1 heat_template_version: 2015-10-15
4 OpenStack controller node configured by Puppet.
8 default: 'admin@example.com'
9 description: The email for the keystone admin account.
13 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
17 description: The keystone auth secret and db password.
25 description: The password for the aodh services.
28 CeilometerApiVirtualIP:
33 description: The ceilometer backend type.
35 CeilometerMeteringSecret:
36 description: Secret shared by the ceilometer services.
40 description: The password for the ceilometer service and db account.
48 description: Number of workers for Ceilometer service.
53 Whether to create cron job for purging soft deleted rows in Cinder database.
55 CinderEnableNfsBackend:
57 description: Whether to enable or not the NFS backend for Cinder
59 CinderEnableIscsiBackend:
61 description: Whether to enable or not the Iscsi backend for Cinder
63 CinderEnableRbdBackend:
65 description: Whether to enable or not the Rbd backend for Cinder
69 description: The iSCSI helper to use with cinder.
71 CinderLVMLoopDeviceSize:
73 description: The size of the loopback file used by the cinder LVM driver.
75 CinderNfsMountOptions:
78 Mount options for NFS mounts used by Cinder NFS backend. Effective
79 when CinderEnableNfsBackend is true.
84 NFS servers used by Cinder NFS backend. Effective when
85 CinderEnableNfsBackend is true.
86 type: comma_delimited_list
88 description: The password for the cinder service and db account, used by cinder-api.
93 description: Contains parameters to configure Cinder backends. Typically
94 set via parameter_defaults in the resource registry.
98 description: Number of workers for Cinder service.
100 ControllerExtraConfig:
103 Controller specific hiera configuration data to inject into the cluster.
108 A network mapped list of IPs to assign to Controllers in the following form:
110 "internal_api": ["a.b.c.d", "e.f.g.h"],
114 ControlVirtualInterface:
116 description: Interface where virtual ip will be assigned.
120 description: Set to True to enable debugging on all services.
124 description: Whether to enable fencing in Pacemaker or not.
128 description: Whether to use Galera instead of regular MariaDB.
132 description: Whether to deploy a LoadBalancer on the Controller
136 description: Whether to deploy Ceph Storage (OSD) on the Controller
140 description: Whether to enable Swift Storage on the Controller
145 Additional hieradata to inject into the cluster, note that
146 ControllerExtraConfig takes precedence over ExtraConfig.
151 Pacemaker fencing configuration. The JSON should have
152 the following structure:
156 "agent": "AGENT_NAME",
157 "host_mac": "HOST_MAC_ADDRESS",
158 "params": {"PARAM_NAME": "PARAM_VALUE"}
166 "agent": "fence_xvm",
167 "host_mac": "52:54:00:aa:bb:cc",
169 "multicast_address": "225.0.0.12",
170 "port": "baremetal_0",
172 "manage_key_file": true,
173 "key_file": "/etc/fence_xvm.key",
174 "key_file_password": "abcdef"
181 description: Flavor for control nodes to request when deploying.
184 - custom_constraint: nova.flavor
185 GlanceNotifierStrategy:
186 description: Strategy to use for Glance notification queue
190 description: The filepath of the file to use for logging messages from Glance.
194 description: The password for the glance service and db account, used by the glance services.
199 description: The short name of the Glance backend to use. Should be one
200 of swift, rbd, or file
203 - allowed_values: ['swift', 'file', 'rbd']
204 GlanceFilePcmkDevice:
207 An exported storage device that should be mounted by Pacemaker
208 as Glance storage. Effective when GlanceFilePcmkManage is true.
210 GlanceFilePcmkFstype:
213 Filesystem type for Pacemaker mount used as Glance storage.
214 Effective when GlanceFilePcmkManage is true.
216 GlanceFilePcmkManage:
219 Whether to make Glance file backend a mount managed by Pacemaker.
220 Effective when GlanceBackend is 'file'.
222 GlanceFilePcmkOptions:
225 Mount options for Pacemaker mount used as Glance storage.
226 Effective when GlanceFilePcmkManage is true.
228 HAProxySyslogAddress:
230 description: Syslog address where HAproxy will send its log
234 description: Number of workers for Glance service.
237 description: The password for the Heat service and db account, used by the Heat services.
240 HeatStackDomainAdminPassword:
241 description: Password for heat_domain_admin user.
244 HeatAuthEncryptionKey:
245 description: Auth encryption key for heat-engine
250 description: A list of IP/Hostname allowed to connect to horizon
251 type: comma_delimited_list
254 description: Number of workers for Heat service.
