1 heat_template_version: 2016-10-14
4 OpenStack controller node configured by Puppet.
10 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
12 ControllerExtraConfig:
15 Controller specific hiera configuration data to inject into the cluster.
20 A network mapped list of IPs to assign to Controllers in the following form:
22 "internal_api": ["a.b.c.d", "e.f.g.h"],
28 description: Enable IPv6 in Corosync
32 description: Set to True to enable debugging on all services.
36 description: Whether to enable fencing in Pacemaker or not.
40 description: Whether to deploy a LoadBalancer on the Controller
45 Additional hieradata to inject into the cluster, note that
46 ControllerExtraConfig takes precedence over ExtraConfig.
51 Pacemaker fencing configuration. The JSON should have
52 the following structure:
56 "agent": "AGENT_NAME",
57 "host_mac": "HOST_MAC_ADDRESS",
58 "params": {"PARAM_NAME": "PARAM_VALUE"}
67 "host_mac": "52:54:00:aa:bb:cc",
69 "multicast_address": "225.0.0.12",
70 "port": "baremetal_0",
72 "manage_key_file": true,
73 "key_file": "/etc/fence_xvm.key",
74 "key_file_password": "abcdef"
80 OvercloudControlFlavor:
81 description: Flavor for control nodes to request when deploying.
85 - custom_constraint: nova.flavor
87 description: Secret key for Django
92 default: overcloud-full
94 - custom_constraint: glance.image
96 default: 'REBUILD_PRESERVE_EPHEMERAL'
97 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
100 default: 'instance-%08x'
101 description: Template string to be used to generate instance names
105 description: Name of an existing Nova key pair to enable SSH access to the instances
108 - custom_constraint: nova.keypair
111 description: Whether to manage IPtables rules.
115 description: Enable IPv6 features in Memcached.
119 description: Whether IPtables rules should be purged before setting up the new ones.
121 NeutronMetadataProxySharedSecret:
122 description: Shared secret to prevent spoofing
126 description: The password for the neutron service and db account, used by neutron agents.
129 NeutronPublicInterface:
131 description: What interface to bridge onto br-ex for network nodes.
136 Whether to create cron job for purging soft deleted rows in Nova database.
140 description: Enable IPv6 features in Nova
143 description: The password for the nova service and db account, used by nova-api.
148 description: The password for the 'pcsd' user.
151 description: The password for Redis
156 default: '' # Has to be here because of the ignored empty value bug
159 default: '' # Has to be here because of the ignored empty value bug
160 description: An IP address which is wrapped in brackets in case of IPv6
163 description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
165 UpgradeLevelNovaCompute:
167 description: Nova Compute upgrade level
171 description: Mapping of service_name -> network name. Typically set
172 via parameter_defaults in the resource registry.
176 description: Mapping of service endpoint -> protocol. Typically set
177 via parameter_defaults in the resource registry.
183 Setting to a previously unused value during stack-update will trigger
184 package update on all nodes
187 default: '' # Defaults to Heat created hostname
191 description: Optional mapping to override hostnames
192 NetworkDeploymentActions:
193 type: comma_delimited_list
195 Heat action when to apply network configuration changes
200 SoftwareConfigTransport:
201 default: POLL_SERVER_CFN
203 How the server should receive the metadata required for software configuration.
206 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
210 The DNS domain used for the hosts. This should match the dhcp_domain
211 configured in the Undercloud neutron. Defaults to localdomain.
215 Extra properties or metadata passed to Nova for the created nodes in
216 the overcloud. It's accessible via the Nova metadata API.
218 ControllerSchedulerHints:
220 description: Optional scheduler hints to pass to nova
222 ServiceConfigSettings:
226 type: comma_delimited_list
230 description: Command which will be run whenever configuration data changes
231 default: os-refresh-config --timeout 14400
235 description: Do not use deprecated params, they will be removed.
