1 heat_template_version: 2016-04-08
4 OpenStack controller node configured by Puppet.
8 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
15 description: The password for the aodh services.
18 #TODO(composable Redis): Remove the Redis password param
19 #As is used by ceilometer
20 CeilometerApiVirtualIP:
25 description: The ceilometer backend type.
27 CeilometerMeteringSecret:
28 description: Secret shared by the ceilometer services.
32 description: The password for the ceilometer service and db account.
35 CeilometerStoreEvents:
37 description: Whether to store events in ceilometer.
39 CeilometerMeterDispatcher:
41 description: Dispatcher to process meter data
44 - allowed_values: ['gnocchi', 'database']
50 description: Number of workers for Ceilometer service.
52 controllerExtraConfig:
55 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
57 ControllerExtraConfig:
60 Controller specific hiera configuration data to inject into the cluster.
65 A network mapped list of IPs to assign to Controllers in the following form:
67 "internal_api": ["a.b.c.d", "e.f.g.h"],
71 ControlVirtualInterface:
73 description: Interface where virtual ip will be assigned.
77 description: Enable IPv6 in Corosync
81 description: Set to True to enable debugging on all services.
85 description: Whether to enable fencing in Pacemaker or not.
89 description: Whether to use Galera instead of regular MariaDB.
93 description: Whether to deploy a LoadBalancer on the Controller
97 description: Whether to deploy Ceph Storage (OSD) on the Controller
101 description: Whether to enable Swift Storage on the Controller
106 Additional hieradata to inject into the cluster, note that
107 ControllerExtraConfig takes precedence over ExtraConfig.
112 Pacemaker fencing configuration. The JSON should have
113 the following structure:
117 "agent": "AGENT_NAME",
118 "host_mac": "HOST_MAC_ADDRESS",
119 "params": {"PARAM_NAME": "PARAM_VALUE"}
127 "agent": "fence_xvm",
128 "host_mac": "52:54:00:aa:bb:cc",
130 "multicast_address": "225.0.0.12",
131 "port": "baremetal_0",
133 "manage_key_file": true,
134 "key_file": "/etc/fence_xvm.key",
135 "key_file_password": "abcdef"
142 description: Flavor for control nodes to request when deploying.
145 - custom_constraint: nova.flavor
148 description: The short name of the Gnocchi backend to use. Should be one
149 of swift, rbd, or file
152 - allowed_values: ['swift', 'file', 'rbd']
153 GnocchiIndexerBackend:
155 description: The short name of the Gnocchi indexer backend to use.
161 description: The password for the gnocchi service and db account.
164 HAProxyStatsPassword:
165 description: Password for HAProxy stats endpoint
168 description: User for HAProxy stats endpoint
171 HAProxySyslogAddress:
173 description: Syslog address where HAproxy will send its log
175 HeatAuthEncryptionKey:
176 description: Auth encryption key for heat-engine
181 description: A list of IP/Hostname allowed to connect to horizon
182 type: comma_delimited_list
184 description: Secret key for Django
189 default: overcloud-control
191 - custom_constraint: glance.image
193 default: 'REBUILD_PRESERVE_EPHEMERAL'
194 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
196 InstanceNameTemplate:
197 default: 'instance-%08x'
198 description: Template string to be used to generate instance names
202 description: Name of an existing Nova key pair to enable SSH access to the instances
205 - custom_constraint: nova.keypair
209 description: Keystone region for endpoint
212 description: Whether to manage IPtables rules.
216 description: Enable IPv6 features in Memcached.
220 description: Whether IPtables rules should be purged before setting up the new ones.
225 MysqlClusterUniquePart:
226 description: A unique identifier of the MySQL cluster the controller is in.
228 default: 'unset' # Has to be here because of the ignored empty value bug
229 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
231 # - length: {min: 4, max: 10}
232 MysqlInnodbBufferPoolSize:
234 Specifies the size of the buffer pool in megabytes. Setting to
235 zero should be interpreted as "no value" and will defer to the
240 description: Configures MySQL max_connections config setting
243 MysqlClustercheckPassword:
249 default: '' # Has to be here because of the ignored empty value bug
250 NeutronMetadataProxySharedSecret:
251 description: Shared secret to prevent spoofing
257 The core plugin for Neutron. The value should be the entrypoint to be loaded
258 from neutron.core_plugins namespace.
