1 heat_template_version: 2016-04-08
4 OpenStack controller node configured by Puppet.
8 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The password for the aodh services.
15 #TODO(composable Redis): Remove the Redis password param
16 #As is used by ceilometer
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
22 description: Secret shared by the ceilometer services.
26 description: The password for the ceilometer service and db account.
29 CeilometerStoreEvents:
31 description: Whether to store events in ceilometer.
33 CeilometerMeterDispatcher:
35 description: Dispatcher to process meter data
38 - allowed_values: ['gnocchi', 'database']
41 description: Number of workers for Ceilometer service.
43 controllerExtraConfig:
46 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
48 ControllerExtraConfig:
51 Controller specific hiera configuration data to inject into the cluster.
56 A network mapped list of IPs to assign to Controllers in the following form:
58 "internal_api": ["a.b.c.d", "e.f.g.h"],
62 ControlVirtualInterface:
64 description: Interface where virtual ip will be assigned.
68 description: Enable IPv6 in Corosync
72 description: Set to True to enable debugging on all services.
76 description: Whether to enable fencing in Pacemaker or not.
80 description: Whether to use Galera instead of regular MariaDB.
84 description: Whether to deploy a LoadBalancer on the Controller
89 Additional hieradata to inject into the cluster, note that
90 ControllerExtraConfig takes precedence over ExtraConfig.
95 Pacemaker fencing configuration. The JSON should have
96 the following structure:
100 "agent": "AGENT_NAME",
101 "host_mac": "HOST_MAC_ADDRESS",
102 "params": {"PARAM_NAME": "PARAM_VALUE"}
110 "agent": "fence_xvm",
111 "host_mac": "52:54:00:aa:bb:cc",
113 "multicast_address": "225.0.0.12",
114 "port": "baremetal_0",
116 "manage_key_file": true,
117 "key_file": "/etc/fence_xvm.key",
118 "key_file_password": "abcdef"
125 description: Flavor for control nodes to request when deploying.
128 - custom_constraint: nova.flavor
131 description: The short name of the Gnocchi backend to use. Should be one
132 of swift, rbd, or file
135 - allowed_values: ['swift', 'file', 'rbd']
136 GnocchiIndexerBackend:
138 description: The short name of the Gnocchi indexer backend to use.
141 description: The password for the gnocchi service and db account.
144 HAProxyStatsPassword:
145 description: Password for HAProxy stats endpoint
148 description: User for HAProxy stats endpoint
151 HAProxySyslogAddress:
153 description: Syslog address where HAproxy will send its log
155 HeatAuthEncryptionKey:
156 description: Auth encryption key for heat-engine
161 description: A list of IP/Hostname allowed to connect to horizon
162 type: comma_delimited_list
164 description: Secret key for Django
169 default: overcloud-control
171 - custom_constraint: glance.image
173 default: 'REBUILD_PRESERVE_EPHEMERAL'
174 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
176 InstanceNameTemplate:
177 default: 'instance-%08x'
178 description: Template string to be used to generate instance names
182 description: Name of an existing Nova key pair to enable SSH access to the instances
185 - custom_constraint: nova.keypair
189 description: Keystone region for endpoint
192 description: Whether to manage IPtables rules.
196 description: Enable IPv6 features in Memcached.
200 description: Whether IPtables rules should be purged before setting up the new ones.
202 MysqlClusterUniquePart:
203 description: A unique identifier of the MySQL cluster the controller is in.
205 default: 'unset' # Has to be here because of the ignored empty value bug
206 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
208 # - length: {min: 4, max: 10}
209 MysqlInnodbBufferPoolSize:
211 Specifies the size of the buffer pool in megabytes. Setting to
212 zero should be interpreted as "no value" and will defer to the
217 description: Configures MySQL max_connections config setting
220 MysqlClustercheckPassword:
226 default: '' # Has to be here because of the ignored empty value bug
227 NeutronMetadataProxySharedSecret:
228 description: Shared secret to prevent spoofing
232 description: The password for the neutron service and db account, used by neutron agents.