260 Whether to create cron job for purging soft deleted rows in the Heat database.
262 description: Secret key for Django
267 default: overcloud-control
269 - custom_constraint: glance.image
271 default: 'REBUILD_PRESERVE_EPHEMERAL'
272 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
274 InstanceNameTemplate:
275 default: 'instance-%08x'
276 description: Template string to be used to generate instance names
280 description: Name of an existing Nova key pair to enable SSH access to the instances
283 - custom_constraint: nova.keypair
284 KeystoneCACertificate:
286 description: Keystone self-signed certificate authority certificate.
288 KeystoneEnableDBPurge:
291 Whether to create cron job for purging soft deleted rows in Keystone database.
293 KeystoneSigningCertificate:
295 description: Keystone certificate for verifying token validity.
299 description: Keystone key for signing tokens.
302 KeystoneSSLCertificate:
304 description: Keystone certificate for verifying token validity.
306 KeystoneSSLCertificateKey:
308 description: Keystone key for signing tokens.
311 KeystoneNotificationDriver:
312 description: Comma-separated list of Oslo notification drivers used by Keystone
313 default: ['messaging']
314 type: comma_delimited_list
315 KeystoneNotificationFormat:
316 description: The Keystone notification format
320 - allowed_values: [ 'basic', 'cadf' ]
324 description: Keystone region for endpoint
327 description: Whether to manage IPtables rules.
331 description: Whether IPtables rules should be purged before setting up the new ones.
335 description: Number of workers for Keystone service.
342 description: The password for the sahara service account, used by sahara-api.
345 MysqlClusterUniquePart:
346 description: A unique identifier of the MySQL cluster the controller is in.
348 default: 'unset' # Has to be here because of the ignored empty value bug
349 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
351 # - length: {min: 4, max: 10}
352 MysqlInnodbBufferPoolSize:
354 Specifies the size of the buffer pool in megabytes. Setting to
355 zero should be interpreted as "no value" and will defer to the
360 description: Configures MySQL max_connections config setting
366 default: '' # Has to be here because of the ignored empty value bug
367 NeutronExternalNetworkBridge:
368 description: Name of bridge used for external network traffic.
371 NeutronBridgeMappings:
373 The OVS logical->physical bridge mappings to use. See the Neutron
374 documentation for details. Defaults to mapping br-ex - the external
375 bridge on hosts - to a physical name 'datacentre' which can be used
376 to create provider networks (and we use this for the default floating
377 network) - if changing this either use different post-install network
378 scripts or be sure to keep 'datacentre' as a mapping network name.
379 type: comma_delimited_list
380 default: "datacentre:br-ex"
381 NeutronDnsmasqOptions:
382 default: 'dhcp-option-force=26,1400'
383 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
385 NeutronEnableDHCPAgent:
386 description: Knob to enable/disable DHCP Agent
389 NeutronEnableL3Agent:
390 description: Knob to enable/disable L3 agent
393 NeutronEnableMetadataAgent:
394 description: Knob to enable/disable Metadata agent
397 NeutronEnableOVSAgent:
398 description: Knob to enable/disable OVS Agent
403 description: Agent mode for the neutron-l3-agent on the controller hosts
407 description: Whether to enable l3-agent HA
409 NeutronDhcpAgentsPerNetwork:
412 description: The number of neutron dhcp agents to schedule per network
415 description: Whether to configure Neutron Distributed Virtual Routers
417 NeutronMetadataProxySharedSecret:
418 description: Shared secret to prevent spoofing
424 The core plugin for Neutron. The value should be the entrypoint to be loaded
425 from neutron.core_plugins namespace.
427 NeutronServicePlugins:
428 default: "router,qos"
430 Comma-separated list of service plugin entrypoints to be loaded from the
431 neutron.service_plugins namespace.
432 type: comma_delimited_list
434 default: "vxlan,vlan,flat,gre"
436 Comma-separated list of network type driver entrypoints to be loaded.
437 type: comma_delimited_list
438 NeutronMechanismDrivers:
439 default: 'openvswitch'
441 The mechanism drivers for the Neutron tenant network.
442 type: comma_delimited_list
443 NeutronAllowL3AgentFailover:
445 description: Allow automatic l3-agent failover
447 NeutronEnableIsolatedMetadata:
449 description: If True, DHCP provide metadata route to VM.
451 NeutronEnableTunnelling:
457 Enable/disable the L2 population feature in the Neutron agents.
460 type: comma_delimited_list
461 default: 'datacentre'
462 description: If set, flat networks to configure in neutron plugins.
465 description: Whether to enable l3-agent HA
469 description: The tenant network type for Neutron.
470 type: comma_delimited_list
471 NeutronNetworkVLANRanges:
472 default: 'datacentre:1:1000'
474 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
475 Neutron documentation for permitted values. Defaults to permitting any
476 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
477 type: comma_delimited_list
479 description: The password for the neutron service and db account, used by neutron agents.
