1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service and db account.
31 CinderEnableNfsBackend:
33 description: Whether to enable or not the NFS backend for Cinder
35 CinderEnableIscsiBackend:
37 description: Whether to enable or not the Iscsi backend for Cinder
39 CinderEnableRbdBackend:
41 description: Whether to enable or not the Rbd backend for Cinder
45 description: The iSCSI helper to use with cinder.
47 CinderLVMLoopDeviceSize:
49 description: The size of the loopback file used by the cinder LVM driver.
51 CinderNfsMountOptions:
54 Mount options for NFS mounts used by Cinder NFS backend. Effective
55 when CinderEnableNfsBackend is true.
60 NFS servers used by Cinder NFS backend. Effective when
61 CinderEnableNfsBackend is true.
62 type: comma_delimited_list
65 description: The password for the cinder service and db account, used by cinder-api.
70 description: Contains parameters to configure Cinder backends. Typically
71 set via parameter_defaults in the resource registry.
75 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
77 ControllerExtraConfig:
80 Controller specific hiera configuration data to inject into the cluster.
82 ControlVirtualInterface:
84 description: Interface where virtual ip will be assigned.
88 description: Set to True to enable debugging on all services.
92 description: Whether to enable fencing in Pacemaker or not.
96 description: Whether to use Galera instead of regular MariaDB.
100 description: Whether to deploy Ceph Storage (OSD) on the Controller
104 description: Whether to enable Swift Storage on the Controller
109 Additional hieradata to inject into the cluster, note that
110 ControllerExtraConfig takes precedence over ExtraConfig.
115 Pacemaker fencing configuration. The JSON should have
116 the following structure:
120 "agent": "AGENT_NAME",
121 "host_mac": "HOST_MAC_ADDRESS",
122 "params": {"PARAM_NAME": "PARAM_VALUE"}
130 "agent": "fence_xvm",
131 "host_mac": "52:54:00:aa:bb:cc",
133 "multicast_address": "225.0.0.12",
134 "port": "baremetal_0",
136 "manage_key_file": true,
137 "key_file": "/etc/fence_xvm.key",
138 "key_file_password": "abcdef"
145 description: Flavor for control nodes to request when deploying.
148 - custom_constraint: nova.flavor
149 GlanceNotifierStrategy:
150 description: Strategy to use for Glance notification queue
154 description: The filepath of the file to use for logging messages from Glance.
159 description: The password for the glance service and db account, used by the glance services.
164 description: Glance port.
168 description: Protocol to use when connecting to glance, set to https for SSL.
172 description: The short name of the Glance backend to use. Should be one
173 of swift, rbd, or file
176 - allowed_values: ['swift', 'file', 'rbd']
177 HAProxySyslogAddress:
179 description: Syslog address where HAproxy will send its log
183 description: The password for the Heat service and db account, used by the Heat services.
186 HeatStackDomainAdminPassword:
187 description: Password for heat_domain_admin user.
191 HeatAuthEncryptionKey:
192 description: Auth encryption key for heat-engine
196 description: A list of IP/Hostname allowed to connect to horizon
197 type: comma_delimited_list
199 description: Secret key for Django
203 default: overcloud-control
205 - custom_constraint: glance.image
207 default: 'REBUILD_PRESERVE_EPHEMERAL'
208 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
212 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
215 - custom_constraint: nova.keypair
216 KeystoneCACertificate:
218 description: Keystone self-signed certificate authority certificate.
220 KeystoneSigningCertificate:
222 description: Keystone certificate for verifying token validity.
226 description: Keystone key for signing tokens.
229 KeystoneSSLCertificate:
231 description: Keystone certificate for verifying token validity.
233 KeystoneSSLCertificateKey:
235 description: Keystone key for signing tokens.
238 KeystoneNotificationDriver:
239 description: Comma-separated list of Oslo notification drivers used by Keystone
240 default: ['messaging']
241 type: comma_delimited_list
242 KeystoneNotificationFormat:
243 description: The Keystone notification format
247 - allowed_values: [ 'basic', 'cadf' ]
248 MysqlClusterUniquePart:
249 description: A unique identifier of the MySQL cluster the controller is in.