260 NeutronServicePlugins:
261 default: "router,qos"
263 Comma-separated list of service plugin entrypoints to be loaded from the
264 neutron.service_plugins namespace.
265 type: comma_delimited_list
267 description: The password for the neutron service and db account, used by neutron agents.
270 NeutronPublicInterface:
272 description: What interface to bridge onto br-ex for network nodes.
276 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
277 be at least 50 bytes smaller than the MTU on the physical network. This
278 value will be used to set the MTU on the virtual Ethernet device.
279 This number is related to the value of NeutronDnsmasqOptions, since that
280 will determine the MTU that is assigned to the VM host through DHCP.
289 Whether to create cron job for purging soft deleted rows in Nova database.
293 description: Enable IPv6 features in Nova
296 description: The password for the nova service and db account, used by nova-api.
301 description: Number of workers for Nova service.
305 description: Comma-separated list of ntp servers
306 type: comma_delimited_list
309 description: The password for the 'pcsd' user.
311 PublicVirtualInterface:
314 Specifies the interface where the public-facing virtual ip will be assigned.
315 This should be int_public when a VLAN is being used.
319 default: '' # Has to be here because of the ignored empty value bug
322 default: '' # Has to be here because of the ignored empty value bug
325 description: The password for RabbitMQ
330 description: The username for RabbitMQ
335 Rabbit client subscriber parameter to specify
336 an SSL connection to the RabbitMQ host.
340 description: Set rabbit subscriber port, change this if using SSL
343 description: The password for Redis
348 default: '' # Has to be here because of the ignored empty value bug
351 default: '' # Has to be here because of the ignored empty value bug
352 description: An IP address which is wrapped in brackets in case of IPv6
353 SnmpdReadonlyUserName:
354 default: ro_snmp_user
355 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
357 SnmpdReadonlyUserPassword:
358 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
362 description: A random string to be used as a salt when hashing to determine mappings
368 description: Value of mount_check in Swift account/container/object -server.conf
373 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
376 description: Partition Power to use when building Swift rings
380 description: Whether to manage Swift rings or not
388 description: How many replicas to use in the swift rings.
391 description: The timezone to be set on controller nodes.
393 UpgradeLevelNovaCompute:
395 description: Nova Compute upgrade level
397 VirtualIP: # DEPRECATED: use per service settings instead
399 default: '' # Has to be here because of the ignored empty value bug
412 EnablePackageInstall:
414 description: Set to true to enable package installation via Puppet
418 description: Mapping of service_name -> network name. Typically set
419 via parameter_defaults in the resource registry.
423 description: Mapping of service endpoint -> protocol. Typically set
424 via parameter_defaults in the resource registry.
430 Setting to a previously unused value during stack-update will trigger
431 package update on all nodes
434 default: '' # Defaults to Heat created hostname
438 description: Optional mapping to override hostnames
439 NetworkDeploymentActions:
440 type: comma_delimited_list
442 Heat action when to apply network configuration changes
447 SoftwareConfigTransport:
448 default: POLL_SERVER_CFN
450 How the server should receive the metadata required for software configuration.
453 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
458 The DNS domain used for the hosts. This should match the dhcp_domain
459 configured in the Undercloud neutron. Defaults to localdomain.
463 Extra properties or metadata passed to Nova for the created nodes in
464 the overcloud. It's accessible via the Nova metadata API.
468 description: Optional scheduler hints to pass to nova
470 ServiceConfigSettings:
476 description: Do not use deprecated params, they will be removed.