482 NeutronPublicInterface:
484 description: What interface to bridge onto br-ex for network nodes.
486 NeutronPublicInterfaceTag:
489 VLAN tag for creating a public VLAN. The tag will be used to
490 create an access port on the exterior bridge for each control plane node,
491 and that port will be given the IP address returned by neutron from the
492 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
493 overcloud.yaml to include the deployment of VLAN ports to the control
496 NeutronPublicInterfaceDefaultRoute:
498 description: A custom default route for the NeutronPublicInterface.
500 NeutronPublicInterfaceIP:
502 description: A custom IP address to put onto the NeutronPublicInterface.
504 NeutronPublicInterfaceRawDevice:
506 description: If set, the public interface is a vlan with this device as the raw device.
510 The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
511 be at least 50 bytes smaller than the MTU on the physical network. This
512 value will be used to set the MTU on the virtual Ethernet device.
513 This number is related to the value of NeutronDnsmasqOptions, since that
514 will determine the MTU that is assigned to the VM host through DHCP.
520 The tunnel types for the Neutron tenant network.
521 type: comma_delimited_list
522 NeutronTunnelIdRanges:
524 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
525 of GRE tunnel IDs that are available for tenant network allocation
526 default: ["1:4094", ]
527 type: comma_delimited_list
530 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
531 of VXLAN VNI IDs that are available for tenant network allocation
532 default: ["1:4094", ]
533 type: comma_delimited_list
534 NeutronPluginExtensions:
535 default: "qos,port_security"
537 Comma-separated list of extensions enabled for the Neutron plugin.
538 type: comma_delimited_list
539 NeutronAgentExtensions:
542 Comma-separated list of extensions enabled for the Neutron agents.
543 type: comma_delimited_list
549 description: Number of workers for Neutron service.
554 Whether to create cron job for purging soft deleted rows in Nova database.
558 description: Enable IPv6 features in Nova
561 description: The password for the nova service and db account, used by nova-api.
566 description: Number of workers for Nova service.
570 description: Should MongoDb journaling be disabled
574 description: Enable IPv6 if Mongo DB VIP is IPv6
578 description: Comma-separated list of ntp servers
579 type: comma_delimited_list
582 description: The password for the 'pcsd' user.
584 PublicVirtualInterface:
587 Specifies the interface where the public-facing virtual ip will be assigned.
588 This should be int_public when a VLAN is being used.
592 default: '' # Has to be here because of the ignored empty value bug
595 default: '' # Has to be here because of the ignored empty value bug
599 description: The password for RabbitMQ
604 description: The username for RabbitMQ
609 Rabbit client subscriber parameter to specify
610 an SSL connection to the RabbitMQ host.
614 description: Set rabbit subscriber port, change this if using SSL
618 description: Configures RabbitMQ FD limit
622 default: '' # Has to be here because of the ignored empty value bug
625 default: '' # Has to be here because of the ignored empty value bug
626 description: An IP address which is wrapped in brackets in case of IPv6
627 SnmpdReadonlyUserName:
628 default: ro_snmp_user
629 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
631 SnmpdReadonlyUserPassword:
632 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
636 description: A random string to be used as a salt when hashing to determine mappings
642 description: Value of mount_check in Swift account/container/object -server.conf
647 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
650 description: Partition Power to use when building Swift rings
653 description: The password for the swift service account, used by the swift proxy
663 description: How many replicas to use in the swift rings.
666 description: Number of workers for Swift service.
670 description: The timezone to be set on controller nodes.
672 UpgradeLevelNovaCompute:
674 description: Nova Compute upgrade level
676 VirtualIP: # DEPRECATED: use per service settings instead
678 default: '' # Has to be here because of the ignored empty value bug
688 GlanceRegistryVirtualIP:
697 KeystoneAdminApiVirtualIP:
700 KeystonePublicApiVirtualIP:
706 EnablePackageInstall:
708 description: Set to true to enable package installation via Puppet
712 description: Mapping of service_name -> network name. Typically set
713 via parameter_defaults in the resource registry.
717 description: Mapping of service endpoint -> protocol. Typically set
718 via parameter_defaults in the resource registry.
724 Setting to a previously unused value during stack-update will trigger
725 package update on all nodes
728 default: '' # Defaults to Heat created hostname
732 description: Optional mapping to override hostnames
733 NetworkDeploymentActions:
734 type: comma_delimited_list
736 Heat action when to apply network configuration changes
741 SoftwareConfigTransport:
742 default: POLL_SERVER_CFN
744 How the server should receive the metadata required for software configuration.
747 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
752 The DNS domain used for the hosts. This should match the dhcp_domain
753 configured in the Undercloud neutron. Defaults to localdomain.