251 default: 'unset' # Has to be here because of the ignored empty value bug
252 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
254 # - length: {min: 4, max: 10}
255 MysqlInnodbBufferPoolSize:
257 Specifies the size of the buffer pool in megabytes. Setting to
258 zero should be interpreted as "no value" and will defer to the
263 description: Configures MySQL max_connections config setting
269 default: '' # Has to be here because of the ignored empty value bug
270 NeutronExternalNetworkBridge:
271 description: Name of bridge used for external network traffic.
274 NeutronBridgeMappings:
276 The OVS logical->physical bridge mappings to use. See the Neutron
277 documentation for details. Defaults to mapping br-ex - the external
278 bridge on hosts - to a physical name 'datacentre' which can be used
279 to create provider networks (and we use this for the default floating
280 network) - if changing this either use different post-install network
281 scripts or be sure to keep 'datacentre' as a mapping network name.
283 default: "datacentre:br-ex"
284 NeutronDnsmasqOptions:
285 default: 'dhcp-option-force=26,1400'
286 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
290 description: Agent mode for the neutron-l3-agent on the controller hosts
294 description: Whether to enable l3-agent HA
296 NeutronDhcpAgentsPerNetwork:
299 description: The number of neutron dhcp agents to schedule per network
302 description: Whether to configure Neutron Distributed Virtual Routers
304 NeutronMetadataProxySharedSecret:
306 description: Shared secret to prevent spoofing
311 The core plugin for Neutron. The value should be the entrypoint to be loaded
312 from neutron.core_plugins namespace.
314 NeutronServicePlugins:
317 Comma-separated list of service plugin entrypoints to be loaded from the
318 neutron.service_plugins namespace.
319 type: comma_delimited_list
321 default: "vxlan,vlan,flat,gre"
323 Comma-separated list of network type driver entrypoints to be loaded.
324 type: comma_delimited_list
325 NeutronMechanismDrivers:
326 default: 'openvswitch'
328 The mechanism drivers for the Neutron tenant network. To specify multiple
329 values, use a comma separated string, like so: 'openvswitch,l2_population'
331 NeutronAllowL3AgentFailover:
333 description: Allow automatic l3-agent failover
335 NeutronEnableTunnelling:
340 default: 'datacentre'
341 description: If set, flat networks to configure in neutron plugins.
344 description: Whether to enable l3-agent HA
348 description: The tenant network type for Neutron, either gre or vxlan.
350 NeutronNetworkVLANRanges:
351 default: 'datacentre'
353 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
354 Neutron documentation for permitted values. Defaults to permitting any
355 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
356 type: comma_delimited_list
359 description: The password for the neutron service and db account, used by neutron agents.
362 NeutronPublicInterface:
364 description: What interface to bridge onto br-ex for network nodes.
366 NeutronPublicInterfaceTag:
369 VLAN tag for creating a public VLAN. The tag will be used to
370 create an access port on the exterior bridge for each control plane node,
371 and that port will be given the IP address returned by neutron from the
372 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
373 overcloud.yaml to include the deployment of VLAN ports to the control
376 NeutronPublicInterfaceDefaultRoute:
378 description: A custom default route for the NeutronPublicInterface.
380 NeutronPublicInterfaceIP:
382 description: A custom IP address to put onto the NeutronPublicInterface.
384 NeutronPublicInterfaceRawDevice:
386 description: If set, the public interface is a vlan with this device as the raw device.
391 The tunnel types for the Neutron tenant network. To specify multiple
392 values, use a comma separated string, like so: 'gre,vxlan'
394 NeutronTunnelIdRanges:
396 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
397 of GRE tunnel IDs that are available for tenant network allocation
398 default: ["1:1000", ]
399 type: comma_delimited_list
402 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
403 of VXLAN VNI IDs that are available for tenant network allocation
404 default: ["1:1000", ]
405 type: comma_delimited_list
408 description: The password for the nova service and db account, used by nova-api.
413 description: Should MongoDb journaling be disabled
420 description: The password for the 'pcsd' user.
421 PublicVirtualInterface:
424 Specifies the interface where the public-facing virtual ip will be assigned.
425 This should be int_public when a VLAN is being used.
427 PublicVirtualIP: # DEPRECATED: use per service settings instead
429 default: '' # Has to be here because of the ignored empty value bug
432 default: '' # Has to be here because of the ignored empty value bug
436 description: The password for RabbitMQ
441 description: The username for RabbitMQ
446 Rabbit client subscriber parameter to specify
447 an SSL connection to the RabbitMQ host.
