1 heat_template_version: 2016-10-14
4 OpenStack controller node configured by Puppet.
10 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
12 ControllerExtraConfig:
15 Controller specific hiera configuration data to inject into the cluster.
20 A network mapped list of IPs to assign to Controllers in the following form:
22 "internal_api": ["a.b.c.d", "e.f.g.h"],
28 description: Enable IPv6 in Corosync
32 description: Set to True to enable debugging on all services.
36 description: Whether to enable fencing in Pacemaker or not.
40 description: Whether to deploy a LoadBalancer on the Controller
45 Additional hieradata to inject into the cluster, note that
46 ControllerExtraConfig takes precedence over ExtraConfig.
51 Pacemaker fencing configuration. The JSON should have
52 the following structure:
56 "agent": "AGENT_NAME",
57 "host_mac": "HOST_MAC_ADDRESS",
58 "params": {"PARAM_NAME": "PARAM_VALUE"}
67 "host_mac": "52:54:00:aa:bb:cc",
69 "multicast_address": "225.0.0.12",
70 "port": "baremetal_0",
72 "manage_key_file": true,
73 "key_file": "/etc/fence_xvm.key",
74 "key_file_password": "abcdef"
80 OvercloudControlFlavor:
81 description: Flavor for control nodes to request when deploying.
85 - custom_constraint: nova.flavor
87 description: Secret key for Django
92 default: overcloud-full
94 - custom_constraint: glance.image
96 default: 'REBUILD_PRESERVE_EPHEMERAL'
97 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
100 default: 'instance-%08x'
101 description: Template string to be used to generate instance names
105 description: Name of an existing Nova key pair to enable SSH access to the instances
108 - custom_constraint: nova.keypair
111 description: Whether to manage IPtables rules.
115 description: Enable IPv6 features in Memcached.
119 description: Whether IPtables rules should be purged before setting up the new ones.
121 NeutronMetadataProxySharedSecret:
122 description: Shared secret to prevent spoofing
126 description: The password for the neutron service and db account, used by neutron agents.
129 NeutronPublicInterface:
131 description: What interface to bridge onto br-ex for network nodes.
136 Whether to create cron job for purging soft deleted rows in Nova database.
140 description: Enable IPv6 features in Nova
143 description: The password for the nova service and db account, used by nova-api.
148 description: The password for the 'pcsd' user.
151 description: The password for Redis
156 default: '' # Has to be here because of the ignored empty value bug
159 default: '' # Has to be here because of the ignored empty value bug
160 description: An IP address which is wrapped in brackets in case of IPv6
163 description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
165 UpgradeLevelNovaCompute:
167 description: Nova Compute upgrade level
171 description: Mapping of service_name -> network name. Typically set
172 via parameter_defaults in the resource registry.
176 description: Mapping of service endpoint -> protocol. Typically set
177 via parameter_defaults in the resource registry.
183 Setting to a previously unused value during stack-update will trigger
184 package update on all nodes
187 default: '' # Defaults to Heat created hostname
191 description: Optional mapping to override hostnames
192 NetworkDeploymentActions:
193 type: comma_delimited_list
195 Heat action when to apply network configuration changes
200 SoftwareConfigTransport:
201 default: POLL_SERVER_CFN
203 How the server should receive the metadata required for software configuration.
206 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
210 The DNS domain used for the hosts. This should match the dhcp_domain
211 configured in the Undercloud neutron. Defaults to localdomain.
215 Extra properties or metadata passed to Nova for the created nodes in
216 the overcloud. It's accessible via the Nova metadata API.
218 ControllerSchedulerHints:
220 description: Optional scheduler hints to pass to nova
222 ServiceConfigSettings:
226 type: comma_delimited_list
230 description: Command which will be run whenever configuration data changes
231 default: os-refresh-config --timeout 14400
235 description: Do not use deprecated params, they will be removed.
