input: ceilometer_password}
967 ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
968 ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
969 ceilometer::dispatcher::gnocchi::filter_project: 'service'
970 ceilometer::dispatcher::gnocchi::archive_policy: 'low'
971 ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
972 ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
973 ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
974 ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
975 ceilometer::keystone::auth::password: {get_input: ceilometer_password }
976 ceilometer::keystone::auth::region: {get_input: keystone_region}
977 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
978 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
981 aodh::rabbit_userid: {get_input: rabbit_username}
982 aodh::rabbit_password: {get_input: rabbit_password}
983 aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
984 aodh::rabbit_port: {get_input: rabbit_client_port}
985 aodh::debug: {get_input: debug}
986 aodh::wsgi::apache::ssl: false
987 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
988 aodh::api::service_name: 'httpd'
989 aodh::api::host: {get_input: aodh_api_network}
990 aodh::api::keystone_password: {get_input: aodh_password}
991 aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
992 aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
993 aodh::auth::auth_password: {get_input: aodh_password}
994 aodh::db::mysql::password: {get_input: aodh_password}
995 # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
996 aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
997 aodh::keystone::auth::public_url: {get_input: aodh_public_url }
998 aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
999 aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
1000 aodh::keystone::auth::password: {get_input: aodh_password }
1001 aodh::keystone::auth::region: {get_input: keystone_region}
1004 gnocchi_backend: {get_input: gnocchi_backend}
1005 gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
1006 gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
1007 gnocchi::debug: {get_input: debug}
1008 gnocchi::wsgi::apache::ssl: false
1009 gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
1010 gnocchi::api::service_name: 'httpd'
1011 gnocchi::api::host: {get_input: gnocchi_api_network}
1012 gnocchi::api::keystone_password: {get_input: gnocchi_password}
1013 gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1014 gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1015 gnocchi::db::mysql::password: {get_input: gnocchi_password}
1016 gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
1017 gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
1018 gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
1019 gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
1020 gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
1021 gnocchi::keystone::auth::password: {get_input: gnocchi_password }
1022 gnocchi::keystone::auth::region: {get_input: keystone_region}
1025 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
1026 nova::use_ipv6: {get_input: nova_ipv6}
1027 nova::api::auth_uri: {get_input: keystone_auth_uri}
1028 nova::api::identity_uri: {get_input: keystone_identity_uri}
1029 nova::api::api_bind_address: {get_input: nova_api_network}
1030 nova::api::metadata_listen: {get_input: nova_metadata_network}
1031 nova::api::admin_password: {get_input: nova_password}
1032 nova::api::osapi_compute_workers: {get_input: nova_workers}
1033 nova::api::metadata_workers: {get_input: nova_workers}
1034 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
1035 nova::database_connection: {get_input: nova_dsn}
1036 nova::api_database_connection: {get_input: nova_api_dsn}
1037 nova::glance_api_servers: {get_input: glance_api_servers}
1038 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1039 nova::api::instance_name_template: {get_input: instance_name_template}
1040 nova::network::neutron::neutron_password: {get_input: neutron_password}
1041 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
1042 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
1043 nova::vncproxy::host: {get_input: nova_api_network}
1044 nova::db::mysql::password: {get_input: nova_password}
1045 nova::db::mysql_api::password: {get_input: nova_password}
1046 nova_enable_db_purge: {get_input: nova_enable_db_purge}
1047 nova::keystone::auth::public_url: {get_input: nova_public_url}
1048 nova::keystone::auth::internal_url: {get_input: nova_internal_url}
1049 nova::keystone::auth::admin_url: {get_input: nova_admin_url}
1050 nova::keystone::auth::password: {get_input: nova_password }
1051 nova::keystone::auth::region: {get_input: keystone_region}
1054 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
1055 apache::ip: {get_input: horizon_network}
1056 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1057 horizon::django_debug: {get_input: debug}
1058 horizon::secret_key: {get_input: horizon_secret}
1059 horizon::bind_address: {get_input: horizon_network}
1060 horizon::keystone_url: {get_input: keystone_auth_uri}
1063 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1064 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1066 redis::bind: {get_input: redis_network}