478 - controllerExtraConfig
483 type: OS::Nova::Server
485 image: {get_param: Image}
486 image_update_policy: {get_param: ImageUpdatePolicy}
487 flavor: {get_param: Flavor}
488 key_name: {get_param: KeyName}
491 user_data_format: SOFTWARE_CONFIG
492 user_data: {get_resource: UserData}
495 template: {get_param: Hostname}
496 params: {get_param: HostnameMap}
497 software_config_transport: {get_param: SoftwareConfigTransport}
498 metadata: {get_param: ServerMetadata}
499 scheduler_hints: {get_param: SchedulerHints}
501 # Combine the NodeAdminUserData and NodeUserData mime archives
503 type: OS::Heat::MultipartMime
506 - config: {get_resource: NodeAdminUserData}
508 - config: {get_resource: NodeUserData}
511 # Creates the "heat-admin" user if configured via the environment
512 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
514 type: OS::TripleO::NodeAdminUserData
516 # For optional operator additional userdata
517 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
519 type: OS::TripleO::NodeUserData
522 type: OS::TripleO::Controller::Ports::ExternalPort
524 IPPool: {get_param: ControllerIPs}
525 NodeIndex: {get_param: NodeIndex}
526 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
529 type: OS::TripleO::Controller::Ports::InternalApiPort
531 IPPool: {get_param: ControllerIPs}
532 NodeIndex: {get_param: NodeIndex}
533 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
536 type: OS::TripleO::Controller::Ports::StoragePort
538 IPPool: {get_param: ControllerIPs}
539 NodeIndex: {get_param: NodeIndex}
540 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
543 type: OS::TripleO::Controller::Ports::StorageMgmtPort
545 IPPool: {get_param: ControllerIPs}
546 NodeIndex: {get_param: NodeIndex}
547 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
550 type: OS::TripleO::Controller::Ports::TenantPort
552 IPPool: {get_param: ControllerIPs}
553 NodeIndex: {get_param: NodeIndex}
554 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
557 type: OS::TripleO::Controller::Ports::ManagementPort
559 IPPool: {get_param: ControllerIPs}
560 NodeIndex: {get_param: NodeIndex}
561 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
564 type: OS::TripleO::Network::Ports::NetIpMap
566 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
567 ExternalIp: {get_attr: [ExternalPort, ip_address]}
568 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
569 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
570 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
571 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
572 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
573 StorageIp: {get_attr: [StoragePort, ip_address]}
574 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
575 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
576 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
577 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
578 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
579 TenantIp: {get_attr: [TenantPort, ip_address]}
580 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
581 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
582 ManagementIp: {get_attr: [ManagementPort, ip_address]}
583 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
584 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
587 type: OS::TripleO::Controller::Net::SoftwareConfig
589 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
590 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
591 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
592 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
593 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
594 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
595 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
598 type: OS::TripleO::SoftwareDeployment
600 name: NetworkDeployment
601 config: {get_resource: NetworkConfig}
602 server: {get_resource: Controller}
603 actions: {get_param: NetworkDeploymentActions}
606 interface_name: {get_param: NeutronPublicInterface}
608 # Resource for site-specific injection of root certificate
610 depends_on: NetworkDeployment
611 type: OS::TripleO::NodeTLSCAData
613 server: {get_resource: Controller}
615 # Resource for site-specific passing of private keys/certificates
617 depends_on: NodeTLSCAData
618 type: OS::TripleO::NodeTLSData
620 server: {get_resource: Controller}
621 NodeIndex: {get_param: NodeIndex}
624 ControllerDeployment:
625 type: OS::TripleO::SoftwareDeployment
626 depends_on: NetworkDeployment
628 name: ControllerDeployment
629 config: {get_resource: ControllerConfig}
630 server: {get_resource: Controller}
632 bootstack_nodeid: {get_attr: [Controller, name]}
633 ceilometer_workers: {get_param: CeilometerWorkers}
634 nova_workers: {get_param: NovaWorkers}
635 haproxy_log_address: {get_param: HAProxySyslogAddress}
636 haproxy_stats_password: {get_param: HAProxyStatsPassword}
637 haproxy_stats_user: {get_param: HAProxyStatsUser}
638 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
639 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
640 horizon_secret: {get_param: HorizonSecret}
641 admin_password: {get_param: AdminPassword}
642 debug: {get_param: Debug}
643 cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
644 cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
645 cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
646 cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
647 cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
648 cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
649 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
650 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
651 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
652 enable_fencing: {get_param: EnableFencing}
653 enable_galera: {get_param: EnableGalera}