235 NeutronPublicInterface:
237 description: What interface to bridge onto br-ex for network nodes.
241 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
242 be at least 50 bytes smaller than the MTU on the physical network. This
243 value will be used to set the MTU on the virtual Ethernet device.
244 This number is related to the value of NeutronDnsmasqOptions, since that
245 will determine the MTU that is assigned to the VM host through DHCP.
251 Whether to create cron job for purging soft deleted rows in Nova database.
255 description: Enable IPv6 features in Nova
258 description: The password for the nova service and db account, used by nova-api.
263 description: The password for the 'pcsd' user.
265 PublicVirtualInterface:
268 Specifies the interface where the public-facing virtual ip will be assigned.
269 This should be int_public when a VLAN is being used.
273 default: '' # Has to be here because of the ignored empty value bug
276 description: The password for RabbitMQ
281 description: The username for RabbitMQ
286 Rabbit client subscriber parameter to specify
287 an SSL connection to the RabbitMQ host.
291 description: Set rabbit subscriber port, change this if using SSL
294 description: The password for Redis
299 default: '' # Has to be here because of the ignored empty value bug
302 default: '' # Has to be here because of the ignored empty value bug
303 description: An IP address which is wrapped in brackets in case of IPv6
305 description: A random string to be used as a salt when hashing to determine mappings
312 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
315 description: Partition Power to use when building Swift rings
319 description: Whether to manage Swift rings or not
324 description: How many replicas to use in the swift rings.
325 UpgradeLevelNovaCompute:
327 description: Nova Compute upgrade level
332 EnablePackageInstall:
334 description: Set to true to enable package installation via Puppet
338 description: Mapping of service_name -> network name. Typically set
339 via parameter_defaults in the resource registry.
343 description: Mapping of service endpoint -> protocol. Typically set
344 via parameter_defaults in the resource registry.
350 Setting to a previously unused value during stack-update will trigger
351 package update on all nodes
354 default: '' # Defaults to Heat created hostname
358 description: Optional mapping to override hostnames
359 NetworkDeploymentActions:
360 type: comma_delimited_list
362 Heat action when to apply network configuration changes
367 SoftwareConfigTransport:
368 default: POLL_SERVER_CFN
370 How the server should receive the metadata required for software configuration.
373 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
378 The DNS domain used for the hosts. This should match the dhcp_domain
379 configured in the Undercloud neutron. Defaults to localdomain.
383 Extra properties or metadata passed to Nova for the created nodes in
384 the overcloud. It's accessible via the Nova metadata API.
388 description: Optional scheduler hints to pass to nova
390 ServiceConfigSettings:
395 description: Command which will be run whenever configuration data changes
396 default: os-refresh-config --timeout 14400
400 description: Do not use deprecated params, they will be removed.
