1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
17 CeilometerApiVirtualIP:
22 description: The ceilometer backend type.
24 CeilometerMeteringSecret:
26 description: Secret shared by the ceilometer services.
31 description: The password for the ceilometer service and db account.
37 CinderEnableNfsBackend:
39 description: Whether to enable or not the NFS backend for Cinder
41 CinderEnableIscsiBackend:
43 description: Whether to enable or not the Iscsi backend for Cinder
45 CinderEnableRbdBackend:
47 description: Whether to enable or not the Rbd backend for Cinder
51 description: The iSCSI helper to use with cinder.
53 CinderLVMLoopDeviceSize:
55 description: The size of the loopback file used by the cinder LVM driver.
57 CinderNfsMountOptions:
60 Mount options for NFS mounts used by Cinder NFS backend. Effective
61 when CinderEnableNfsBackend is true.
66 NFS servers used by Cinder NFS backend. Effective when
67 CinderEnableNfsBackend is true.
68 type: comma_delimited_list
71 description: The password for the cinder service and db account, used by cinder-api.
76 description: Contains parameters to configure Cinder backends. Typically
77 set via parameter_defaults in the resource registry.
81 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
83 ControllerExtraConfig:
86 Controller specific hiera configuration data to inject into the cluster.
88 ControlVirtualInterface:
90 description: Interface where virtual ip will be assigned.
94 description: Set to True to enable debugging on all services.
98 description: Whether to enable fencing in Pacemaker or not.
102 description: Whether to use Galera instead of regular MariaDB.
106 description: Whether to deploy Ceph Storage (OSD) on the Controller
110 description: Whether to enable Swift Storage on the Controller
115 Additional hieradata to inject into the cluster, note that
116 ControllerExtraConfig takes precedence over ExtraConfig.
121 Pacemaker fencing configuration. The JSON should have
122 the following structure:
126 "agent": "AGENT_NAME",
127 "host_mac": "HOST_MAC_ADDRESS",
128 "params": {"PARAM_NAME": "PARAM_VALUE"}
136 "agent": "fence_xvm",
137 "host_mac": "52:54:00:aa:bb:cc",
139 "multicast_address": "225.0.0.12",
140 "port": "baremetal_0",
142 "manage_key_file": true,
143 "key_file": "/etc/fence_xvm.key",
144 "key_file_password": "abcdef"
151 description: Flavor for control nodes to request when deploying.
154 - custom_constraint: nova.flavor
155 GlanceNotifierStrategy:
156 description: Strategy to use for Glance notification queue
160 description: The filepath of the file to use for logging messages from Glance.
165 description: The password for the glance service and db account, used by the glance services.
170 description: Glance port.
174 description: Protocol to use when connecting to glance, set to https for SSL.
178 description: The short name of the Glance backend to use. Should be one
179 of swift, rbd, or file
182 - allowed_values: ['swift', 'file', 'rbd']
185 description: The password for the Heat service and db account, used by the Heat services.
188 HeatStackDomainAdminPassword:
189 description: Password for heat_domain_admin user.
193 HeatAuthEncryptionKey:
194 description: Auth encryption key for heat-engine
199 description: A list of IP/Hostname allowed to connect to horizon
200 type: comma_delimited_list
202 description: Secret key for Django
207 default: overcloud-control
209 - custom_constraint: glance.image
211 default: 'REBUILD_PRESERVE_EPHEMERAL'
212 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
216 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
219 - custom_constraint: nova.keypair
220 KeystoneCACertificate:
222 description: Keystone self-signed certificate authority certificate.
224 KeystoneSigningCertificate:
226 description: Keystone certificate for verifying token validity.
230 description: Keystone key for signing tokens.
233 KeystoneSSLCertificate:
235 description: Keystone certificate for verifying token validity.
237 KeystoneSSLCertificateKey:
239 description: Keystone key for signing tokens.
242 KeystoneNotificationDriver:
243 description: Comma-separated list of Oslo notification drivers used by Keystone
244 default: ['messaging']
245 type: comma_delimited_list
246 KeystoneNotificationFormat:
247 description: The Keystone notification format
251 - allowed_values: [ 'basic', 'cadf' ]
252 MysqlClusterUniquePart:
253 description: A unique identifier of the MySQL cluster the controller is in.