654 enable_load_balancer: {get_param: EnableLoadBalancer}
655 enable_ceph_storage: {get_param: EnableCephStorage}
656 enable_swift_storage: {get_param: EnableSwiftStorage}
657 manage_firewall: {get_param: ManageFirewall}
658 purge_firewall_rules: {get_param: PurgeFirewallRules}
659 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
660 mysql_max_connections: {get_param: MysqlMaxConnections}
661 mysql_root_password: {get_param: MysqlRootPassword}
662 mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
665 template: tripleo-CLUSTER
667 CLUSTER: {get_param: MysqlClusterUniquePart}
668 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
669 neutron_core_plugin: {get_param: NeutronCorePlugin}
670 neutron_service_plugins:
674 PLUGINS: {get_param: NeutronServicePlugins}
675 neutron_password: {get_param: NeutronPassword}
676 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
677 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
678 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
679 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
680 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
681 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
682 ceilometer_backend: {get_param: CeilometerBackend}
683 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
684 ceilometer_password: {get_param: CeilometerPassword}
685 ceilometer_store_events: {get_param: CeilometerStoreEvents}
686 aodh_password: {get_param: AodhPassword}
687 aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
688 aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
689 aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
690 ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
691 gnocchi_password: {get_param: GnocchiPassword}
692 gnocchi_backend: {get_param: GnocchiBackend}
693 gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
694 ceilometer_coordination_url:
698 - {get_param: RedisPassword}
700 - {get_param: RedisVirtualIPUri}
705 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
707 - {get_param: CeilometerPassword}
709 - {get_param: [EndpointMap, MysqlInternal, host]}
714 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
716 - {get_param: GnocchiPassword}
718 - {get_param: [EndpointMap, MysqlInternal, host]}
720 gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
721 gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
722 gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
723 ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
724 ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
725 ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
726 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
727 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
728 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
729 nova_ipv6: {get_param: NovaIPv6}
730 corosync_ipv6: {get_param: CorosyncIPv6}
731 memcached_ipv6: {get_param: MemcachedIPv6}
732 nova_password: {get_param: NovaPassword}
736 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
738 - {get_param: NovaPassword}
740 - {get_param: [EndpointMap, MysqlInternal, host]}
745 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
747 - {get_param: NovaPassword}
749 - {get_param: [EndpointMap, MysqlInternal, host]}
751 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
752 instance_name_template: {get_param: InstanceNameTemplate}
753 nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
754 nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
755 nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
756 fencing_config: {get_param: FencingConfig}
757 pcsd_password: {get_param: PcsdPassword}
758 rabbit_username: {get_param: RabbitUserName}
759 rabbit_password: {get_param: RabbitPassword}
760 rabbit_cookie: {get_param: RabbitCookie}
761 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
762 rabbit_client_port: {get_param: RabbitClientPort}
763 ntp_servers: {get_param: NtpServer}
764 timezone: {get_param: TimeZone}
765 control_virtual_interface: {get_param: ControlVirtualInterface}
766 public_virtual_interface: {get_param: PublicVirtualInterface}
767 swift_hash_suffix: {get_param: SwiftHashSuffix}
768 swift_part_power: {get_param: SwiftPartPower}
769 swift_ring_build: {get_param: SwiftRingBuild}
770 swift_replicas: {get_param: SwiftReplicas}
771 swift_min_part_hours: {get_param: SwiftMinPartHours}
772 swift_mount_check: {get_param: SwiftMountCheck}
773 enable_package_install: {get_param: EnablePackageInstall}
774 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
775 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
776 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
777 cinder_iscsi_network:
781 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
782 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
783 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
784 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
785 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
786 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
787 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
788 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
789 keystone_region: {get_param: KeystoneRegion}
790 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
791 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
792 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
793 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
794 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
795 gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
796 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
797 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
798 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
801 template: "['SUBNET']"
803 SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
