1 heat_template_version: 2016-04-08
4 OpenStack controller node configured by Puppet.
8 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
12 description: The password for the aodh services.
15 #TODO(composable Redis): Remove the Redis password param
16 #As is used by ceilometer
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
22 description: Secret shared by the ceilometer services.
26 description: The password for the ceilometer service and db account.
29 CeilometerStoreEvents:
31 description: Whether to store events in ceilometer.
33 CeilometerMeterDispatcher:
35 description: Dispatcher to process meter data
38 - allowed_values: ['gnocchi', 'database']
41 description: Number of workers for Ceilometer service.
43 controllerExtraConfig:
46 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
48 ControllerExtraConfig:
51 Controller specific hiera configuration data to inject into the cluster.
56 A network mapped list of IPs to assign to Controllers in the following form:
58 "internal_api": ["a.b.c.d", "e.f.g.h"],
62 ControlVirtualInterface:
64 description: Interface where virtual ip will be assigned.
68 description: Enable IPv6 in Corosync
72 description: Set to True to enable debugging on all services.
76 description: Whether to enable fencing in Pacemaker or not.
80 description: Whether to use Galera instead of regular MariaDB.
84 description: Whether to deploy a LoadBalancer on the Controller
88 description: Whether to deploy Ceph Storage (OSD) on the Controller
93 Additional hieradata to inject into the cluster, note that
94 ControllerExtraConfig takes precedence over ExtraConfig.
99 Pacemaker fencing configuration. The JSON should have
100 the following structure:
104 "agent": "AGENT_NAME",
105 "host_mac": "HOST_MAC_ADDRESS",
106 "params": {"PARAM_NAME": "PARAM_VALUE"}
114 "agent": "fence_xvm",
115 "host_mac": "52:54:00:aa:bb:cc",
117 "multicast_address": "225.0.0.12",
118 "port": "baremetal_0",
120 "manage_key_file": true,
121 "key_file": "/etc/fence_xvm.key",
122 "key_file_password": "abcdef"
129 description: Flavor for control nodes to request when deploying.
132 - custom_constraint: nova.flavor
135 description: The short name of the Gnocchi backend to use. Should be one
136 of swift, rbd, or file
139 - allowed_values: ['swift', 'file', 'rbd']
140 GnocchiIndexerBackend:
142 description: The short name of the Gnocchi indexer backend to use.
145 description: The password for the gnocchi service and db account.
148 HAProxyStatsPassword:
149 description: Password for HAProxy stats endpoint
152 description: User for HAProxy stats endpoint
155 HAProxySyslogAddress:
157 description: Syslog address where HAproxy will send its log
159 HeatAuthEncryptionKey:
160 description: Auth encryption key for heat-engine
165 description: A list of IP/Hostname allowed to connect to horizon
166 type: comma_delimited_list
168 description: Secret key for Django
173 default: overcloud-control
175 - custom_constraint: glance.image
177 default: 'REBUILD_PRESERVE_EPHEMERAL'
178 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
180 InstanceNameTemplate:
181 default: 'instance-%08x'
182 description: Template string to be used to generate instance names
186 description: Name of an existing Nova key pair to enable SSH access to the instances
189 - custom_constraint: nova.keypair
193 description: Keystone region for endpoint
196 description: Whether to manage IPtables rules.
200 description: Enable IPv6 features in Memcached.
204 description: Whether IPtables rules should be purged before setting up the new ones.
206 MysqlClusterUniquePart:
207 description: A unique identifier of the MySQL cluster the controller is in.
209 default: 'unset' # Has to be here because of the ignored empty value bug
210 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
212 # - length: {min: 4, max: 10}
213 MysqlInnodbBufferPoolSize:
215 Specifies the size of the buffer pool in megabytes. Setting to
216 zero should be interpreted as "no value" and will defer to the
221 description: Configures MySQL max_connections config setting
224 MysqlClustercheckPassword:
230 default: '' # Has to be here because of the ignored empty value bug
231 NeutronMetadataProxySharedSecret:
232 description: Shared secret to prevent spoofing
236 description: The password for the neutron service and db account, used by neutron agents.