237 - controllerExtraConfig
242 type: OS::TripleO::Server
245 command: {get_param: ConfigCommand}
247 image: {get_param: controllerImage}
248 image_update_policy: {get_param: ImageUpdatePolicy}
249 flavor: {get_param: OvercloudControlFlavor}
250 key_name: {get_param: KeyName}
253 user_data_format: SOFTWARE_CONFIG
254 user_data: {get_resource: UserData}
257 template: {get_param: Hostname}
258 params: {get_param: HostnameMap}
259 software_config_transport: {get_param: SoftwareConfigTransport}
260 metadata: {get_param: ServerMetadata}
261 scheduler_hints: {get_param: ControllerSchedulerHints}
263 # Combine the NodeAdminUserData and NodeUserData mime archives
265 type: OS::Heat::MultipartMime
268 - config: {get_resource: NodeAdminUserData}
270 - config: {get_resource: NodeUserData}
273 # Creates the "heat-admin" user if configured via the environment
274 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
276 type: OS::TripleO::NodeAdminUserData
278 # For optional operator additional userdata
279 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
281 type: OS::TripleO::NodeUserData
284 type: OS::TripleO::Controller::Ports::ExternalPort
286 IPPool: {get_param: ControllerIPs}
287 NodeIndex: {get_param: NodeIndex}
288 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
291 type: OS::TripleO::Controller::Ports::InternalApiPort
293 IPPool: {get_param: ControllerIPs}
294 NodeIndex: {get_param: NodeIndex}
295 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
298 type: OS::TripleO::Controller::Ports::StoragePort
300 IPPool: {get_param: ControllerIPs}
301 NodeIndex: {get_param: NodeIndex}
302 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
305 type: OS::TripleO::Controller::Ports::StorageMgmtPort
307 IPPool: {get_param: ControllerIPs}
308 NodeIndex: {get_param: NodeIndex}
309 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
312 type: OS::TripleO::Controller::Ports::TenantPort
314 IPPool: {get_param: ControllerIPs}
315 NodeIndex: {get_param: NodeIndex}
316 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
319 type: OS::TripleO::Controller::Ports::ManagementPort
321 IPPool: {get_param: ControllerIPs}
322 NodeIndex: {get_param: NodeIndex}
323 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
326 type: OS::TripleO::Network::Ports::NetIpMap
328 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
329 ExternalIp: {get_attr: [ExternalPort, ip_address]}
330 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
331 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
332 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
333 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
334 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
335 StorageIp: {get_attr: [StoragePort, ip_address]}
336 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
337 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
338 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
339 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
340 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
341 TenantIp: {get_attr: [TenantPort, ip_address]}
342 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
343 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
344 ManagementIp: {get_attr: [ManagementPort, ip_address]}
345 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
346 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
349 type: OS::TripleO::Controller::Net::SoftwareConfig
351 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
352 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
353 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
354 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
355 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
356 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
357 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
360 type: OS::TripleO::SoftwareDeployment
362 name: NetworkDeployment
363 config: {get_resource: NetworkConfig}
364 server: {get_resource: Controller}
365 actions: {get_param: NetworkDeploymentActions}
368 interface_name: {get_param: NeutronPublicInterface}
370 # Resource for site-specific injection of root certificate
372 depends_on: NetworkDeployment
373 type: OS::TripleO::NodeTLSCAData
375 server: {get_resource: Controller}
377 # Resource for site-specific passing of private keys/certificates
379 depends_on: NodeTLSCAData
380 type: OS::TripleO::NodeTLSData
382 server: {get_resource: Controller}
383 NodeIndex: {get_param: NodeIndex}
386 ControllerDeployment:
387 type: OS::TripleO::SoftwareDeployment
388 depends_on: NetworkDeployment
390 name: ControllerDeployment
391 config: {get_resource: ControllerConfig}
392 server: {get_resource: Controller}
394 bootstack_nodeid: {get_attr: [Controller, name]}
395 horizon_secret: {get_param: HorizonSecret}
396 debug: {get_param: Debug}
397 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
398 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
399 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
400 enable_fencing: {get_param: EnableFencing}
401 enable_load_balancer: {get_param: EnableLoadBalancer}
402 manage_firewall: {get_param: ManageFirewall}
403 purge_firewall_rules: {get_param: PurgeFirewallRules}
404 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
405 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
406 nova_ipv6: {get_param: NovaIPv6}
407 corosync_ipv6: {get_param: CorosyncIPv6}
408 memcached_ipv6: {get_param: MemcachedIPv6}
409 nova_password: {get_param: NovaPassword}
410 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
411 instance_name_template: {get_param: InstanceNameTemplate}
412 fencing_config: {get_param: FencingConfig}
413 pcsd_password: {get_param: PcsdPassword}
414 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
415 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
416 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
417 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
418 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
419 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
422 template: "['SUBNET']"
429 template: "NETWORK_subnet"
431 NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
432 redis_vip: {get_param: RedisVirtualIP}
433 ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
435 # Map heat metadata into hiera datafiles
437 type: OS::Heat::StructuredConfig
439 group: os-apply-config
444 - heat_config_%{::deploy_config_name}