402 - controllerExtraConfig
407 type: OS::Nova::Server
410 command: {get_param: ConfigCommand}
412 image: {get_param: Image}
413 image_update_policy: {get_param: ImageUpdatePolicy}
414 flavor: {get_param: Flavor}
415 key_name: {get_param: KeyName}
418 user_data_format: SOFTWARE_CONFIG
419 user_data: {get_resource: UserData}
422 template: {get_param: Hostname}
423 params: {get_param: HostnameMap}
424 software_config_transport: {get_param: SoftwareConfigTransport}
425 metadata: {get_param: ServerMetadata}
426 scheduler_hints: {get_param: SchedulerHints}
428 # Combine the NodeAdminUserData and NodeUserData mime archives
430 type: OS::Heat::MultipartMime
433 - config: {get_resource: NodeAdminUserData}
435 - config: {get_resource: NodeUserData}
438 # Creates the "heat-admin" user if configured via the environment
439 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
441 type: OS::TripleO::NodeAdminUserData
443 # For optional operator additional userdata
444 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
446 type: OS::TripleO::NodeUserData
449 type: OS::TripleO::Controller::Ports::ExternalPort
451 IPPool: {get_param: ControllerIPs}
452 NodeIndex: {get_param: NodeIndex}
453 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
456 type: OS::TripleO::Controller::Ports::InternalApiPort
458 IPPool: {get_param: ControllerIPs}
459 NodeIndex: {get_param: NodeIndex}
460 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
463 type: OS::TripleO::Controller::Ports::StoragePort
465 IPPool: {get_param: ControllerIPs}
466 NodeIndex: {get_param: NodeIndex}
467 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
470 type: OS::TripleO::Controller::Ports::StorageMgmtPort
472 IPPool: {get_param: ControllerIPs}
473 NodeIndex: {get_param: NodeIndex}
474 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
477 type: OS::TripleO::Controller::Ports::TenantPort
479 IPPool: {get_param: ControllerIPs}
480 NodeIndex: {get_param: NodeIndex}
481 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
484 type: OS::TripleO::Controller::Ports::ManagementPort
486 IPPool: {get_param: ControllerIPs}
487 NodeIndex: {get_param: NodeIndex}
488 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
491 type: OS::TripleO::Network::Ports::NetIpMap
493 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
494 ExternalIp: {get_attr: [ExternalPort, ip_address]}
495 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
496 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
497 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
498 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
499 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
500 StorageIp: {get_attr: [StoragePort, ip_address]}
501 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
502 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
503 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
504 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
505 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
506 TenantIp: {get_attr: [TenantPort, ip_address]}
507 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
508 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
509 ManagementIp: {get_attr: [ManagementPort, ip_address]}
510 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
511 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
514 type: OS::TripleO::Controller::Net::SoftwareConfig
516 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
517 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
518 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
519 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
520 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
521 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
522 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
525 type: OS::TripleO::SoftwareDeployment
527 name: NetworkDeployment
528 config: {get_resource: NetworkConfig}
529 server: {get_resource: Controller}
530 actions: {get_param: NetworkDeploymentActions}
533 interface_name: {get_param: NeutronPublicInterface}
535 # Resource for site-specific injection of root certificate
537 depends_on: NetworkDeployment
538 type: OS::TripleO::NodeTLSCAData
540 server: {get_resource: Controller}
542 # Resource for site-specific passing of private keys/certificates
544 depends_on: NodeTLSCAData
545 type: OS::TripleO::NodeTLSData
547 server: {get_resource: Controller}
548 NodeIndex: {get_param: NodeIndex}
551 ControllerDeployment:
552 type: OS::TripleO::SoftwareDeployment
553 depends_on: NetworkDeployment
555 name: ControllerDeployment
556 config: {get_resource: ControllerConfig}
557 server: {get_resource: Controller}
559 bootstack_nodeid: {get_attr: [Controller, name]}
560 ceilometer_workers: {get_param: CeilometerWorkers}
561 haproxy_log_address: {get_param: HAProxySyslogAddress}
562 haproxy_stats_password: {get_param: HAProxyStatsPassword}
563 haproxy_stats_user: {get_param: HAProxyStatsUser}
564 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
565 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
566 horizon_secret: {get_param: HorizonSecret}
567 admin_password: {get_param: AdminPassword}
568 debug: {get_param: Debug}
569 cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
570 cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
571 cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
572 cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
573 cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
574 cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
575 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