239 NeutronPublicInterface:
241 description: What interface to bridge onto br-ex for network nodes.
245 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
246 be at least 50 bytes smaller than the MTU on the physical network. This
247 value will be used to set the MTU on the virtual Ethernet device.
248 This number is related to the value of NeutronDnsmasqOptions, since that
249 will determine the MTU that is assigned to the VM host through DHCP.
255 Whether to create cron job for purging soft deleted rows in Nova database.
259 description: Enable IPv6 features in Nova
262 description: The password for the nova service and db account, used by nova-api.
267 description: The password for the 'pcsd' user.
269 PublicVirtualInterface:
272 Specifies the interface where the public-facing virtual ip will be assigned.
273 This should be int_public when a VLAN is being used.
277 default: '' # Has to be here because of the ignored empty value bug
280 description: The password for RabbitMQ
285 description: The username for RabbitMQ
290 Rabbit client subscriber parameter to specify
291 an SSL connection to the RabbitMQ host.
295 description: Set rabbit subscriber port, change this if using SSL
298 description: The password for Redis
303 default: '' # Has to be here because of the ignored empty value bug
306 default: '' # Has to be here because of the ignored empty value bug
307 description: An IP address which is wrapped in brackets in case of IPv6
309 description: A random string to be used as a salt when hashing to determine mappings
316 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
319 description: Partition Power to use when building Swift rings
323 description: Whether to manage Swift rings or not
328 description: How many replicas to use in the swift rings.
329 UpgradeLevelNovaCompute:
331 description: Nova Compute upgrade level
336 EnablePackageInstall:
338 description: Set to true to enable package installation via Puppet
342 description: Mapping of service_name -> network name. Typically set
343 via parameter_defaults in the resource registry.
347 description: Mapping of service endpoint -> protocol. Typically set
348 via parameter_defaults in the resource registry.
354 Setting to a previously unused value during stack-update will trigger
355 package update on all nodes
358 default: '' # Defaults to Heat created hostname
362 description: Optional mapping to override hostnames
363 NetworkDeploymentActions:
364 type: comma_delimited_list
366 Heat action when to apply network configuration changes
371 SoftwareConfigTransport:
372 default: POLL_SERVER_CFN
374 How the server should receive the metadata required for software configuration.
377 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
382 The DNS domain used for the hosts. This should match the dhcp_domain
383 configured in the Undercloud neutron. Defaults to localdomain.
387 Extra properties or metadata passed to Nova for the created nodes in
388 the overcloud. It's accessible via the Nova metadata API.
392 description: Optional scheduler hints to pass to nova
394 ServiceConfigSettings:
400 description: Do not use deprecated params, they will be removed.