255 default: 'unset' # Has to be here because of the ignored empty value bug
256 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
258 # - length: {min: 4, max: 10}
259 MysqlInnodbBufferPoolSize:
261 Specifies the size of the buffer pool in megabytes. Setting to
262 zero should be interpreted as "no value" and will defer to the
267 description: Configures MySQL max_connections config setting
273 default: '' # Has to be here because of the ignored empty value bug
274 NeutronExternalNetworkBridge:
275 description: Name of bridge used for external network traffic.
278 NeutronBridgeMappings:
280 The OVS logical->physical bridge mappings to use. See the Neutron
281 documentation for details. Defaults to mapping br-ex - the external
282 bridge on hosts - to a physical name 'datacentre' which can be used
283 to create provider networks (and we use this for the default floating
284 network) - if changing this either use different post-install network
285 scripts or be sure to keep 'datacentre' as a mapping network name.
287 default: "datacentre:br-ex"
288 NeutronDnsmasqOptions:
289 default: 'dhcp-option-force=26,1400'
290 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
294 description: Agent mode for the neutron-l3-agent on the controller hosts
298 description: Whether to enable l3-agent HA
300 NeutronDhcpAgentsPerNetwork:
303 description: The number of neutron dhcp agents to schedule per network
306 description: Whether to configure Neutron Distributed Virtual Routers
308 NeutronMetadataProxySharedSecret:
310 description: Shared secret to prevent spoofing
316 The core plugin for Neutron. The value should be the entrypoint to be loaded
317 from neutron.core_plugins namespace.
319 NeutronServicePlugins:
322 Comma-separated list of service plugin entrypoints to be loaded from the
323 neutron.service_plugins namespace.
324 type: comma_delimited_list
326 default: "vxlan,vlan,flat,gre"
328 Comma-separated list of network type driver entrypoints to be loaded.
329 type: comma_delimited_list
330 NeutronMechanismDrivers:
331 default: 'openvswitch'
333 The mechanism drivers for the Neutron tenant network. To specify multiple
334 values, use a comma separated string, like so: 'openvswitch,l2_population'
336 NeutronAllowL3AgentFailover:
338 description: Allow automatic l3-agent failover
340 NeutronEnableTunnelling:
345 default: 'datacentre'
346 description: If set, flat networks to configure in neutron plugins.
349 description: Whether to enable l3-agent HA
353 description: The tenant network type for Neutron, either gre or vxlan.
355 NeutronNetworkVLANRanges:
356 default: 'datacentre'
358 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
359 Neutron documentation for permitted values. Defaults to permitting any
360 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
361 type: comma_delimited_list
364 description: The password for the neutron service and db account, used by neutron agents.
367 NeutronPublicInterface:
369 description: What interface to bridge onto br-ex for network nodes.
371 NeutronPublicInterfaceTag:
374 VLAN tag for creating a public VLAN. The tag will be used to
375 create an access port on the exterior bridge for each control plane node,
376 and that port will be given the IP address returned by neutron from the
377 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
378 overcloud.yaml to include the deployment of VLAN ports to the control
381 NeutronPublicInterfaceDefaultRoute:
383 description: A custom default route for the NeutronPublicInterface.
385 NeutronPublicInterfaceIP:
387 description: A custom IP address to put onto the NeutronPublicInterface.
389 NeutronPublicInterfaceRawDevice:
391 description: If set, the public interface is a vlan with this device as the raw device.
396 The tunnel types for the Neutron tenant network. To specify multiple
397 values, use a comma separated string, like so: 'gre,vxlan'
399 NeutronTunnelIdRanges:
401 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
402 of GRE tunnel IDs that are available for tenant network allocation
403 default: ["1:1000", ]
404 type: comma_delimited_list
407 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
408 of VXLAN VNI IDs that are available for tenant network allocation
409 default: ["1:1000", ]
410 type: comma_delimited_list
416 description: The password for the nova service and db account, used by nova-api.
421 description: Should MongoDb journaling be disabled
425 description: Comma-separated list of ntp servers
426 type: comma_delimited_list
429 description: The password for the 'pcsd' user.
431 PublicVirtualInterface:
434 Specifies the interface where the public-facing virtual ip will be assigned.
435 This should be int_public when a VLAN is being used.
437 PublicVirtualIP: # DEPRECATED: use per service settings instead
439 default: '' # Has to be here because of the ignored empty value bug
442 default: '' # Has to be here because of the ignored empty value bug
446 description: The password for RabbitMQ
451 description: The username for RabbitMQ
456 Rabbit client subscriber parameter to specify
457 an SSL connection to the RabbitMQ host.