804 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
805 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
806 redis_vip: {get_param: RedisVirtualIP}
807 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
808 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
809 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
810 mysql_virtual_ip: {get_param: MysqlVirtualIP}
811 ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
812 ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
813 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
815 # Map heat metadata into hiera datafiles
817 type: OS::Heat::StructuredConfig
819 group: os-apply-config
824 - heat_config_%{::deploy_config_name}
825 - controller_extraconfig
831 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
832 - ceph_cluster # provided by CephClusterConfig
834 - bootstrap_node # provided by BootstrapNodeConfig
835 - all_nodes # provided by allNodesConfig
836 - vip_data # provided by vip-config
840 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
841 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
842 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
843 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
844 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
845 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
846 - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
847 - midonet_data #Optionally provided by AllNodesExtraConfig
848 - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
849 - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre
850 merge_behavior: deeper
853 mapped_data: {get_param: ServiceConfigSettings}
854 controller_extraconfig:
857 - {get_param: controllerExtraConfig}
858 - {get_param: ControllerExtraConfig}
860 mapped_data: {get_param: ExtraConfig}
862 raw_data: {get_file: hieradata/common.yaml}
865 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
866 net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
867 net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
869 raw_data: {get_file: hieradata/ceph.yaml}
871 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
872 ceph::profile::params::public_network: {get_input: ceph_public_network}
873 ceph::profile::params::public_addr: {get_input: ceph_public_ip}
875 raw_data: {get_file: hieradata/database.yaml}
877 raw_data: {get_file: hieradata/object.yaml}
879 raw_data: {get_file: hieradata/controller.yaml}
880 mapped_data: # data supplied directly to this deployment configuration, etc
881 bootstack_nodeid: {get_input: bootstack_nodeid}
884 enable_fencing: {get_input: enable_fencing}
885 enable_load_balancer: {get_input: enable_load_balancer}
886 hacluster_pwd: {get_input: pcsd_password}
887 corosync_ipv6: {get_input: corosync_ipv6}
888 tripleo::fencing::config: {get_input: fencing_config}
891 # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
892 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
893 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
894 swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
895 tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
896 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
897 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
898 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
899 swift_mount_check: {get_input: swift_mount_check}
902 tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
903 cinder::api::bind_host: {get_input: cinder_api_network}
904 cinder::keystone::auth::public_url: {get_input: cinder_public_url }
905 cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
906 cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
907 cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
908 cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
909 cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
910 cinder::keystone::auth::password: {get_input: cinder_password }
911 cinder::keystone::auth::region: {get_input: keystone_region}
914 glance::api::bind_host: {get_input: glance_api_network}
915 glance::registry::bind_host: {get_input: glance_registry_network}
916 glance::keystone::auth::region: {get_input: keystone_region}
919 heat::api::bind_host: {get_input: heat_api_network}
920 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
921 heat::api_cfn::bind_host: {get_input: heat_api_network}
922 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
925 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
926 keystone::public_bind_host: {get_input: keystone_public_api_network}
927 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
928 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
931 mongodb::server::bind_ip: {get_input: mongo_db_network}
934 admin_password: {get_input: admin_password}
935 enable_galera: {get_input: enable_galera}
936 enable_ceph_storage: {get_input: enable_ceph_storage}
937 enable_swift_storage: {get_input: enable_swift_storage}
938 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
939 mysql_max_connections: {get_input: mysql_max_connections}
940 mysql::server::root_password: {get_input: mysql_root_password}
941 mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
942 mysql_cluster_name: {get_input: mysql_cluster_name}
943 mysql_bind_host: {get_input: mysql_network}
944 mysql_virtual_ip: {get_input: mysql_virtual_ip}
947 neutron::bind_host: {get_input: neutron_api_network}
948 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
949 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
950 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
951 neutron::core_plugin: {get_input: neutron_core_plugin}
952 neutron::service_plugins: {get_input: neutron_service_plugins}
953 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
954 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