237 - controllerExtraConfig
242 type: OS::TripleO::Server
245 command: {get_param: ConfigCommand}
247 image: {get_param: controllerImage}
248 image_update_policy: {get_param: ImageUpdatePolicy}
249 flavor: {get_param: OvercloudControlFlavor}
250 key_name: {get_param: KeyName}
253 user_data_format: SOFTWARE_CONFIG
254 user_data: {get_resource: UserData}
257 template: {get_param: Hostname}
258 params: {get_param: HostnameMap}
259 software_config_transport: {get_param: SoftwareConfigTransport}
260 metadata: {get_param: ServerMetadata}
261 scheduler_hints: {get_param: ControllerSchedulerHints}
263 # Combine the NodeAdminUserData and NodeUserData mime archives
265 type: OS::Heat::MultipartMime
268 - config: {get_resource: NodeAdminUserData}
270 - config: {get_resource: NodeUserData}
273 # Creates the "heat-admin" user if configured via the environment
274 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
276 type: OS::TripleO::NodeAdminUserData
278 # For optional operator additional userdata
279 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
281 type: OS::TripleO::NodeUserData
284 type: OS::TripleO::Controller::Ports::ExternalPort
286 IPPool: {get_param: ControllerIPs}
287 NodeIndex: {get_param: NodeIndex}
288 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
291 type: OS::TripleO::Controller::Ports::InternalApiPort
293 IPPool: {get_param: ControllerIPs}
294 NodeIndex: {get_param: NodeIndex}
295 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
298 type: OS::TripleO::Controller::Ports::StoragePort
300 IPPool: {get_param: ControllerIPs}
301 NodeIndex: {get_param: NodeIndex}
302 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
305 type: OS::TripleO::Controller::Ports::StorageMgmtPort
307 IPPool: {get_param: ControllerIPs}
308 NodeIndex: {get_param: NodeIndex}
309 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
312 type: OS::TripleO::Controller::Ports::TenantPort
314 IPPool: {get_param: ControllerIPs}
315 NodeIndex: {get_param: NodeIndex}
316 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
319 type: OS::TripleO::Controller::Ports::ManagementPort
321 IPPool: {get_param: ControllerIPs}
322 NodeIndex: {get_param: NodeIndex}
323 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
326 type: OS::TripleO::Network::Ports::NetIpMap
328 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
329 ExternalIp: {get_attr: [ExternalPort, ip_address]}
330 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
331 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
332 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
333 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
334 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
335 StorageIp: {get_attr: [StoragePort, ip_address]}
336 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
337 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
338 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
339 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
340 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
341 TenantIp: {get_attr: [TenantPort, ip_address]}
342 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
343 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
344 ManagementIp: {get_attr: [ManagementPort, ip_address]}
345 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
346 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
349 type: OS::TripleO::Controller::Net::SoftwareConfig
351 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
352 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
353 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
354 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
355 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
356 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
357 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
360 type: OS::TripleO::SoftwareDeployment
362 name: NetworkDeployment
363 config: {get_resource: NetworkConfig}
364 server: {get_resource: Controller}
365 actions: {get_param: NetworkDeploymentActions}
368 interface_name: {get_param: NeutronPublicInterface}
370 # Resource for site-specific injection of root certificate
372 depends_on: NetworkDeployment
373 type: OS::TripleO::NodeTLSCAData
375 server: {get_resource: Controller}
377 # Resource for site-specific passing of private keys/certificates
379 depends_on: NodeTLSCAData
380 type: OS::TripleO::NodeTLSData
382 server: {get_resource: Controller}
383 NodeIndex: {get_param: NodeIndex}
386 ControllerDeployment:
387 type: OS::TripleO::SoftwareDeployment
388 depends_on: NetworkDeployment
390 name: ControllerDeployment
391 config: {get_resource: ControllerConfig}
392 server: {get_resource: Controller}
394 bootstack_nodeid: {get_attr: [Controller, name]}
395 horizon_secret: {get_param: HorizonSecret}
396 debug: {get_param: Debug}
397 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
398 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
399 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
400 enable_fencing: {get_param: EnableFencing}
401 enable_load_balancer: {get_param: EnableLoadBalancer}
402 manage_firewall: {get_param: ManageFirewall}
403 purge_firewall_rules: {get_param: PurgeFirewallRules}
404 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
405 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
406 nova_ipv6: {get_param: NovaIPv6}
407 corosync_ipv6: {get_param: CorosyncIPv6}
408 memcached_ipv6: {get_param: MemcachedIPv6}
409 nova_password: {get_param: NovaPassword}
410 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
411 instance_name_template: {get_param: InstanceNameTemplate}
412 fencing_config: {get_param: FencingConfig}
413 pcsd_password: {get_param: PcsdPassword}
414 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
415 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
416 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
417 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
418 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
419 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
420 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
423 template: "['SUBNET']"
430 template: "NETWORK_subnet"
432 NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
433 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
434 redis_vip: {get_param: RedisVirtualIP}
435 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
436 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
437 ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
439 # Map heat metadata into hiera datafiles
441 type: OS::Heat::StructuredConfig
443 group: os-apply-config
448 - heat_config_%{::deploy_config_name}