461 description: Set rabbit subscriber port, change this if using SSL
465 description: Configures RabbitMQ FD limit
469 default: '' # Has to be here because of the ignored empty value bug
470 SnmpdReadonlyUserName:
471 default: ro_snmp_user
472 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
474 SnmpdReadonlyUserPassword:
476 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
481 description: If set, the contents of an SSL certificate authority file.
485 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
490 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
495 description: A random string to be used as a salt when hashing to determine mappings
501 description: Value of mount_check in Swift account/container/object -server.conf
506 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
509 description: Partition Power to use when building Swift rings
513 description: The password for the swift service account, used by the swift proxy
523 description: How many replicas to use in the swift rings.
524 VirtualIP: # DEPRECATED: use per service settings instead
526 default: '' # Has to be here because of the ignored empty value bug
533 GlanceRegistryVirtualIP:
539 KeystoneAdminApiVirtualIP:
542 KeystonePublicApiVirtualIP:
548 EnablePackageInstall:
550 description: Set to true to enable package installation via Puppet
554 description: Mapping of service_name -> network name. Typically set
555 via parameter_defaults in the resource registry.
561 Setting to a previously unused value during stack-update will trigger
562 package update on all nodes
565 default: '' # Defaults to Heat created hostname
570 type: OS::Nova::Server
572 image: {get_param: Image}
573 image_update_policy: {get_param: ImageUpdatePolicy}
574 flavor: {get_param: Flavor}
575 key_name: {get_param: KeyName}
578 user_data_format: SOFTWARE_CONFIG
579 user_data: {get_resource: UserData}
580 name: {get_param: Hostname}
582 # Combine the NodeAdminUserData and NodeUserData mime archives
584 type: OS::Heat::MultipartMime
587 - config: {get_resource: NodeAdminUserData}
589 - config: {get_resource: NodeUserData}
592 # Creates the "heat-admin" user if configured via the environment
593 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
595 type: OS::TripleO::NodeAdminUserData
597 # For optional operator additional userdata
598 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
600 type: OS::TripleO::NodeUserData
603 type: OS::TripleO::Controller::Ports::ExternalPort
605 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
608 type: OS::TripleO::Controller::Ports::InternalApiPort
610 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
613 type: OS::TripleO::Controller::Ports::StoragePort
615 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
618 type: OS::TripleO::Controller::Ports::StorageMgmtPort
620 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
623 type: OS::TripleO::Controller::Ports::TenantPort
625 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
628 type: OS::TripleO::Network::Ports::NetIpMap
630 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
631 ExternalIp: {get_attr: [ExternalPort, ip_address]}
632 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
633 StorageIp: {get_attr: [StoragePort, ip_address]}
634 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
635 TenantIp: {get_attr: [TenantPort, ip_address]}
638 type: OS::TripleO::Network::Ports::NetIpSubnetMap
640 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
641 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
642 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
643 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
644 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
645 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
648 type: OS::TripleO::Controller::Net::SoftwareConfig
650 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
651 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
652 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
653 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
654 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
655 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
658 type: OS::TripleO::SoftwareDeployment
660 config: {get_resource: NetworkConfig}
661 server: {get_resource: Controller}
664 interface_name: {get_param: NeutronPublicInterface}
666 ControllerDeployment:
667 type: OS::TripleO::SoftwareDeployment
668 depends_on: NetworkDeployment
670 config: {get_resource: ControllerConfig}
671 server: {get_resource: Controller}
673 bootstack_nodeid: {get_attr: [Controller, name]}
674 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
675 heat.watch_server_url:
679 - {get_param: HeatApiVirtualIP}
681 heat.metadata_server_url:
685 - {get_param: HeatApiVirtualIP}
687 heat.waitcondition_server_url:
691 - {get_param: HeatApiVirtualIP}
692 - ':8000/v1/waitcondition'
693 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
694 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
695 horizon_secret: {get_param: HorizonSecret}
696 admin_password: {get_param: AdminPassword}
697 admin_token: {get_param: AdminToken}
698 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
699 debug: {get_param: Debug}