576 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
577 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
578 enable_fencing: {get_param: EnableFencing}
579 enable_galera: {get_param: EnableGalera}
580 enable_load_balancer: {get_param: EnableLoadBalancer}
581 manage_firewall: {get_param: ManageFirewall}
582 purge_firewall_rules: {get_param: PurgeFirewallRules}
583 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
584 mysql_max_connections: {get_param: MysqlMaxConnections}
585 mysql_root_password: {get_param: MysqlRootPassword}
586 mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
589 template: tripleo-CLUSTER
591 CLUSTER: {get_param: MysqlClusterUniquePart}
592 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
593 neutron_password: {get_param: NeutronPassword}
594 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
595 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
596 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
597 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
598 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
599 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
600 ceilometer_backend: {get_param: CeilometerBackend}
601 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
602 ceilometer_password: {get_param: CeilometerPassword}
603 ceilometer_store_events: {get_param: CeilometerStoreEvents}
604 aodh_password: {get_param: AodhPassword}
605 aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
606 aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
607 aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
608 ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
609 gnocchi_password: {get_param: GnocchiPassword}
610 gnocchi_backend: {get_param: GnocchiBackend}
611 gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
612 ceilometer_coordination_url:
616 - {get_param: RedisPassword}
618 - {get_param: RedisVirtualIPUri}
623 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
625 - {get_param: CeilometerPassword}
627 - {get_param: [EndpointMap, MysqlInternal, host]}
632 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
634 - {get_param: GnocchiPassword}
636 - {get_param: [EndpointMap, MysqlInternal, host]}
641 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
643 - {get_param: AodhPassword}
645 - {get_param: [EndpointMap, MysqlInternal, host]}
647 gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
648 gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
649 gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
650 ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
651 ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
652 ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
653 ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
654 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
655 nova_ipv6: {get_param: NovaIPv6}
656 corosync_ipv6: {get_param: CorosyncIPv6}
657 memcached_ipv6: {get_param: MemcachedIPv6}
658 nova_password: {get_param: NovaPassword}
662 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
664 - {get_param: NovaPassword}
666 - {get_param: [EndpointMap, MysqlInternal, host]}
671 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
673 - {get_param: NovaPassword}
675 - {get_param: [EndpointMap, MysqlInternal, host]}
677 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
678 instance_name_template: {get_param: InstanceNameTemplate}
679 nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
680 nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
681 nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
682 fencing_config: {get_param: FencingConfig}
683 pcsd_password: {get_param: PcsdPassword}
684 rabbit_username: {get_param: RabbitUserName}
685 rabbit_password: {get_param: RabbitPassword}
686 rabbit_cookie: {get_param: RabbitCookie}
687 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
688 rabbit_client_port: {get_param: RabbitClientPort}
689 control_virtual_interface: {get_param: ControlVirtualInterface}
690 public_virtual_interface: {get_param: PublicVirtualInterface}
691 swift_hash_suffix: {get_param: SwiftHashSuffix}
692 swift_part_power: {get_param: SwiftPartPower}
693 swift_ring_build: {get_param: SwiftRingBuild}
694 swift_replicas: {get_param: SwiftReplicas}
695 swift_min_part_hours: {get_param: SwiftMinPartHours}
696 enable_package_install: {get_param: EnablePackageInstall}
697 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
698 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
699 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
700 cinder_iscsi_network:
704 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
705 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
706 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
707 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
708 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
709 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
710 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
711 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
712 keystone_region: {get_param: KeystoneRegion}
713 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
714 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
715 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
716 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
717 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
718 gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
719 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
720 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
721 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
724 template: "['SUBNET']"