449 - controller_extraconfig
454 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
455 - bootstrap_node # provided by BootstrapNodeConfig
456 - all_nodes # provided by allNodesConfig
457 - vip_data # provided by vip-config
459 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
460 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
461 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
462 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
463 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
464 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
465 - midonet_data #Optionally provided by AllNodesExtraConfig
466 - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
467 merge_behavior: deeper
471 service_names: {get_param: ServiceNames}
475 - {get_param: ServiceConfigSettings}
476 - values: {get_attr: [NetIpMap, net_ip_map]}
477 controller_extraconfig:
480 - {get_param: controllerExtraConfig}
481 - {get_param: ControllerExtraConfig}
483 mapped_data: {get_param: ExtraConfig}
485 mapped_data: # data supplied directly to this deployment configuration, etc
486 bootstack_nodeid: {get_input: bootstack_nodeid}
489 enable_fencing: {get_input: enable_fencing}
490 enable_load_balancer: {get_input: enable_load_balancer}
491 hacluster_pwd: {get_input: pcsd_password}
492 corosync_ipv6: {get_input: corosync_ipv6}
493 tripleo::fencing::config: {get_input: fencing_config}
496 neutron::bind_host: {get_input: neutron_api_network}
497 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
498 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
499 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
500 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
503 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
504 nova::use_ipv6: {get_input: nova_ipv6}
505 nova::api::api_bind_address: {get_input: nova_api_network}
506 nova::api::metadata_listen: {get_input: nova_metadata_network}
507 nova::glance_api_servers: {get_input: glance_api_servers}
508 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
509 nova::api::instance_name_template: {get_input: instance_name_template}
510 nova::vncproxy::host: {get_input: nova_api_network}
511 nova_enable_db_purge: {get_input: nova_enable_db_purge}
514 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
515 apache::ip: {get_input: horizon_network}
516 horizon::django_debug: {get_input: debug}
517 horizon::secret_key: {get_input: horizon_secret}
518 horizon::bind_address: {get_input: horizon_network}
519 horizon::keystone_url: {get_input: keystone_auth_uri}
522 sahara::host: {get_input: sahara_api_network}
525 redis::bind: {get_input: redis_network}
526 redis_vip: {get_input: redis_vip}
528 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
529 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
531 memcached_ipv6: {get_input: memcached_ipv6}
532 memcached::listen_ip: {get_input: memcached_network}
533 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
534 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
536 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
537 ControllerExtraConfigPre:
538 depends_on: ControllerDeployment
539 type: OS::TripleO::ControllerExtraConfigPre
541 server: {get_resource: Controller}
543 # Hook for site-specific additional pre-deployment config,
544 # applying to all nodes, e.g node registration/unregistration
546 depends_on: [ControllerExtraConfigPre, NodeTLSData]
547 type: OS::TripleO::NodeExtraConfig
549 server: {get_resource: Controller}
552 type: OS::TripleO::Tasks::PackageUpdate
555 type: OS::Heat::SoftwareDeployment
557 name: UpdateDeployment
558 config: {get_resource: UpdateConfig}
559 server: {get_resource: Controller}
562 get_param: UpdateIdentifier
566 description: IP address of the server in the ctlplane network
567 value: {get_attr: [Controller, networks, ctlplane, 0]}
569 description: IP address of the server in the external network
570 value: {get_attr: [ExternalPort, ip_address]}
571 internal_api_ip_address:
572 description: IP address of the server in the internal_api network
573 value: {get_attr: [InternalApiPort, ip_address]}
575 description: IP address of the server in the storage network
576 value: {get_attr: [StoragePort, ip_address]}
577 storage_mgmt_ip_address:
578 description: IP address of the server in the storage_mgmt network
579 value: {get_attr: [StorageMgmtPort, ip_address]}
581 description: IP address of the server in the tenant network
582 value: {get_attr: [TenantPort, ip_address]}
583 management_ip_address:
584 description: IP address of the server in the management network
585 value: {get_attr: [ManagementPort, ip_address]}
587 description: Hostname of the server
588 value: {get_attr: [Controller, name]}
591 Server's IP address and hostname in the /etc/hosts format
595 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
596 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
597 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
598 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
599 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
600 TENANTIP TENANTHOST.DOMAIN TENANTHOST
601 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
603 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
604 DOMAIN: {get_param: CloudDomain}
605 PRIMARYHOST: {get_attr: [Controller, name]}
606 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
610 - - {get_attr: [Controller, name]}
612 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
616 - - {get_attr: [Controller, name]}
618 STORAGEIP: {get_attr: [StoragePort, ip_address]}
622 - - {get_attr: [Controller, name]}
624 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
628 - - {get_attr: [Controller, name]}
630 TENANTIP: {get_attr: [TenantPort, ip_address]}
634 - - {get_attr: [Controller, name]}
636 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
640 - - {get_attr: [Controller, name]}
642 nova_server_resource:
643 description: Heat resource handle for the Nova compute server
645 {get_resource: Controller}
647 description: Swift device formatted for swift-ring-builder
653 - ['r1z1-IP:%PORT%/d1']
655 template: 'r1z1-IP:%PORT%/DEVICE'
657 DEVICE: {get_param: SwiftRawDisks}
664 template: "NETWORK_uri"
666 NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
667 swift_proxy_memcache:
668 description: Swift proxy-memcache value
678 template: "NETWORK_uri"
680 NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
682 description: MD5 checksum of the TLS Key Modulus
683 value: {get_attr: [NodeTLSData, key_modulus_md5]}
684 tls_cert_modulus_md5:
685 description: MD5 checksum of the TLS Certificate Modulus
686 value: {get_attr: [NodeTLSData, cert_modulus_md5]}