445 - controller_extraconfig
450 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
451 - bootstrap_node # provided by BootstrapNodeConfig
452 - all_nodes # provided by allNodesConfig
453 - vip_data # provided by vip-config
455 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
456 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
457 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
458 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
459 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
460 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
461 - midonet_data #Optionally provided by AllNodesExtraConfig
462 - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
463 merge_behavior: deeper
467 service_names: {get_param: ServiceNames}
471 - {get_param: ServiceConfigSettings}
472 - values: {get_attr: [NetIpMap, net_ip_map]}
473 controller_extraconfig:
476 - {get_param: controllerExtraConfig}
477 - {get_param: ControllerExtraConfig}
479 mapped_data: {get_param: ExtraConfig}
481 mapped_data: # data supplied directly to this deployment configuration, etc
482 bootstack_nodeid: {get_input: bootstack_nodeid}
485 enable_fencing: {get_input: enable_fencing}
486 enable_load_balancer: {get_input: enable_load_balancer}
487 hacluster_pwd: {get_input: pcsd_password}
488 corosync_ipv6: {get_input: corosync_ipv6}
489 tripleo::fencing::config: {get_input: fencing_config}
492 neutron::bind_host: {get_input: neutron_api_network}
493 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
494 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
495 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
498 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
499 nova::use_ipv6: {get_input: nova_ipv6}
500 nova::api::api_bind_address: {get_input: nova_api_network}
501 nova::api::metadata_listen: {get_input: nova_metadata_network}
502 nova::glance_api_servers: {get_input: glance_api_servers}
503 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
504 nova::api::instance_name_template: {get_input: instance_name_template}
505 nova::vncproxy::host: {get_input: nova_api_network}
506 nova_enable_db_purge: {get_input: nova_enable_db_purge}
509 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
510 apache::ip: {get_input: horizon_network}
511 horizon::django_debug: {get_input: debug}
512 horizon::secret_key: {get_input: horizon_secret}
513 horizon::bind_address: {get_input: horizon_network}
514 horizon::keystone_url: {get_input: keystone_auth_uri}
517 redis_vip: {get_input: redis_vip}
519 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
520 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
522 memcached_ipv6: {get_input: memcached_ipv6}
523 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
524 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
526 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
527 ControllerExtraConfigPre:
528 depends_on: ControllerDeployment
529 type: OS::TripleO::ControllerExtraConfigPre
531 server: {get_resource: Controller}
533 # Hook for site-specific additional pre-deployment config,
534 # applying to all nodes, e.g node registration/unregistration
536 depends_on: [ControllerExtraConfigPre, NodeTLSData]
537 type: OS::TripleO::NodeExtraConfig
539 server: {get_resource: Controller}
542 type: OS::TripleO::Tasks::PackageUpdate
545 type: OS::Heat::SoftwareDeployment
547 name: UpdateDeployment
548 config: {get_resource: UpdateConfig}
549 server: {get_resource: Controller}
552 get_param: UpdateIdentifier
556 description: IP address of the server in the ctlplane network
557 value: {get_attr: [Controller, networks, ctlplane, 0]}
559 description: IP address of the server in the external network
560 value: {get_attr: [ExternalPort, ip_address]}
561 internal_api_ip_address:
562 description: IP address of the server in the internal_api network
563 value: {get_attr: [InternalApiPort, ip_address]}
565 description: IP address of the server in the storage network
566 value: {get_attr: [StoragePort, ip_address]}
567 storage_mgmt_ip_address:
568 description: IP address of the server in the storage_mgmt network
569 value: {get_attr: [StorageMgmtPort, ip_address]}
571 description: IP address of the server in the tenant network
572 value: {get_attr: [TenantPort, ip_address]}
573 management_ip_address:
574 description: IP address of the server in the management network
575 value: {get_attr: [ManagementPort, ip_address]}
577 description: Hostname of the server
578 value: {get_attr: [Controller, name]}
581 Server's IP address and hostname in the /etc/hosts format
585 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
586 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
587 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
588 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
589 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
590 TENANTIP TENANTHOST.DOMAIN TENANTHOST
591 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
593 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
594 DOMAIN: {get_param: CloudDomain}
595 PRIMARYHOST: {get_attr: [Controller, name]}
596 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
600 - - {get_attr: [Controller, name]}
602 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
606 - - {get_attr: [Controller, name]}
608 STORAGEIP: {get_attr: [StoragePort, ip_address]}
612 - - {get_attr: [Controller, name]}
614 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
618 - - {get_attr: [Controller, name]}
620 TENANTIP: {get_attr: [TenantPort, ip_address]}
624 - - {get_attr: [Controller, name]}
626 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
630 - - {get_attr: [Controller, name]}
632 nova_server_resource:
633 description: Heat resource handle for the Nova compute server
635 {get_resource: Controller}
637 description: Swift device formatted for swift-ring-builder
643 - ['r1z1-IP:%PORT%/d1']
645 template: 'r1z1-IP:%PORT%/DEVICE'
647 DEVICE: {get_param: SwiftRawDisks}
654 template: "NETWORK_uri"
656 NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
657 swift_proxy_memcache:
658 description: Swift proxy-memcache value
668 template: "NETWORK_uri"
670 NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
672 description: MD5 checksum of the TLS Key Modulus
673 value: {get_attr: [NodeTLSData, key_modulus_md5]}
674 tls_cert_modulus_md5:
675 description: MD5 checksum of the TLS Certificate Modulus
676 value: {get_attr: [NodeTLSData, cert_modulus_md5]}