402 - controllerExtraConfig
407 type: OS::Nova::Server
409 image: {get_param: Image}
410 image_update_policy: {get_param: ImageUpdatePolicy}
411 flavor: {get_param: Flavor}
412 key_name: {get_param: KeyName}
415 user_data_format: SOFTWARE_CONFIG
416 user_data: {get_resource: UserData}
419 template: {get_param: Hostname}
420 params: {get_param: HostnameMap}
421 software_config_transport: {get_param: SoftwareConfigTransport}
422 metadata: {get_param: ServerMetadata}
423 scheduler_hints: {get_param: SchedulerHints}
425 # Combine the NodeAdminUserData and NodeUserData mime archives
427 type: OS::Heat::MultipartMime
430 - config: {get_resource: NodeAdminUserData}
432 - config: {get_resource: NodeUserData}
435 # Creates the "heat-admin" user if configured via the environment
436 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
438 type: OS::TripleO::NodeAdminUserData
440 # For optional operator additional userdata
441 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
443 type: OS::TripleO::NodeUserData
446 type: OS::TripleO::Controller::Ports::ExternalPort
448 IPPool: {get_param: ControllerIPs}
449 NodeIndex: {get_param: NodeIndex}
450 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
453 type: OS::TripleO::Controller::Ports::InternalApiPort
455 IPPool: {get_param: ControllerIPs}
456 NodeIndex: {get_param: NodeIndex}
457 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
460 type: OS::TripleO::Controller::Ports::StoragePort
462 IPPool: {get_param: ControllerIPs}
463 NodeIndex: {get_param: NodeIndex}
464 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
467 type: OS::TripleO::Controller::Ports::StorageMgmtPort
469 IPPool: {get_param: ControllerIPs}
470 NodeIndex: {get_param: NodeIndex}
471 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
474 type: OS::TripleO::Controller::Ports::TenantPort
476 IPPool: {get_param: ControllerIPs}
477 NodeIndex: {get_param: NodeIndex}
478 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
481 type: OS::TripleO::Controller::Ports::ManagementPort
483 IPPool: {get_param: ControllerIPs}
484 NodeIndex: {get_param: NodeIndex}
485 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
488 type: OS::TripleO::Network::Ports::NetIpMap
490 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
491 ExternalIp: {get_attr: [ExternalPort, ip_address]}
492 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
493 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
494 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
495 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
496 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
497 StorageIp: {get_attr: [StoragePort, ip_address]}
498 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
499 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
500 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
501 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
502 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
503 TenantIp: {get_attr: [TenantPort, ip_address]}
504 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
505 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
506 ManagementIp: {get_attr: [ManagementPort, ip_address]}
507 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
508 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
511 type: OS::TripleO::Controller::Net::SoftwareConfig
513 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
514 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
515 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
516 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
517 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
518 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
519 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
522 type: OS::TripleO::SoftwareDeployment
524 name: NetworkDeployment
525 config: {get_resource: NetworkConfig}
526 server: {get_resource: Controller}
527 actions: {get_param: NetworkDeploymentActions}
530 interface_name: {get_param: NeutronPublicInterface}
532 # Resource for site-specific injection of root certificate
534 depends_on: NetworkDeployment
535 type: OS::TripleO::NodeTLSCAData
537 server: {get_resource: Controller}
539 # Resource for site-specific passing of private keys/certificates
541 depends_on: NodeTLSCAData
542 type: OS::TripleO::NodeTLSData
544 server: {get_resource: Controller}
545 NodeIndex: {get_param: NodeIndex}
548 ControllerDeployment:
549 type: OS::TripleO::SoftwareDeployment
550 depends_on: NetworkDeployment
552 name: ControllerDeployment
553 config: {get_resource: ControllerConfig}
554 server: {get_resource: Controller}
556 bootstack_nodeid: {get_attr: [Controller, name]}
557 ceilometer_workers: {get_param: CeilometerWorkers}
558 haproxy_log_address: {get_param: HAProxySyslogAddress}
559 haproxy_stats_password: {get_param: HAProxyStatsPassword}
560 haproxy_stats_user: {get_param: HAProxyStatsUser}
561 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
562 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
563 horizon_secret: {get_param: HorizonSecret}
564 admin_password: {get_param: AdminPassword}
565 debug: {get_param: Debug}
566 cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
567 cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
568 cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
569 cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
570 cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
571 cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
572 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
573 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