700 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
701 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
702 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
705 template: "['SERVERS']"
710 - {get_param: CinderNfsServers}
711 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
712 cinder_password: {get_param: CinderPassword}
713 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
714 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
715 cinder_backend_config: {get_param: CinderBackendConfig}
719 - - 'mysql://cinder:'
720 - {get_param: CinderPassword}
722 - {get_param: MysqlVirtualIP}
724 glance_port: {get_param: GlancePort}
725 glance_password: {get_param: GlancePassword}
726 glance_backend: {get_param: GlanceBackend}
727 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
728 glance_log_file: {get_param: GlanceLogFile}
732 - - 'mysql://glance:'
733 - {get_param: GlancePassword}
735 - {get_param: MysqlVirtualIP}
737 heat_password: {get_param: HeatPassword}
738 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
743 - {get_param: HeatPassword}
745 - {get_param: MysqlVirtualIP}
747 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
748 keystone_ca_certificate: {get_param: KeystoneCACertificate}
749 keystone_signing_key: {get_param: KeystoneSigningKey}
750 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
751 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
752 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
753 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
754 keystone_notification_format: {get_param: KeystoneNotificationFormat}
758 - - 'mysql://keystone:'
759 - {get_param: AdminToken}
761 - {get_param: MysqlVirtualIP}
763 keystone_identity_uri:
767 - {get_param: KeystoneAdminApiVirtualIP}
773 - {get_param: KeystonePublicApiVirtualIP}
779 - {get_param: KeystonePublicApiVirtualIP}
780 - ':5000/v2.0/ec2tokens'
781 enable_fencing: {get_param: EnableFencing}
782 enable_galera: {get_param: EnableGalera}
783 enable_ceph_storage: {get_param: EnableCephStorage}
784 enable_swift_storage: {get_param: EnableSwiftStorage}
785 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
786 mysql_max_connections: {get_param: MysqlMaxConnections}
787 mysql_root_password: {get_param: MysqlRootPassword}
790 template: tripleo-CLUSTER
792 CLUSTER: {get_param: MysqlClusterUniquePart}
793 neutron_flat_networks: {get_param: NeutronFlatNetworks}
794 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
795 neutron_agent_mode: {get_param: NeutronAgentMode}
796 neutron_router_distributed: {get_param: NeutronDVR}
797 neutron_core_plugin: {get_param: NeutronCorePlugin}
798 neutron_service_plugins:
800 template: "['PLUGINS']"
805 - {get_param: NeutronServicePlugins}
806 neutron_type_drivers:
808 template: "['DRIVERS']"
813 - {get_param: NeutronTypeDrivers}
814 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
815 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
816 neutron_l3_ha: {get_param: NeutronL3HA}
817 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
818 neutron_network_vlan_ranges:
820 template: "['RANGES']"
825 - {get_param: NeutronNetworkVLANRanges}
826 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
827 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
828 neutron_public_interface: {get_param: NeutronPublicInterface}
829 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
830 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
831 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
832 neutron_tenant_network_type: {get_param: NeutronNetworkType}
833 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
834 neutron_tunnel_id_ranges:
836 template: "['RANGES']"
841 - {get_param: NeutronTunnelIdRanges}
844 template: "['RANGES']"
849 - {get_param: NeutronVniRanges}
850 neutron_password: {get_param: NeutronPassword}
851 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
855 - - 'mysql://neutron:'
856 - {get_param: NeutronPassword}
858 - {get_param: MysqlVirtualIP}
859 - '/ovs_neutron?charset=utf8'
864 - {get_param: NeutronApiVirtualIP}
866 neutron_admin_auth_url:
870 - {get_param: KeystoneAdminApiVirtualIP}
872 ceilometer_backend: {get_param: CeilometerBackend}
873 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
874 ceilometer_password: {get_param: CeilometerPassword}
875 ceilometer_coordination_url:
879 - {get_param: RedisVirtualIP}
884 - - 'mysql://ceilometer:unset@'
885 - {get_param: MysqlVirtualIP}
887 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
888 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
889 nova_password: {get_param: NovaPassword}
894 - {get_param: NovaPassword}
896 - {get_param: MysqlVirtualIP}
898 fencing_config: {get_param: FencingConfig}
899 pcsd_password: {get_param: PcsdPassword}
900 rabbit_username: {get_param: RabbitUserName}
901 rabbit_password: {get_param: RabbitPassword}
902 rabbit_cookie: {get_param: RabbitCookie}
903 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
904 rabbit_client_port: {get_param: RabbitClientPort}
905 mongodb_no_journal: {get_param: MongoDbNoJournal}
906 # We need to force this into quotes or hiera will return integer causing
907 # the puppet module validation regexp to fail.