726 SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
727 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
728 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
729 redis_vip: {get_param: RedisVirtualIP}
730 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
731 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
732 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
733 mysql_virtual_ip: {get_param: MysqlVirtualIP}
734 ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
735 ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
736 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
737 ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
739 # Map heat metadata into hiera datafiles
741 type: OS::Heat::StructuredConfig
743 group: os-apply-config
748 - heat_config_%{::deploy_config_name}
749 - controller_extraconfig
755 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
756 - ceph_cluster # provided by CephClusterConfig
758 - bootstrap_node # provided by BootstrapNodeConfig
759 - all_nodes # provided by allNodesConfig
760 - vip_data # provided by vip-config
764 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
765 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
766 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
767 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
768 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
769 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
770 - midonet_data #Optionally provided by AllNodesExtraConfig
771 merge_behavior: deeper
774 mapped_data: {get_param: ServiceConfigSettings}
775 controller_extraconfig:
778 - {get_param: controllerExtraConfig}
779 - {get_param: ControllerExtraConfig}
781 mapped_data: {get_param: ExtraConfig}
783 raw_data: {get_file: hieradata/common.yaml}
786 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
787 net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
788 net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
790 raw_data: {get_file: hieradata/ceph.yaml}
792 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
793 ceph::profile::params::public_network: {get_input: ceph_public_network}
794 ceph::profile::params::public_addr: {get_input: ceph_public_ip}
796 raw_data: {get_file: hieradata/database.yaml}
798 raw_data: {get_file: hieradata/object.yaml}
800 raw_data: {get_file: hieradata/controller.yaml}
801 mapped_data: # data supplied directly to this deployment configuration, etc
802 bootstack_nodeid: {get_input: bootstack_nodeid}
805 enable_fencing: {get_input: enable_fencing}
806 enable_load_balancer: {get_input: enable_load_balancer}
807 hacluster_pwd: {get_input: pcsd_password}
808 corosync_ipv6: {get_input: corosync_ipv6}
809 tripleo::fencing::config: {get_input: fencing_config}
812 # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
813 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
814 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
815 swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
816 tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
817 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
818 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
819 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
822 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
823 cinder::api::bind_host: {get_input: cinder_api_network}
824 cinder::keystone::auth::public_url: {get_input: cinder_public_url }
825 cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
826 cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
827 cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
828 cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
829 cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
830 cinder::keystone::auth::password: {get_input: cinder_password }
831 cinder::keystone::auth::region: {get_input: keystone_region}
834 glance::api::bind_host: {get_input: glance_api_network}
835 glance::registry::bind_host: {get_input: glance_registry_network}
836 glance::keystone::auth::region: {get_input: keystone_region}
839 heat::api::bind_host: {get_input: heat_api_network}
840 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
841 heat::api_cfn::bind_host: {get_input: heat_api_network}
842 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
845 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
846 keystone::public_bind_host: {get_input: keystone_public_api_network}
847 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
848 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
851 mongodb::server::bind_ip: {get_input: mongo_db_network}
854 admin_password: {get_input: admin_password}
855 enable_galera: {get_input: enable_galera}
856 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
857 mysql_max_connections: {get_input: mysql_max_connections}
858 mysql::server::root_password: {get_input: mysql_root_password}
859 mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
860 mysql_cluster_name: {get_input: mysql_cluster_name}
861 mysql_bind_host: {get_input: mysql_network}
862 mysql_virtual_ip: {get_input: mysql_virtual_ip}
865 neutron::bind_host: {get_input: neutron_api_network}
866 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
867 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
868 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
869 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
870 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
871 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
872 neutron::keystone::auth::password: {get_input: neutron_password }
873 neutron::keystone::auth::region: {get_input: keystone_region}