1067 redis_vip: {get_input: redis_vip}
1069 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
1070 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
1072 memcached_ipv6: {get_input: memcached_ipv6}
1073 memcached::listen_ip: {get_input: memcached_network}
1074 ntp::servers: {get_input: ntp_servers}
1075 timezone::timezone: {get_input: timezone}
1076 control_virtual_interface: {get_input: control_virtual_interface}
1077 public_virtual_interface: {get_input: public_virtual_interface}
1078 tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
1079 tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
1080 tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
1081 tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
1082 tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
1083 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1084 tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
1085 tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
1086 tripleo::haproxy::redis_password: {get_input: redis_password}
1087 tripleo::packages::enable_install: {get_input: enable_package_install}
1088 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1090 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1091 ControllerExtraConfigPre:
1092 depends_on: ControllerDeployment
1093 type: OS::TripleO::ControllerExtraConfigPre
1095 server: {get_resource: Controller}
1097 # Hook for site-specific additional pre-deployment config,
1098 # applying to all nodes, e.g node registration/unregistration
1100 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1101 type: OS::TripleO::NodeExtraConfig
1103 server: {get_resource: Controller}
1106 type: OS::TripleO::Tasks::PackageUpdate
1109 type: OS::Heat::SoftwareDeployment
1111 name: UpdateDeployment
1112 config: {get_resource: UpdateConfig}
1113 server: {get_resource: Controller}
1116 get_param: UpdateIdentifier
1120 description: IP address of the server in the ctlplane network
1121 value: {get_attr: [Controller, networks, ctlplane, 0]}
1122 external_ip_address:
1123 description: IP address of the server in the external network
1124 value: {get_attr: [ExternalPort, ip_address]}
1125 internal_api_ip_address:
1126 description: IP address of the server in the internal_api network
1127 value: {get_attr: [InternalApiPort, ip_address]}
1129 description: IP address of the server in the storage network
1130 value: {get_attr: [StoragePort, ip_address]}
1131 storage_mgmt_ip_address:
1132 description: IP address of the server in the storage_mgmt network
1133 value: {get_attr: [StorageMgmtPort, ip_address]}
1135 description: IP address of the server in the tenant network
1136 value: {get_attr: [TenantPort, ip_address]}
1137 management_ip_address:
1138 description: IP address of the server in the management network
1139 value: {get_attr: [ManagementPort, ip_address]}
1141 description: Hostname of the server
1142 value: {get_attr: [Controller, name]}
1145 Server's IP address and hostname in the /etc/hosts format
1149 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1150 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
1151 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
1152 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
1153 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
1154 TENANTIP TENANTHOST.DOMAIN TENANTHOST
1155 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
1157 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1158 DOMAIN: {get_param: CloudDomain}
1159 PRIMARYHOST: {get_attr: [Controller, name]}
1160 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1164 - - {get_attr: [Controller, name]}
1166 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1170 - - {get_attr: [Controller, name]}
1172 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1176 - - {get_attr: [Controller, name]}
1178 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1182 - - {get_attr: [Controller, name]}
1184 TENANTIP: {get_attr: [TenantPort, ip_address]}
1188 - - {get_attr: [Controller, name]}
1190 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1194 - - {get_attr: [Controller, name]}
1196 nova_server_resource:
1197 description: Heat resource handle for the Nova compute server
1199 {get_resource: Controller}
1201 description: Swift device formatted for swift-ring-builder
1204 template: 'r1z1-IP:%PORT%/d1'
1206 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1207 swift_proxy_memcache:
1208 description: Swift proxy-memcache value
1211 template: "IP:11211"
1213 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1215 description: identifier which changes if the controller configuration may need re-applying
1219 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1220 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1221 - {get_attr: [NodeTLSData, deploy_stdout]}
1222 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1223 - {get_param: UpdateIdentifier}
1224 tls_key_modulus_md5:
1225 description: MD5 checksum of the TLS Key Modulus
1226 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1227 tls_cert_modulus_md5:
1228 description: MD5 checksum of the TLS Certificate Modulus
1229 value: {get_attr: [NodeTLSData, cert_modulus_md5]}