574 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
575 enable_fencing: {get_param: EnableFencing}
576 enable_galera: {get_param: EnableGalera}
577 enable_load_balancer: {get_param: EnableLoadBalancer}
578 enable_ceph_storage: {get_param: EnableCephStorage}
579 manage_firewall: {get_param: ManageFirewall}
580 purge_firewall_rules: {get_param: PurgeFirewallRules}
581 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
582 mysql_max_connections: {get_param: MysqlMaxConnections}
583 mysql_root_password: {get_param: MysqlRootPassword}
584 mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
587 template: tripleo-CLUSTER
589 CLUSTER: {get_param: MysqlClusterUniquePart}
590 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
591 neutron_password: {get_param: NeutronPassword}
592 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
593 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
594 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
595 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
596 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
597 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
598 ceilometer_backend: {get_param: CeilometerBackend}
599 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
600 ceilometer_password: {get_param: CeilometerPassword}
601 ceilometer_store_events: {get_param: CeilometerStoreEvents}
602 aodh_password: {get_param: AodhPassword}
603 aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
604 aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
605 aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
606 ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
607 gnocchi_password: {get_param: GnocchiPassword}
608 gnocchi_backend: {get_param: GnocchiBackend}
609 gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
610 ceilometer_coordination_url:
614 - {get_param: RedisPassword}
616 - {get_param: RedisVirtualIPUri}
621 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
623 - {get_param: CeilometerPassword}
625 - {get_param: [EndpointMap, MysqlInternal, host]}
630 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
632 - {get_param: GnocchiPassword}
634 - {get_param: [EndpointMap, MysqlInternal, host]}
639 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
641 - {get_param: AodhPassword}
643 - {get_param: [EndpointMap, MysqlInternal, host]}
645 gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
646 gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
647 gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
648 ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
649 ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
650 ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
651 ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
652 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
653 nova_ipv6: {get_param: NovaIPv6}
654 corosync_ipv6: {get_param: CorosyncIPv6}
655 memcached_ipv6: {get_param: MemcachedIPv6}
656 nova_password: {get_param: NovaPassword}
660 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
662 - {get_param: NovaPassword}
664 - {get_param: [EndpointMap, MysqlInternal, host]}
669 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
671 - {get_param: NovaPassword}
673 - {get_param: [EndpointMap, MysqlInternal, host]}
675 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
676 instance_name_template: {get_param: InstanceNameTemplate}
677 nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
678 nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
679 nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
680 fencing_config: {get_param: FencingConfig}
681 pcsd_password: {get_param: PcsdPassword}
682 rabbit_username: {get_param: RabbitUserName}
683 rabbit_password: {get_param: RabbitPassword}
684 rabbit_cookie: {get_param: RabbitCookie}
685 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
686 rabbit_client_port: {get_param: RabbitClientPort}
687 control_virtual_interface: {get_param: ControlVirtualInterface}
688 public_virtual_interface: {get_param: PublicVirtualInterface}
689 swift_hash_suffix: {get_param: SwiftHashSuffix}
690 swift_part_power: {get_param: SwiftPartPower}
691 swift_ring_build: {get_param: SwiftRingBuild}
692 swift_replicas: {get_param: SwiftReplicas}
693 swift_min_part_hours: {get_param: SwiftMinPartHours}
694 enable_package_install: {get_param: EnablePackageInstall}
695 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
696 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
697 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
698 cinder_iscsi_network:
702 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
703 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
704 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
705 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
706 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
707 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
708 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
709 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
710 keystone_region: {get_param: KeystoneRegion}
711 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
712 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
713 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
714 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
715 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
716 gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
717 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
718 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
719 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
722 template: "['SUBNET']"