955 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
956 neutron::keystone::auth::password: {get_input: neutron_password }
957 neutron::keystone::auth::region: {get_input: keystone_region}
960 ceilometer_backend: {get_input: ceilometer_backend}
961 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
962 ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
963 ceilometer::rabbit_userid: {get_input: rabbit_username}
964 ceilometer::rabbit_password: {get_input: rabbit_password}
965 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
966 ceilometer::rabbit_port: {get_input: rabbit_client_port}
967 ceilometer::debug: {get_input: debug}
968 ceilometer::api::host: {get_input: ceilometer_api_network}
969 ceilometer::api::keystone_password: {get_input: ceilometer_password}
970 ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
971 ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
972 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
973 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
974 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
975 ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
976 ceilometer::db::mysql::password: {get_input: ceilometer_password}
977 ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
978 ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
979 ceilometer::dispatcher::gnocchi::filter_project: 'service'
980 ceilometer::dispatcher::gnocchi::archive_policy: 'low'
981 ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
982 ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
983 ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
984 ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
985 ceilometer::keystone::auth::password: {get_input: ceilometer_password }
986 ceilometer::keystone::auth::region: {get_input: keystone_region}
987 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
988 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
991 aodh::rabbit_userid: {get_input: rabbit_username}
992 aodh::rabbit_password: {get_input: rabbit_password}
993 aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
994 aodh::rabbit_port: {get_input: rabbit_client_port}
995 aodh::debug: {get_input: debug}
996 aodh::wsgi::apache::ssl: false
997 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
998 aodh::api::service_name: 'httpd'
999 aodh::api::host: {get_input: aodh_api_network}
1000 aodh::api::keystone_password: {get_input: aodh_password}
1001 aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1002 aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1003 aodh::auth::auth_password: {get_input: aodh_password}
1004 aodh::db::mysql::password: {get_input: aodh_password}
1005 # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
1006 aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
1007 aodh::keystone::auth::public_url: {get_input: aodh_public_url }
1008 aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
1009 aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
1010 aodh::keystone::auth::password: {get_input: aodh_password }
1011 aodh::keystone::auth::region: {get_input: keystone_region}
1014 gnocchi_backend: {get_input: gnocchi_backend}
1015 gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
1016 gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
1017 gnocchi::debug: {get_input: debug}
1018 gnocchi::wsgi::apache::ssl: false
1019 gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
1020 gnocchi::api::service_name: 'httpd'
1021 gnocchi::api::host: {get_input: gnocchi_api_network}
1022 gnocchi::api::keystone_password: {get_input: gnocchi_password}
1023 gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1024 gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1025 gnocchi::db::mysql::password: {get_input: gnocchi_password}
1026 gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
1027 gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
1028 gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
1029 gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
1030 gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
1031 gnocchi::keystone::auth::password: {get_input: gnocchi_password }
1032 gnocchi::keystone::auth::region: {get_input: keystone_region}
1035 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
1036 nova::use_ipv6: {get_input: nova_ipv6}
1037 nova::api::auth_uri: {get_input: keystone_auth_uri}
1038 nova::api::identity_uri: {get_input: keystone_identity_uri}
1039 nova::api::api_bind_address: {get_input: nova_api_network}
1040 nova::api::metadata_listen: {get_input: nova_metadata_network}
1041 nova::api::admin_password: {get_input: nova_password}
1042 nova::api::osapi_compute_workers: {get_input: nova_workers}
1043 nova::api::metadata_workers: {get_input: nova_workers}
1044 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
1045 nova::database_connection: {get_input: nova_dsn}
1046 nova::api_database_connection: {get_input: nova_api_dsn}
1047 nova::glance_api_servers: {get_input: glance_api_servers}
1048 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1049 nova::api::instance_name_template: {get_input: instance_name_template}
1050 nova::network::neutron::neutron_password: {get_input: neutron_password}
1051 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
1052 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
1053 nova::vncproxy::host: {get_input: nova_api_network}
1054 nova::db::mysql::password: {get_input: nova_password}
1055 nova::db::mysql_api::password: {get_input: nova_password}
1056 nova_enable_db_purge: {get_input: nova_enable_db_purge}
1057 nova::keystone::auth::public_url: {get_input: nova_public_url}
1058 nova::keystone::auth::internal_url: {get_input: nova_internal_url}
1059 nova::keystone::auth::admin_url: {get_input: nova_admin_url}
1060 nova::keystone::auth::password: {get_input: nova_password }