451 description: Set rabbit subscriber port, change this if using SSL
455 default: '' # Has to be here because of the ignored empty value bug
456 SnmpdReadonlyUserName:
457 default: ro_snmp_user
458 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
460 SnmpdReadonlyUserPassword:
462 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
467 description: If set, the contents of an SSL certificate authority file.
471 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
476 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
481 description: A random string to be used as a salt when hashing to determine mappings
487 description: Value of mount_check in Swift account/container/object -server.conf
492 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
495 description: Partition Power to use when building Swift rings
499 description: The password for the swift service account, used by the swift proxy
506 description: How many replicas to use in the swift rings.
507 VirtualIP: # DEPRECATED: use per service settings instead
509 default: '' # Has to be here because of the ignored empty value bug
516 GlanceRegistryVirtualIP:
522 KeystoneAdminApiVirtualIP:
525 KeystonePublicApiVirtualIP:
531 EnablePackageInstall:
533 description: Set to true to enable package installation via Puppet
537 description: Mapping of service_name -> network name. Typically set
538 via parameter_defaults in the resource registry.
544 Setting to a previously unused value during stack-update will trigger
545 package update on all nodes
548 default: '' # Defaults to Heat created hostname
553 type: OS::Nova::Server
555 image: {get_param: Image}
556 image_update_policy: {get_param: ImageUpdatePolicy}
557 flavor: {get_param: Flavor}
558 key_name: {get_param: KeyName}
561 user_data_format: SOFTWARE_CONFIG
562 user_data: {get_resource: UserData}
563 name: {get_param: Hostname}
565 # Combine the NodeAdminUserData and NodeUserData mime archives
567 type: OS::Heat::MultipartMime
570 - config: {get_resource: NodeAdminUserData}
572 - config: {get_resource: NodeUserData}
575 # Creates the "heat-admin" user if configured via the environment
576 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
578 type: OS::TripleO::NodeAdminUserData
580 # For optional operator additional userdata
581 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
583 type: OS::TripleO::NodeUserData
586 type: OS::TripleO::Controller::Ports::ExternalPort
588 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
591 type: OS::TripleO::Controller::Ports::InternalApiPort
593 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
596 type: OS::TripleO::Controller::Ports::StoragePort
598 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
601 type: OS::TripleO::Controller::Ports::StorageMgmtPort
603 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
606 type: OS::TripleO::Controller::Ports::TenantPort
608 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
611 type: OS::TripleO::Network::Ports::NetIpMap
613 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
614 ExternalIp: {get_attr: [ExternalPort, ip_address]}
615 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
616 StorageIp: {get_attr: [StoragePort, ip_address]}
617 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
618 TenantIp: {get_attr: [TenantPort, ip_address]}
621 type: OS::TripleO::Network::Ports::NetIpSubnetMap
623 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
624 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
625 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
626 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
627 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
628 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
631 type: OS::TripleO::Controller::Net::SoftwareConfig
633 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
634 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
635 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
636 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
637 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
638 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
641 type: OS::TripleO::SoftwareDeployment
643 config: {get_resource: NetworkConfig}
644 server: {get_resource: Controller}
647 interface_name: {get_param: NeutronPublicInterface}
649 ControllerDeployment:
650 type: OS::TripleO::SoftwareDeployment
651 depends_on: NetworkDeployment
653 config: {get_resource: ControllerConfig}
654 server: {get_resource: Controller}
656 bootstack_nodeid: {get_attr: [Controller, name]}
657 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
658 haproxy_log_address: {get_param: HAProxySyslogAddress}
659 heat.watch_server_url:
663 - {get_param: HeatApiVirtualIP}
665 heat.metadata_server_url:
669 - {get_param: HeatApiVirtualIP}
671 heat.waitcondition_server_url:
675 - {get_param: HeatApiVirtualIP}
676 - ':8000/v1/waitcondition'
677 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
678 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
679 horizon_secret: {get_param: HorizonSecret}
680 admin_password: {get_param: AdminPassword}
681 admin_token: {get_param: AdminToken}
682 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
683 debug: {get_param: Debug}
684 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
685 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
686 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
689 template: "['SERVERS']"
694 - {get_param: CinderNfsServers}
695 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
696 cinder_password: {get_param: CinderPassword}
697 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
698 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