876 ceilometer_backend: {get_input: ceilometer_backend}
877 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
878 ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
879 ceilometer::rabbit_userid: {get_input: rabbit_username}
880 ceilometer::rabbit_password: {get_input: rabbit_password}
881 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
882 ceilometer::rabbit_port: {get_input: rabbit_client_port}
883 ceilometer::debug: {get_input: debug}
884 ceilometer::api::host: {get_input: ceilometer_api_network}
885 ceilometer::api::keystone_password: {get_input: ceilometer_password}
886 ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
887 ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
888 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
889 ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
890 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
891 ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
892 ceilometer::db::mysql::password: {get_input: ceilometer_password}
893 ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
894 ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
895 ceilometer::dispatcher::gnocchi::filter_project: 'service'
896 ceilometer::dispatcher::gnocchi::archive_policy: 'low'
897 ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
898 ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
899 ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
900 ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
901 ceilometer::keystone::auth::password: {get_input: ceilometer_password }
902 ceilometer::keystone::auth::region: {get_input: keystone_region}
903 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
904 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
907 aodh_mysql_conn_string: {get_input: aodh_dsn}
908 aodh::rabbit_userid: {get_input: rabbit_username}
909 aodh::rabbit_password: {get_input: rabbit_password}
910 aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
911 aodh::rabbit_port: {get_input: rabbit_client_port}
912 aodh::debug: {get_input: debug}
913 aodh::wsgi::apache::ssl: false
914 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
915 aodh::api::service_name: 'httpd'
916 aodh::api::host: {get_input: aodh_api_network}
917 aodh::api::keystone_password: {get_input: aodh_password}
918 aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
919 aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
920 aodh::auth::auth_url: {get_input: keystone_auth_uri}
921 aodh::auth::auth_password: {get_input: aodh_password}
922 aodh::db::mysql::password: {get_input: aodh_password}
923 # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
924 aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
925 aodh::keystone::auth::public_url: {get_input: aodh_public_url }
926 aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
927 aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
928 aodh::keystone::auth::password: {get_input: aodh_password }
929 aodh::keystone::auth::region: {get_input: keystone_region}
932 gnocchi_backend: {get_input: gnocchi_backend}
933 gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
934 gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
935 gnocchi::debug: {get_input: debug}
936 gnocchi::wsgi::apache::ssl: false
937 gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
938 gnocchi::api::service_name: 'httpd'
939 gnocchi::api::host: {get_input: gnocchi_api_network}
940 gnocchi::api::keystone_password: {get_input: gnocchi_password}
941 gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
942 gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
943 gnocchi::db::mysql::password: {get_input: gnocchi_password}
944 gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
945 gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
946 gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
947 gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
948 gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
949 gnocchi::keystone::auth::password: {get_input: gnocchi_password }
950 gnocchi::keystone::auth::region: {get_input: keystone_region}
953 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
954 nova::use_ipv6: {get_input: nova_ipv6}
955 nova::api::auth_uri: {get_input: keystone_auth_uri}
956 nova::api::identity_uri: {get_input: keystone_identity_uri}
957 nova::api::api_bind_address: {get_input: nova_api_network}
958 nova::api::metadata_listen: {get_input: nova_metadata_network}
959 nova::api::admin_password: {get_input: nova_password}
960 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
961 nova::database_connection: {get_input: nova_dsn}
962 nova::api_database_connection: {get_input: nova_api_dsn}
963 nova::glance_api_servers: {get_input: glance_api_servers}
964 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
965 nova::api::instance_name_template: {get_input: instance_name_template}
966 nova::network::neutron::neutron_password: {get_input: neutron_password}
967 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
968 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
969 nova::vncproxy::host: {get_input: nova_api_network}
970 nova::db::mysql::password: {get_input: nova_password}
971 nova::db::mysql_api::password: {get_input: nova_password}
972 nova_enable_db_purge: {get_input: nova_enable_db_purge}
973 nova::keystone::auth::public_url: {get_input: nova_public_url}
974 nova::keystone::auth::internal_url: {get_input: nova_internal_url}
975 nova::keystone::auth::admin_url: {get_input: nova_admin_url}
976 nova::keystone::auth::password: {get_input: nova_password }
977 nova::keystone::auth::region: {get_input: keystone_region}