1061 nova::keystone::auth::region: {get_input: keystone_region}
1064 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
1065 apache::ip: {get_input: horizon_network}
1066 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1067 horizon::django_debug: {get_input: debug}
1068 horizon::secret_key: {get_input: horizon_secret}
1069 horizon::bind_address: {get_input: horizon_network}
1070 horizon::keystone_url: {get_input: keystone_auth_uri}
1073 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1074 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1076 redis::bind: {get_input: redis_network}
1077 redis_vip: {get_input: redis_vip}
1079 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
1080 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
1082 memcached_ipv6: {get_input: memcached_ipv6}
1083 memcached::listen_ip: {get_input: memcached_network}
1084 ntp::servers: {get_input: ntp_servers}
1085 timezone::timezone: {get_input: timezone}
1086 control_virtual_interface: {get_input: control_virtual_interface}
1087 public_virtual_interface: {get_input: public_virtual_interface}
1088 tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
1089 tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
1090 tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
1091 tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
1092 tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
1093 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1094 tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
1095 tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
1096 tripleo::haproxy::redis_password: {get_input: redis_password}
1097 tripleo::packages::enable_install: {get_input: enable_package_install}
1098 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1100 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1101 ControllerExtraConfigPre:
1102 depends_on: ControllerDeployment
1103 type: OS::TripleO::ControllerExtraConfigPre
1105 server: {get_resource: Controller}
1107 # Hook for site-specific additional pre-deployment config,
1108 # applying to all nodes, e.g node registration/unregistration
1110 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1111 type: OS::TripleO::NodeExtraConfig
1113 server: {get_resource: Controller}
1116 type: OS::TripleO::Tasks::PackageUpdate
1119 type: OS::Heat::SoftwareDeployment
1121 name: UpdateDeployment
1122 config: {get_resource: UpdateConfig}
1123 server: {get_resource: Controller}
1126 get_param: UpdateIdentifier
1130 description: IP address of the server in the ctlplane network
1131 value: {get_attr: [Controller, networks, ctlplane, 0]}
1132 external_ip_address:
1133 description: IP address of the server in the external network
1134 value: {get_attr: [ExternalPort, ip_address]}
1135 internal_api_ip_address:
1136 description: IP address of the server in the internal_api network
1137 value: {get_attr: [InternalApiPort, ip_address]}
1139 description: IP address of the server in the storage network
1140 value: {get_attr: [StoragePort, ip_address]}
1141 storage_mgmt_ip_address:
1142 description: IP address of the server in the storage_mgmt network
1143 value: {get_attr: [StorageMgmtPort, ip_address]}
1145 description: IP address of the server in the tenant network
1146 value: {get_attr: [TenantPort, ip_address]}
1147 management_ip_address:
1148 description: IP address of the server in the management network
1149 value: {get_attr: [ManagementPort, ip_address]}
1151 description: Hostname of the server
1152 value: {get_attr: [Controller, name]}
1155 Server's IP address and hostname in the /etc/hosts format
1159 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1160 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
1161 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
1162 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
1163 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
1164 TENANTIP TENANTHOST.DOMAIN TENANTHOST
1165 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
1167 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1168 DOMAIN: {get_param: CloudDomain}
1169 PRIMARYHOST: {get_attr: [Controller, name]}
1170 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1174 - - {get_attr: [Controller, name]}
1176 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1180 - - {get_attr: [Controller, name]}
1182 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1186 - - {get_attr: [Controller, name]}
1188 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1192 - - {get_attr: [Controller, name]}
1194 TENANTIP: {get_attr: [TenantPort, ip_address]}
1198 - - {get_attr: [Controller, name]}
1200 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1204 - - {get_attr: [Controller, name]}
1206 nova_server_resource:
1207 description: Heat resource handle for the Nova compute server
1209 {get_resource: Controller}
1211 description: Swift device formatted for swift-ring-builder
1214 template: 'r1z1-IP:%PORT%/d1'
1216 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1217 swift_proxy_memcache:
1218 description: Swift proxy-memcache value
1221 template: "IP:11211"
1223 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1225 description: identifier which changes if the controller configuration may need re-applying
1229 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1230 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1231 - {get_attr: [NodeTLSData, deploy_stdout]}
1232 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1233 - {get_param: UpdateIdentifier}
1234 tls_key_modulus_md5:
1235 description: MD5 checksum of the TLS Key Modulus
1236 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1237 tls_cert_modulus_md5:
1238 description: MD5 checksum of the TLS Certificate Modulus
1239 value: {get_attr: [NodeTLSData, cert_modulus_md5]}