699 cinder_backend_config: {get_param: CinderBackendConfig}
703 - - 'mysql://cinder:'
704 - {get_param: CinderPassword}
706 - {get_param: MysqlVirtualIP}
708 glance_port: {get_param: GlancePort}
709 glance_password: {get_param: GlancePassword}
710 glance_backend: {get_param: GlanceBackend}
711 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
712 glance_log_file: {get_param: GlanceLogFile}
716 - - 'mysql://glance:'
717 - {get_param: GlancePassword}
719 - {get_param: MysqlVirtualIP}
721 heat_password: {get_param: HeatPassword}
722 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
727 - {get_param: HeatPassword}
729 - {get_param: MysqlVirtualIP}
731 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
732 keystone_ca_certificate: {get_param: KeystoneCACertificate}
733 keystone_signing_key: {get_param: KeystoneSigningKey}
734 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
735 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
736 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
737 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
738 keystone_notification_format: {get_param: KeystoneNotificationFormat}
742 - - 'mysql://keystone:'
743 - {get_param: AdminToken}
745 - {get_param: MysqlVirtualIP}
747 keystone_identity_uri:
751 - {get_param: KeystoneAdminApiVirtualIP}
757 - {get_param: KeystonePublicApiVirtualIP}
763 - {get_param: KeystonePublicApiVirtualIP}
764 - ':5000/v2.0/ec2tokens'
765 enable_fencing: {get_param: EnableFencing}
766 enable_galera: {get_param: EnableGalera}
767 enable_ceph_storage: {get_param: EnableCephStorage}
768 enable_swift_storage: {get_param: EnableSwiftStorage}
769 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
770 mysql_max_connections: {get_param: MysqlMaxConnections}
771 mysql_root_password: {get_param: MysqlRootPassword}
774 template: tripleo-CLUSTER
776 CLUSTER: {get_param: MysqlClusterUniquePart}
777 neutron_flat_networks: {get_param: NeutronFlatNetworks}
778 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
779 neutron_agent_mode: {get_param: NeutronAgentMode}
780 neutron_router_distributed: {get_param: NeutronDVR}
781 neutron_core_plugin: {get_param: NeutronCorePlugin}
782 neutron_service_plugins:
784 template: "['PLUGINS']"
789 - {get_param: NeutronServicePlugins}
790 neutron_type_drivers:
792 template: "['DRIVERS']"
797 - {get_param: NeutronTypeDrivers}
798 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
799 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
800 neutron_l3_ha: {get_param: NeutronL3HA}
801 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
802 neutron_network_vlan_ranges:
804 template: "['RANGES']"
809 - {get_param: NeutronNetworkVLANRanges}
810 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
811 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
812 neutron_public_interface: {get_param: NeutronPublicInterface}
813 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
814 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
815 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
816 neutron_tenant_network_type: {get_param: NeutronNetworkType}
817 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
818 neutron_tunnel_id_ranges:
820 template: "['RANGES']"
825 - {get_param: NeutronTunnelIdRanges}
828 template: "['RANGES']"
833 - {get_param: NeutronVniRanges}
834 neutron_password: {get_param: NeutronPassword}
835 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
839 - - 'mysql://neutron:'
840 - {get_param: NeutronPassword}
842 - {get_param: MysqlVirtualIP}
843 - '/ovs_neutron?charset=utf8'
848 - {get_param: NeutronApiVirtualIP}
850 neutron_admin_auth_url:
854 - {get_param: KeystoneAdminApiVirtualIP}
856 ceilometer_backend: {get_param: CeilometerBackend}
857 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
858 ceilometer_password: {get_param: CeilometerPassword}
859 ceilometer_coordination_url:
863 - {get_param: RedisVirtualIP}
868 - - 'mysql://ceilometer:unset@'
869 - {get_param: MysqlVirtualIP}
871 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
872 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
873 nova_password: {get_param: NovaPassword}
878 - {get_param: NovaPassword}
880 - {get_param: MysqlVirtualIP}
882 fencing_config: {get_param: FencingConfig}
883 pcsd_password: {get_param: PcsdPassword}
884 rabbit_username: {get_param: RabbitUserName}
885 rabbit_password: {get_param: RabbitPassword}
886 rabbit_cookie: {get_param: RabbitCookie}
887 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
888 rabbit_client_port: {get_param: RabbitClientPort}
889 mongodb_no_journal: {get_param: MongoDbNoJournal}
892 template: '["server"]'
894 server: {get_param: NtpServer}
895 control_virtual_interface: {get_param: ControlVirtualInterface}
896 public_virtual_interface: {get_param: PublicVirtualInterface}
897 swift_hash_suffix: {get_param: SwiftHashSuffix}
898 swift_password: {get_param: SwiftPassword}
899 swift_part_power: {get_param: SwiftPartPower}
900 swift_replicas: {get_param: SwiftReplicas}
901 swift_min_part_hours: {get_param: SwiftMinPartHours}
902 swift_mount_check: {get_param: SwiftMountCheck}
903 enable_package_install: {get_param: EnablePackageInstall}
904 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
905 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
906 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
907 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
908 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
909 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
910 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
914 - - {get_param: GlanceProtocol}
916 - {get_param: GlanceApiVirtualIP}