980 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
981 apache::ip: {get_input: horizon_network}
982 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
983 horizon::django_debug: {get_input: debug}
984 horizon::secret_key: {get_input: horizon_secret}
985 horizon::bind_address: {get_input: horizon_network}
986 horizon::keystone_url: {get_input: keystone_auth_uri}
989 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
990 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
992 redis::bind: {get_input: redis_network}
993 redis_vip: {get_input: redis_vip}
995 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
996 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
998 memcached_ipv6: {get_input: memcached_ipv6}
999 memcached::listen_ip: {get_input: memcached_network}
1000 control_virtual_interface: {get_input: control_virtual_interface}
1001 public_virtual_interface: {get_input: public_virtual_interface}
1002 tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
1003 tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
1004 tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
1005 tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
1006 tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
1007 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1008 tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
1009 tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
1010 tripleo::haproxy::redis_password: {get_input: redis_password}
1011 tripleo::packages::enable_install: {get_input: enable_package_install}
1012 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1014 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1015 ControllerExtraConfigPre:
1016 depends_on: ControllerDeployment
1017 type: OS::TripleO::ControllerExtraConfigPre
1019 server: {get_resource: Controller}
1021 # Hook for site-specific additional pre-deployment config,
1022 # applying to all nodes, e.g node registration/unregistration
1024 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1025 type: OS::TripleO::NodeExtraConfig
1027 server: {get_resource: Controller}
1030 type: OS::TripleO::Tasks::PackageUpdate
1033 type: OS::Heat::SoftwareDeployment
1035 name: UpdateDeployment
1036 config: {get_resource: UpdateConfig}
1037 server: {get_resource: Controller}
1040 get_param: UpdateIdentifier
1044 description: IP address of the server in the ctlplane network
1045 value: {get_attr: [Controller, networks, ctlplane, 0]}
1046 external_ip_address:
1047 description: IP address of the server in the external network
1048 value: {get_attr: [ExternalPort, ip_address]}
1049 internal_api_ip_address:
1050 description: IP address of the server in the internal_api network
1051 value: {get_attr: [InternalApiPort, ip_address]}
1053 description: IP address of the server in the storage network
1054 value: {get_attr: [StoragePort, ip_address]}
1055 storage_mgmt_ip_address:
1056 description: IP address of the server in the storage_mgmt network
1057 value: {get_attr: [StorageMgmtPort, ip_address]}
1059 description: IP address of the server in the tenant network
1060 value: {get_attr: [TenantPort, ip_address]}
1061 management_ip_address:
1062 description: IP address of the server in the management network
1063 value: {get_attr: [ManagementPort, ip_address]}
1065 description: Hostname of the server
1066 value: {get_attr: [Controller, name]}
1069 Server's IP address and hostname in the /etc/hosts format
1073 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1074 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
1075 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
1076 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
1077 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
1078 TENANTIP TENANTHOST.DOMAIN TENANTHOST
1079 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
1081 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1082 DOMAIN: {get_param: CloudDomain}
1083 PRIMARYHOST: {get_attr: [Controller, name]}
1084 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1088 - - {get_attr: [Controller, name]}
1090 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1094 - - {get_attr: [Controller, name]}
1096 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1100 - - {get_attr: [Controller, name]}
1102 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1106 - - {get_attr: [Controller, name]}
1108 TENANTIP: {get_attr: [TenantPort, ip_address]}
1112 - - {get_attr: [Controller, name]}
1114 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1118 - - {get_attr: [Controller, name]}
1120 nova_server_resource:
1121 description: Heat resource handle for the Nova compute server
1123 {get_resource: Controller}
1125 description: Swift device formatted for swift-ring-builder
1128 template: 'r1z1-IP:%PORT%/d1'
1130 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1131 swift_proxy_memcache:
1132 description: Swift proxy-memcache value
1135 template: "IP:11211"
1137 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1139 description: identifier which changes if the controller configuration may need re-applying
1143 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1144 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1145 - {get_attr: [NodeTLSData, deploy_stdout]}
1146 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1147 - {get_param: UpdateIdentifier}
1148 tls_key_modulus_md5:
1149 description: MD5 checksum of the TLS Key Modulus
1150 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1151 tls_cert_modulus_md5:
1152 description: MD5 checksum of the TLS Certificate Modulus
1153 value: {get_attr: [NodeTLSData, cert_modulus_md5]}