908 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
913 LIMIT: {get_param: RabbitFDLimit}
914 ntp_servers: {get_param: NtpServer}
915 control_virtual_interface: {get_param: ControlVirtualInterface}
916 public_virtual_interface: {get_param: PublicVirtualInterface}
917 swift_hash_suffix: {get_param: SwiftHashSuffix}
918 swift_password: {get_param: SwiftPassword}
919 swift_part_power: {get_param: SwiftPartPower}
920 swift_replicas: {get_param: SwiftReplicas}
921 swift_min_part_hours: {get_param: SwiftMinPartHours}
922 swift_mount_check: {get_param: SwiftMountCheck}
923 enable_package_install: {get_param: EnablePackageInstall}
924 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
925 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
926 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
927 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
928 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
929 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
930 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
934 - - {get_param: GlanceProtocol}
936 - {get_param: GlanceApiVirtualIP}
938 - {get_param: GlancePort}
939 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
940 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
941 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
942 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
943 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
944 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
945 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
946 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
947 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
948 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
949 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
950 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
951 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
952 redis_vip: {get_param: RedisVirtualIP}
953 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
954 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
955 mysql_virtual_ip: {get_param: MysqlVirtualIP}
956 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
957 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
958 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
960 # Map heat metadata into hiera datafiles
962 type: OS::Heat::StructuredConfig
964 group: os-apply-config
969 - heat_config_%{::deploy_config_name}
970 - controller_extraconfig
975 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
976 - ceph_cluster # provided by CephClusterConfig
978 - bootstrap_node # provided by BootstrapNodeConfig
979 - all_nodes # provided by allNodesConfig
980 - vip_data # provided by vip-config
983 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
984 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
985 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
986 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
988 controller_extraconfig:
989 mapped_data: {get_param: ControllerExtraConfig}
991 mapped_data: {get_param: ExtraConfig}
993 raw_data: {get_file: hieradata/common.yaml}
995 raw_data: {get_file: hieradata/ceph.yaml}
997 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
998 ceph::profile::params::public_network: {get_input: ceph_public_network}
999 ceph::mon::public_addr: {get_input: ceph_public_ip}
1001 raw_data: {get_file: hieradata/database.yaml}
1003 raw_data: {get_file: hieradata/object.yaml}
1005 raw_data: {get_file: hieradata/controller.yaml}
1006 mapped_data: # data supplied directly to this deployment configuration, etc
1007 bootstack_nodeid: {get_input: bootstack_nodeid}
1010 enable_fencing: {get_input: enable_fencing}
1011 hacluster_pwd: {get_input: pcsd_password}
1012 tripleo::fencing::config: {get_input: fencing_config}
1015 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1016 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1017 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1018 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1019 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1020 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1021 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1022 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1023 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1024 swift_mount_check: {get_input: swift_mount_check}
1026 # NOTE(dprince): build_ring support is currently not wired in.
1027 # See: https://review.openstack.org/#/c/109225/
1028 tripleo::ringbuilder::build_ring: True
1031 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1032 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1033 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1034 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1035 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1036 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1037 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1038 cinder::database_connection: {get_input: cinder_dsn}
1039 cinder::api::keystone_password: {get_input: cinder_password}
1040 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1041 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1042 cinder::api::bind_host: {get_input: cinder_api_network}
1043 cinder::rabbit_userid: {get_input: rabbit_username}
1044 cinder::rabbit_password: {get_input: rabbit_password}
1045 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1046 cinder::rabbit_port: {get_input: rabbit_client_port}
1047 cinder::debug: {get_input: debug}
1048 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1049 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1050 cinder_backend_config: {get_input: CinderBackendConfig}
1051 cinder::db::mysql::password: {get_input: cinder_password}
1054 glance::api::bind_port: {get_input: glance_port}
1055 glance::api::bind_host: {get_input: glance_api_network}
1056 glance::api::auth_uri: {get_input: keystone_auth_uri}
1057 glance::api::identity_uri: {get_input: keystone_identity_uri}
1058 glance::api::registry_host: {get_input: glance_registry_host}