724 SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
725 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
726 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
727 redis_vip: {get_param: RedisVirtualIP}
728 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
729 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
730 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
731 mysql_virtual_ip: {get_param: MysqlVirtualIP}
732 ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
733 ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
734 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
735 ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
737 # Map heat metadata into hiera datafiles
739 type: OS::Heat::StructuredConfig
741 group: os-apply-config
746 - heat_config_%{::deploy_config_name}
747 - controller_extraconfig
753 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
754 - ceph_cluster # provided by CephClusterConfig
756 - bootstrap_node # provided by BootstrapNodeConfig
757 - all_nodes # provided by allNodesConfig
758 - vip_data # provided by vip-config
762 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
763 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
764 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
765 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
766 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
767 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
768 - midonet_data #Optionally provided by AllNodesExtraConfig
769 merge_behavior: deeper
772 mapped_data: {get_param: ServiceConfigSettings}
773 controller_extraconfig:
776 - {get_param: controllerExtraConfig}
777 - {get_param: ControllerExtraConfig}
779 mapped_data: {get_param: ExtraConfig}
781 raw_data: {get_file: hieradata/common.yaml}
784 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
785 net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
786 net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
788 raw_data: {get_file: hieradata/ceph.yaml}
790 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
791 ceph::profile::params::public_network: {get_input: ceph_public_network}
792 ceph::profile::params::public_addr: {get_input: ceph_public_ip}
794 raw_data: {get_file: hieradata/database.yaml}
796 raw_data: {get_file: hieradata/object.yaml}
798 raw_data: {get_file: hieradata/controller.yaml}
799 mapped_data: # data supplied directly to this deployment configuration, etc
800 bootstack_nodeid: {get_input: bootstack_nodeid}
803 enable_fencing: {get_input: enable_fencing}
804 enable_load_balancer: {get_input: enable_load_balancer}
805 hacluster_pwd: {get_input: pcsd_password}
806 corosync_ipv6: {get_input: corosync_ipv6}
807 tripleo::fencing::config: {get_input: fencing_config}
810 # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
811 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
812 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
813 swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
814 tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
815 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
816 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
817 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
820 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
821 cinder::api::bind_host: {get_input: cinder_api_network}
822 cinder::keystone::auth::public_url: {get_input: cinder_public_url }
823 cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
824 cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
825 cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
826 cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
827 cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
828 cinder::keystone::auth::password: {get_input: cinder_password }
829 cinder::keystone::auth::region: {get_input: keystone_region}
832 glance::api::bind_host: {get_input: glance_api_network}
833 glance::registry::bind_host: {get_input: glance_registry_network}
834 glance::keystone::auth::region: {get_input: keystone_region}
837 heat::api::bind_host: {get_input: heat_api_network}
838 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
839 heat::api_cfn::bind_host: {get_input: heat_api_network}
840 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
843 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
844 keystone::public_bind_host: {get_input: keystone_public_api_network}
845 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
846 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
849 mongodb::server::bind_ip: {get_input: mongo_db_network}
852 admin_password: {get_input: admin_password}
853 enable_galera: {get_input: enable_galera}
854 enable_ceph_storage: {get_input: enable_ceph_storage}
855 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
856 mysql_max_connections: {get_input: mysql_max_connections}
857 mysql::server::root_password: {get_input: mysql_root_password}
858 mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
859 mysql_cluster_name: {get_input: mysql_cluster_name}
860 mysql_bind_host: {get_input: mysql_network}
861 mysql_virtual_ip: {get_input: mysql_virtual_ip}
864 neutron::bind_host: {get_input: neutron_api_network}
865 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
866 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
867 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
868 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
869 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
870 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
871 neutron::keystone::auth::password: {get_input: neutron_password }
872 neutron::keystone::auth::region: {get_input: keystone_region}