918 - {get_param: GlancePort}
919 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
920 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
921 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
922 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
923 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
924 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
925 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
926 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
927 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
928 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
929 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
930 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
931 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
932 redis_vip: {get_param: RedisVirtualIP}
933 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
934 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
935 mysql_virtual_ip: {get_param: MysqlVirtualIP}
936 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
937 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
938 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
940 # Map heat metadata into hiera datafiles
942 type: OS::Heat::StructuredConfig
944 group: os-apply-config
949 - heat_config_%{::deploy_config_name}
950 - controller_extraconfig
955 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
956 - ceph_cluster # provided by CephClusterConfig
958 - bootstrap_node # provided by BootstrapNodeConfig
959 - all_nodes # provided by allNodesConfig
960 - vip_data # provided by vip-config
963 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
964 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
965 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
966 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
968 controller_extraconfig:
969 mapped_data: {get_param: ControllerExtraConfig}
971 mapped_data: {get_param: ExtraConfig}
973 raw_data: {get_file: hieradata/common.yaml}
975 raw_data: {get_file: hieradata/ceph.yaml}
977 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
978 ceph::profile::params::public_network: {get_input: ceph_public_network}
979 ceph::mon::public_addr: {get_input: ceph_public_ip}
981 raw_data: {get_file: hieradata/database.yaml}
983 raw_data: {get_file: hieradata/object.yaml}
985 raw_data: {get_file: hieradata/controller.yaml}
986 mapped_data: # data supplied directly to this deployment configuration, etc
987 bootstack_nodeid: {get_input: bootstack_nodeid}
990 enable_fencing: {get_input: enable_fencing}
991 hacluster_pwd: {get_input: pcsd_password}
992 tripleo::fencing::config: {get_input: fencing_config}
995 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
996 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
997 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
998 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
999 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1000 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1001 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1002 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1003 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1004 swift_mount_check: {get_input: swift_mount_check}
1006 # NOTE(dprince): build_ring support is currently not wired in.
1007 # See: https://review.openstack.org/#/c/109225/
1008 tripleo::ringbuilder::build_ring: True
1011 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1012 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1013 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1014 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1015 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1016 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1017 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1018 cinder::database_connection: {get_input: cinder_dsn}
1019 cinder::api::keystone_password: {get_input: cinder_password}
1020 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1021 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1022 cinder::api::bind_host: {get_input: cinder_api_network}
1023 cinder::rabbit_userid: {get_input: rabbit_username}
1024 cinder::rabbit_password: {get_input: rabbit_password}
1025 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1026 cinder::rabbit_port: {get_input: rabbit_client_port}
1027 cinder::debug: {get_input: debug}
1028 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1029 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1030 cinder_backend_config: {get_input: CinderBackendConfig}
1031 cinder::db::mysql::password: {get_input: cinder_password}
1034 glance::api::bind_port: {get_input: glance_port}
1035 glance::api::bind_host: {get_input: glance_api_network}
1036 glance::api::auth_uri: {get_input: keystone_auth_uri}
1037 glance::api::identity_uri: {get_input: keystone_identity_uri}
1038 glance::api::registry_host: {get_input: glance_registry_host}
1039 glance::api::keystone_password: {get_input: glance_password}
1040 glance::api::debug: {get_input: debug}
1041 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1042 glance_log_file: {get_input: glance_log_file}
1043 glance_log_file: {get_input: glance_log_file}
1044 glance::api::database_connection: {get_input: glance_dsn}
1045 glance::registry::keystone_password: {get_input: glance_password}
1046 glance::registry::database_connection: {get_input: glance_dsn}
1047 glance::registry::bind_host: {get_input: glance_registry_network}
1048 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1049 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1050 glance::registry::debug: {get_input: debug}