1059 glance::api::keystone_password: {get_input: glance_password}
1060 glance::api::debug: {get_input: debug}
1061 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1062 glance_log_file: {get_input: glance_log_file}
1063 glance_log_file: {get_input: glance_log_file}
1064 glance::api::database_connection: {get_input: glance_dsn}
1065 glance::registry::keystone_password: {get_input: glance_password}
1066 glance::registry::database_connection: {get_input: glance_dsn}
1067 glance::registry::bind_host: {get_input: glance_registry_network}
1068 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1069 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1070 glance::registry::debug: {get_input: debug}
1071 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1072 glance::backend::swift::swift_store_user: service:glance
1073 glance::backend::swift::swift_store_key: {get_input: glance_password}
1074 glance_backend: {get_input: glance_backend}
1075 glance::db::mysql::password: {get_input: glance_password}
1078 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1079 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1080 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1081 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1082 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1083 heat::rabbit_userid: {get_input: rabbit_username}
1084 heat::rabbit_password: {get_input: rabbit_password}
1085 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1086 heat::rabbit_port: {get_input: rabbit_client_port}
1087 heat::auth_uri: {get_input: keystone_auth_uri}
1088 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1089 heat::identity_uri: {get_input: keystone_identity_uri}
1090 heat::keystone_password: {get_input: heat_password}
1091 heat::api::bind_host: {get_input: heat_api_network}
1092 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1093 heat::api_cfn::bind_host: {get_input: heat_api_network}
1094 heat::database_connection: {get_input: heat_dsn}
1095 heat::debug: {get_input: debug}
1096 heat::db::mysql::password: {get_input: heat_password}
1099 keystone::admin_token: {get_input: admin_token}
1100 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1101 keystone_signing_key: {get_input: keystone_signing_key}
1102 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1103 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1104 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1105 keystone::database_connection: {get_input: keystone_dsn}
1106 keystone::public_bind_host: {get_input: keystone_public_api_network}
1107 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1108 keystone::debug: {get_input: debug}
1109 keystone::db::mysql::password: {get_input: admin_token}
1110 keystone::rabbit_userid: {get_input: rabbit_username}
1111 keystone::rabbit_password: {get_input: rabbit_password}
1112 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1113 keystone::rabbit_port: {get_input: rabbit_client_port}
1114 keystone::notification_driver: {get_input: keystone_notification_driver}
1115 keystone::notification_format: {get_input: keystone_notification_format}
1117 mongodb::server::bind_ip: {get_input: mongo_db_network}
1118 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1120 admin_password: {get_input: admin_password}
1121 enable_galera: {get_input: enable_galera}
1122 enable_ceph_storage: {get_input: enable_ceph_storage}
1123 enable_swift_storage: {get_input: enable_swift_storage}
1124 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1125 mysql_max_connections: {get_input: mysql_max_connections}
1126 mysql::server::root_password: {get_input: mysql_root_password}
1127 mysql_cluster_name: {get_input: mysql_cluster_name}
1128 mysql_bind_host: {get_input: mysql_network}
1129 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1132 neutron::bind_host: {get_input: neutron_api_network}
1133 neutron::rabbit_password: {get_input: rabbit_password}
1134 neutron::rabbit_user: {get_input: rabbit_user}
1135 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1136 neutron::rabbit_port: {get_input: rabbit_client_port}
1137 neutron::debug: {get_input: debug}
1138 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1139 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1140 neutron::server::database_connection: {get_input: neutron_dsn}
1141 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1142 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1143 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1144 neutron_flat_networks: {get_input: neutron_flat_networks}
1145 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1146 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1147 neutron_agent_mode: {get_input: neutron_agent_mode}
1148 neutron_router_distributed: {get_input: neutron_router_distributed}
1149 neutron::core_plugin: {get_input: neutron_core_plugin}
1150 neutron::service_plugins: {get_input: neutron_service_plugins}
1151 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1152 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1153 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1154 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1155 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1156 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1157 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1158 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1159 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1160 neutron_public_interface: {get_input: neutron_public_interface}
1161 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1162 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1163 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1164 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1165 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1166 neutron::server::auth_password: {get_input: neutron_password}
1167 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1168 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1169 neutron_dsn: {get_input: neutron_dsn}