875 ceilometer_backend: {get_input: ceilometer_backend}
876 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
877 ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
878 ceilometer::rabbit_userid: {get_input: rabbit_username}
879 ceilometer::rabbit_password: {get_input: rabbit_password}
880 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
881 ceilometer::rabbit_port: {get_input: rabbit_client_port}
882 ceilometer::debug: {get_input: debug}
883 ceilometer::api::host: {get_input: ceilometer_api_network}
884 ceilometer::api::keystone_password: {get_input: ceilometer_password}
885 ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
886 ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
887 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
888 ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
889 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
890 ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
891 ceilometer::db::mysql::password: {get_input: ceilometer_password}
892 ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
893 ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
894 ceilometer::dispatcher::gnocchi::filter_project: 'service'
895 ceilometer::dispatcher::gnocchi::archive_policy: 'low'
896 ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
897 ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
898 ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
899 ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
900 ceilometer::keystone::auth::password: {get_input: ceilometer_password }
901 ceilometer::keystone::auth::region: {get_input: keystone_region}
902 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
903 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
906 aodh_mysql_conn_string: {get_input: aodh_dsn}
907 aodh::rabbit_userid: {get_input: rabbit_username}
908 aodh::rabbit_password: {get_input: rabbit_password}
909 aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
910 aodh::rabbit_port: {get_input: rabbit_client_port}
911 aodh::debug: {get_input: debug}
912 aodh::wsgi::apache::ssl: false
913 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
914 aodh::api::service_name: 'httpd'
915 aodh::api::host: {get_input: aodh_api_network}
916 aodh::api::keystone_password: {get_input: aodh_password}
917 aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
918 aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
919 aodh::auth::auth_url: {get_input: keystone_auth_uri}
920 aodh::auth::auth_password: {get_input: aodh_password}
921 aodh::db::mysql::password: {get_input: aodh_password}
922 # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
923 aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
924 aodh::keystone::auth::public_url: {get_input: aodh_public_url }
925 aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
926 aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
927 aodh::keystone::auth::password: {get_input: aodh_password }
928 aodh::keystone::auth::region: {get_input: keystone_region}
931 gnocchi_backend: {get_input: gnocchi_backend}
932 gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
933 gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
934 gnocchi::debug: {get_input: debug}
935 gnocchi::wsgi::apache::ssl: false
936 gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
937 gnocchi::api::service_name: 'httpd'
938 gnocchi::api::host: {get_input: gnocchi_api_network}
939 gnocchi::api::keystone_password: {get_input: gnocchi_password}
940 gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
941 gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
942 gnocchi::db::mysql::password: {get_input: gnocchi_password}
943 gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
944 gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
945 gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
946 gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
947 gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
948 gnocchi::keystone::auth::password: {get_input: gnocchi_password }
949 gnocchi::keystone::auth::region: {get_input: keystone_region}
952 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
953 nova::use_ipv6: {get_input: nova_ipv6}
954 nova::api::auth_uri: {get_input: keystone_auth_uri}
955 nova::api::identity_uri: {get_input: keystone_identity_uri}
956 nova::api::api_bind_address: {get_input: nova_api_network}
957 nova::api::metadata_listen: {get_input: nova_metadata_network}
958 nova::api::admin_password: {get_input: nova_password}
959 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
960 nova::database_connection: {get_input: nova_dsn}
961 nova::api_database_connection: {get_input: nova_api_dsn}
962 nova::glance_api_servers: {get_input: glance_api_servers}
963 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
964 nova::api::instance_name_template: {get_input: instance_name_template}
965 nova::network::neutron::neutron_password: {get_input: neutron_password}
966 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
967 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
968 nova::vncproxy::host: {get_input: nova_api_network}
969 nova::db::mysql::password: {get_input: nova_password}
970 nova::db::mysql_api::password: {get_input: nova_password}
971 nova_enable_db_purge: {get_input: nova_enable_db_purge}
972 nova::keystone::auth::public_url: {get_input: nova_public_url}
973 nova::keystone::auth::internal_url: {get_input: nova_internal_url}
974 nova::keystone::auth::admin_url: {get_input: nova_admin_url}
975 nova::keystone::auth::password: {get_input: nova_password }
976 nova::keystone::auth::region: {get_input: keystone_region}