1051 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1052 glance::backend::swift::swift_store_user: service:glance
1053 glance::backend::swift::swift_store_key: {get_input: glance_password}
1054 glance_backend: {get_input: glance_backend}
1055 glance::db::mysql::password: {get_input: glance_password}
1058 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1059 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1060 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1061 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1062 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1063 heat::rabbit_userid: {get_input: rabbit_username}
1064 heat::rabbit_password: {get_input: rabbit_password}
1065 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1066 heat::rabbit_port: {get_input: rabbit_client_port}
1067 heat::auth_uri: {get_input: keystone_auth_uri}
1068 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1069 heat::identity_uri: {get_input: keystone_identity_uri}
1070 heat::keystone_password: {get_input: heat_password}
1071 heat::api::bind_host: {get_input: heat_api_network}
1072 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1073 heat::api_cfn::bind_host: {get_input: heat_api_network}
1074 heat::database_connection: {get_input: heat_dsn}
1075 heat::debug: {get_input: debug}
1076 heat::db::mysql::password: {get_input: heat_password}
1079 keystone::admin_token: {get_input: admin_token}
1080 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1081 keystone_signing_key: {get_input: keystone_signing_key}
1082 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1083 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1084 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1085 keystone::database_connection: {get_input: keystone_dsn}
1086 keystone::public_bind_host: {get_input: keystone_public_api_network}
1087 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1088 keystone::debug: {get_input: debug}
1089 keystone::db::mysql::password: {get_input: admin_token}
1090 keystone::rabbit_userid: {get_input: rabbit_username}
1091 keystone::rabbit_password: {get_input: rabbit_password}
1092 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1093 keystone::rabbit_port: {get_input: rabbit_client_port}
1094 keystone::notification_driver: {get_input: keystone_notification_driver}
1095 keystone::notification_format: {get_input: keystone_notification_format}
1097 mongodb::server::bind_ip: {get_input: mongo_db_network}
1098 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1100 admin_password: {get_input: admin_password}
1101 enable_galera: {get_input: enable_galera}
1102 enable_ceph_storage: {get_input: enable_ceph_storage}
1103 enable_swift_storage: {get_input: enable_swift_storage}
1104 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1105 mysql_max_connections: {get_input: mysql_max_connections}
1106 mysql::server::root_password: {get_input: mysql_root_password}
1107 mysql_cluster_name: {get_input: mysql_cluster_name}
1108 mysql_bind_host: {get_input: mysql_network}
1109 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1112 neutron::bind_host: {get_input: neutron_api_network}
1113 neutron::rabbit_password: {get_input: rabbit_password}
1114 neutron::rabbit_user: {get_input: rabbit_user}
1115 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1116 neutron::rabbit_port: {get_input: rabbit_client_port}
1117 neutron::debug: {get_input: debug}
1118 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1119 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1120 neutron::server::database_connection: {get_input: neutron_dsn}
1121 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1122 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1123 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1124 neutron_flat_networks: {get_input: neutron_flat_networks}
1125 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1126 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1127 neutron_agent_mode: {get_input: neutron_agent_mode}
1128 neutron_router_distributed: {get_input: neutron_router_distributed}
1129 neutron::core_plugin: {get_input: neutron_core_plugin}
1130 neutron::service_plugins: {get_input: neutron_service_plugins}
1131 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1132 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1133 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1134 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1135 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1136 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1137 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1138 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1139 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1140 neutron_public_interface: {get_input: neutron_public_interface}
1141 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1142 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1143 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1144 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1145 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1146 neutron::server::auth_password: {get_input: neutron_password}
1147 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1148 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1149 neutron_dsn: {get_input: neutron_dsn}
1150 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1151 neutron::db::mysql::password: {get_input: neutron_password}
1154 ceilometer_backend: {get_input: ceilometer_backend}
1155 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1156 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1157 ceilometer::rabbit_userid: {get_input: rabbit_username}