1170 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1171 neutron::db::mysql::password: {get_input: neutron_password}
1174 ceilometer_backend: {get_input: ceilometer_backend}
1175 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1176 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1177 ceilometer::rabbit_userid: {get_input: rabbit_username}
1178 ceilometer::rabbit_password: {get_input: rabbit_password}
1179 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1180 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1181 ceilometer::debug: {get_input: debug}
1182 ceilometer::api::host: {get_input: ceilometer_api_network}
1183 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1184 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1185 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1186 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1187 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1188 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1189 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1190 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1191 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1194 nova::rabbit_userid: {get_input: rabbit_username}
1195 nova::rabbit_password: {get_input: rabbit_password}
1196 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1197 nova::rabbit_port: {get_input: rabbit_client_port}
1198 nova::debug: {get_input: debug}
1199 nova::api::auth_uri: {get_input: keystone_auth_uri}
1200 nova::api::identity_uri: {get_input: keystone_identity_uri}
1201 nova::api::api_bind_address: {get_input: nova_api_network}
1202 nova::api::metadata_listen: {get_input: nova_metadata_network}
1203 nova::api::admin_password: {get_input: nova_password}
1204 nova::database_connection: {get_input: nova_dsn}
1205 nova::glance_api_servers: {get_input: glance_api_servers}
1206 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1207 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1208 nova::network::neutron::neutron_url: {get_input: neutron_url}
1209 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1210 nova::vncproxy::host: {get_input: nova_api_network}
1211 nova::db::mysql::password: {get_input: nova_password}
1214 apache::ip: {get_input: horizon_network}
1215 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1216 horizon::django_debug: {get_input: debug}
1217 horizon::secret_key: {get_input: horizon_secret}
1218 horizon::bind_address: {get_input: horizon_network}
1219 horizon::keystone_url: {get_input: keystone_auth_uri}
1222 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1223 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1224 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1226 redis::bind: {get_input: redis_network}
1227 redis_vip: {get_input: redis_vip}
1229 memcached::listen_ip: {get_input: memcached_network}
1230 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1231 ntp::servers: {get_input: ntp_servers}
1232 control_virtual_interface: {get_input: control_virtual_interface}
1233 public_virtual_interface: {get_input: public_virtual_interface}
1234 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1235 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1236 tripleo::packages::enable_install: {get_input: enable_package_install}
1237 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1239 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1240 ControllerExtraConfigPre:
1241 depends_on: ControllerDeployment
1242 type: OS::TripleO::ControllerExtraConfigPre
1244 server: {get_resource: Controller}
1246 # Hook for site-specific additional pre-deployment config,
1247 # applying to all nodes, e.g node registration/unregistration
1249 depends_on: ControllerExtraConfigPre
1250 type: OS::TripleO::NodeExtraConfig
1252 server: {get_resource: Controller}
1255 type: OS::TripleO::Tasks::PackageUpdate
1258 type: OS::Heat::SoftwareDeployment
1260 config: {get_resource: UpdateConfig}
1261 server: {get_resource: Controller}
1264 get_param: UpdateIdentifier
1268 description: IP address of the server in the ctlplane network
1269 value: {get_attr: [Controller, networks, ctlplane, 0]}
1270 external_ip_address:
1271 description: IP address of the server in the external network
1272 value: {get_attr: [ExternalPort, ip_address]}
1273 internal_api_ip_address:
1274 description: IP address of the server in the internal_api network
1275 value: {get_attr: [InternalApiPort, ip_address]}
1277 description: IP address of the server in the storage network
1278 value: {get_attr: [StoragePort, ip_address]}
1279 storage_mgmt_ip_address:
1280 description: IP address of the server in the storage_mgmt network
1281 value: {get_attr: [StorageMgmtPort, ip_address]}
1283 description: IP address of the server in the tenant network
1284 value: {get_attr: [TenantPort, ip_address]}
1286 description: Hostname of the server
1287 value: {get_attr: [Controller, name]}
1290 Node object in the format {ip: ..., name: ...} format that the corosync
1293 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1294 name: {get_attr: [Controller, name]}
1297 Server's IP address and hostname in the /etc/hosts format
1300 template: IP HOST.localdomain HOST CLOUDNAME
1302 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1303 HOST: {get_attr: [Controller, name]}
1304 CLOUDNAME: {get_param: CloudName}
1305 nova_server_resource:
1306 description: Heat resource handle for the Nova compute server
1308 {get_resource: Controller}
1310 description: Swift device formatted for swift-ring-builder
1313 template: 'r1z1-IP:%PORT%/d1'
1315 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1316 swift_proxy_memcache:
1317 description: Swift proxy-memcache value
1320 template: "IP:11211"
1322 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1324 description: identifier which changes if the controller configuration may need re-applying
1328 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1329 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1330 - {get_param: UpdateIdentifier}
Code Review / apex-tripleo-heat-templates.git / blob