979 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
980 apache::ip: {get_input: horizon_network}
981 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
982 horizon::django_debug: {get_input: debug}
983 horizon::secret_key: {get_input: horizon_secret}
984 horizon::bind_address: {get_input: horizon_network}
985 horizon::keystone_url: {get_input: keystone_auth_uri}
988 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
989 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
991 redis::bind: {get_input: redis_network}
992 redis_vip: {get_input: redis_vip}
994 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
995 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
997 memcached_ipv6: {get_input: memcached_ipv6}
998 memcached::listen_ip: {get_input: memcached_network}
999 control_virtual_interface: {get_input: control_virtual_interface}
1000 public_virtual_interface: {get_input: public_virtual_interface}
1001 tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
1002 tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
1003 tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
1004 tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
1005 tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
1006 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1007 tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
1008 tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
1009 tripleo::haproxy::redis_password: {get_input: redis_password}
1010 tripleo::packages::enable_install: {get_input: enable_package_install}
1011 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1013 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1014 ControllerExtraConfigPre:
1015 depends_on: ControllerDeployment
1016 type: OS::TripleO::ControllerExtraConfigPre
1018 server: {get_resource: Controller}
1020 # Hook for site-specific additional pre-deployment config,
1021 # applying to all nodes, e.g node registration/unregistration
1023 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1024 type: OS::TripleO::NodeExtraConfig
1026 server: {get_resource: Controller}
1029 type: OS::TripleO::Tasks::PackageUpdate
1032 type: OS::Heat::SoftwareDeployment
1034 name: UpdateDeployment
1035 config: {get_resource: UpdateConfig}
1036 server: {get_resource: Controller}
1039 get_param: UpdateIdentifier
1043 description: IP address of the server in the ctlplane network
1044 value: {get_attr: [Controller, networks, ctlplane, 0]}
1045 external_ip_address:
1046 description: IP address of the server in the external network
1047 value: {get_attr: [ExternalPort, ip_address]}
1048 internal_api_ip_address:
1049 description: IP address of the server in the internal_api network
1050 value: {get_attr: [InternalApiPort, ip_address]}
1052 description: IP address of the server in the storage network
1053 value: {get_attr: [StoragePort, ip_address]}
1054 storage_mgmt_ip_address:
1055 description: IP address of the server in the storage_mgmt network
1056 value: {get_attr: [StorageMgmtPort, ip_address]}
1058 description: IP address of the server in the tenant network
1059 value: {get_attr: [TenantPort, ip_address]}
1060 management_ip_address:
1061 description: IP address of the server in the management network
1062 value: {get_attr: [ManagementPort, ip_address]}
1064 description: Hostname of the server
1065 value: {get_attr: [Controller, name]}
1068 Server's IP address and hostname in the /etc/hosts format
1072 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1073 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
1074 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
1075 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
1076 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
1077 TENANTIP TENANTHOST.DOMAIN TENANTHOST
1078 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
1080 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1081 DOMAIN: {get_param: CloudDomain}
1082 PRIMARYHOST: {get_attr: [Controller, name]}
1083 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1087 - - {get_attr: [Controller, name]}
1089 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1093 - - {get_attr: [Controller, name]}
1095 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1099 - - {get_attr: [Controller, name]}
1101 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1105 - - {get_attr: [Controller, name]}
1107 TENANTIP: {get_attr: [TenantPort, ip_address]}
1111 - - {get_attr: [Controller, name]}
1113 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1117 - - {get_attr: [Controller, name]}
1119 nova_server_resource:
1120 description: Heat resource handle for the Nova compute server
1122 {get_resource: Controller}
1124 description: Swift device formatted for swift-ring-builder
1127 template: 'r1z1-IP:%PORT%/d1'
1129 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1130 swift_proxy_memcache:
1131 description: Swift proxy-memcache value
1134 template: "IP:11211"
1136 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1138 description: identifier which changes if the controller configuration may need re-applying
1142 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1143 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1144 - {get_attr: [NodeTLSData, deploy_stdout]}
1145 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1146 - {get_param: UpdateIdentifier}
1147 tls_key_modulus_md5:
1148 description: MD5 checksum of the TLS Key Modulus
1149 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1150 tls_cert_modulus_md5:
1151 description: MD5 checksum of the TLS Certificate Modulus
1152 value: {get_attr: [NodeTLSData, cert_modulus_md5]}