1158 ceilometer::rabbit_password: {get_input: rabbit_password}
1159 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1160 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1161 ceilometer::debug: {get_input: debug}
1162 ceilometer::api::host: {get_input: ceilometer_api_network}
1163 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1164 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1165 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1166 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1167 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1168 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1169 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1170 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1171 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1174 nova::rabbit_userid: {get_input: rabbit_username}
1175 nova::rabbit_password: {get_input: rabbit_password}
1176 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1177 nova::rabbit_port: {get_input: rabbit_client_port}
1178 nova::debug: {get_input: debug}
1179 nova::api::auth_uri: {get_input: keystone_auth_uri}
1180 nova::api::identity_uri: {get_input: keystone_identity_uri}
1181 nova::api::api_bind_address: {get_input: nova_api_network}
1182 nova::api::metadata_listen: {get_input: nova_metadata_network}
1183 nova::api::admin_password: {get_input: nova_password}
1184 nova::database_connection: {get_input: nova_dsn}
1185 nova::glance_api_servers: {get_input: glance_api_servers}
1186 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1187 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1188 nova::network::neutron::neutron_url: {get_input: neutron_url}
1189 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1190 nova::vncproxy::host: {get_input: nova_api_network}
1191 nova::db::mysql::password: {get_input: nova_password}
1194 apache::ip: {get_input: horizon_network}
1195 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1196 horizon::django_debug: {get_input: debug}
1197 horizon::secret_key: {get_input: horizon_secret}
1198 horizon::bind_address: {get_input: horizon_network}
1199 horizon::keystone_url: {get_input: keystone_auth_uri}
1202 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1203 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1205 redis::bind: {get_input: redis_network}
1206 redis_vip: {get_input: redis_vip}
1208 memcached::listen_ip: {get_input: memcached_network}
1209 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1210 ntp::servers: {get_input: ntp_servers}
1211 control_virtual_interface: {get_input: control_virtual_interface}
1212 public_virtual_interface: {get_input: public_virtual_interface}
1213 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1214 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1215 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1216 tripleo::packages::enable_install: {get_input: enable_package_install}
1217 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1219 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1220 ControllerExtraConfigPre:
1221 depends_on: ControllerDeployment
1222 type: OS::TripleO::ControllerExtraConfigPre
1224 server: {get_resource: Controller}
1226 # Hook for site-specific additional pre-deployment config,
1227 # applying to all nodes, e.g node registration/unregistration
1229 depends_on: ControllerExtraConfigPre
1230 type: OS::TripleO::NodeExtraConfig
1232 server: {get_resource: Controller}
1235 type: OS::TripleO::Tasks::PackageUpdate
1238 type: OS::Heat::SoftwareDeployment
1240 config: {get_resource: UpdateConfig}
1241 server: {get_resource: Controller}
1244 get_param: UpdateIdentifier
1248 description: IP address of the server in the ctlplane network
1249 value: {get_attr: [Controller, networks, ctlplane, 0]}
1250 external_ip_address:
1251 description: IP address of the server in the external network
1252 value: {get_attr: [ExternalPort, ip_address]}
1253 internal_api_ip_address:
1254 description: IP address of the server in the internal_api network
1255 value: {get_attr: [InternalApiPort, ip_address]}
1257 description: IP address of the server in the storage network
1258 value: {get_attr: [StoragePort, ip_address]}
1259 storage_mgmt_ip_address:
1260 description: IP address of the server in the storage_mgmt network
1261 value: {get_attr: [StorageMgmtPort, ip_address]}
1263 description: IP address of the server in the tenant network
1264 value: {get_attr: [TenantPort, ip_address]}
1266 description: Hostname of the server
1267 value: {get_attr: [Controller, name]}
1270 Node object in the format {ip: ..., name: ...} format that the corosync
1273 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1274 name: {get_attr: [Controller, name]}
1277 Server's IP address and hostname in the /etc/hosts format
1280 template: IP HOST.localdomain HOST CLOUDNAME
1282 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1283 HOST: {get_attr: [Controller, name]}
1284 CLOUDNAME: {get_param: CloudName}
1285 nova_server_resource:
1286 description: Heat resource handle for the Nova compute server
1288 {get_resource: Controller}
1290 description: Swift device formatted for swift-ring-builder
1293 template: 'r1z1-IP:%PORT%/d1'
1295 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1296 swift_proxy_memcache:
1297 description: Swift proxy-memcache value
1300 template: "IP:11211"
1302 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1304 description: identifier which changes if the controller configuration may need re-applying
1308 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1309 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1310 - {get_param: UpdateIdentifier}