757 Extra properties or metadata passed to Nova for the created nodes in
758 the overcloud. It's accessible via the Nova metadata API.
762 description: Optional scheduler hints to pass to nova
768 type: OS::Nova::Server
770 image: {get_param: Image}
771 image_update_policy: {get_param: ImageUpdatePolicy}
772 flavor: {get_param: Flavor}
773 key_name: {get_param: KeyName}
776 user_data_format: SOFTWARE_CONFIG
777 user_data: {get_resource: UserData}
780 template: {get_param: Hostname}
781 params: {get_param: HostnameMap}
782 software_config_transport: {get_param: SoftwareConfigTransport}
783 metadata: {get_param: ServerMetadata}
784 scheduler_hints: {get_param: SchedulerHints}
786 # Combine the NodeAdminUserData and NodeUserData mime archives
788 type: OS::Heat::MultipartMime
791 - config: {get_resource: NodeAdminUserData}
793 - config: {get_resource: NodeUserData}
796 # Creates the "heat-admin" user if configured via the environment
797 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
799 type: OS::TripleO::NodeAdminUserData
801 # For optional operator additional userdata
802 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
804 type: OS::TripleO::NodeUserData
807 type: OS::TripleO::Controller::Ports::ExternalPort
809 IPPool: {get_param: ControllerIPs}
810 NodeIndex: {get_param: NodeIndex}
811 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
814 type: OS::TripleO::Controller::Ports::InternalApiPort
816 IPPool: {get_param: ControllerIPs}
817 NodeIndex: {get_param: NodeIndex}
818 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
821 type: OS::TripleO::Controller::Ports::StoragePort
823 IPPool: {get_param: ControllerIPs}
824 NodeIndex: {get_param: NodeIndex}
825 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
828 type: OS::TripleO::Controller::Ports::StorageMgmtPort
830 IPPool: {get_param: ControllerIPs}
831 NodeIndex: {get_param: NodeIndex}
832 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
835 type: OS::TripleO::Controller::Ports::TenantPort
837 IPPool: {get_param: ControllerIPs}
838 NodeIndex: {get_param: NodeIndex}
839 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
842 type: OS::TripleO::Controller::Ports::ManagementPort
844 IPPool: {get_param: ControllerIPs}
845 NodeIndex: {get_param: NodeIndex}
846 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
849 type: OS::TripleO::Network::Ports::NetIpMap
851 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
852 ExternalIp: {get_attr: [ExternalPort, ip_address]}
853 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
854 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
855 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
856 StorageIp: {get_attr: [StoragePort, ip_address]}
857 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
858 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
859 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
860 TenantIp: {get_attr: [TenantPort, ip_address]}
861 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
862 ManagementIp: {get_attr: [ManagementPort, ip_address]}
863 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
866 type: OS::TripleO::Network::Ports::NetIpSubnetMap
868 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
869 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
870 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
871 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
872 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
873 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
874 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
877 type: OS::TripleO::Controller::Net::SoftwareConfig
879 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
880 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
881 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
882 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
883 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
884 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
885 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
888 type: OS::TripleO::SoftwareDeployment
890 name: NetworkDeployment
891 config: {get_resource: NetworkConfig}
892 server: {get_resource: Controller}
893 actions: {get_param: NetworkDeploymentActions}
896 interface_name: {get_param: NeutronPublicInterface}
898 # Resource for site-specific injection of root certificate
900 depends_on: NetworkDeployment
901 type: OS::TripleO::NodeTLSCAData
903 server: {get_resource: Controller}
905 # Resource for site-specific passing of private keys/certificates
907 depends_on: NodeTLSCAData
908 type: OS::TripleO::NodeTLSData
910 server: {get_resource: Controller}
911 NodeIndex: {get_param: NodeIndex}
914 ControllerDeployment:
915 type: OS::TripleO::SoftwareDeployment
916 depends_on: NetworkDeployment
918 name: ControllerDeployment
919 config: {get_resource: ControllerConfig}
920 server: {get_resource: Controller}
922 bootstack_nodeid: {get_attr: [Controller, name]}
923 ceilometer_workers: {get_param: CeilometerWorkers}
924 cinder_workers: {get_param: CinderWorkers}
925 glance_workers: {get_param: GlanceWorkers}
926 heat_workers: {get_param: HeatWorkers}
927 keystone_workers: {get_param: KeystoneWorkers}
928 nova_workers: {get_param: NovaWorkers}
929 neutron_workers: {get_param: NeutronWorkers}
930 swift_workers: {get_param: SwiftWorkers}
931 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
932 neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
933 neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
934 haproxy_log_address: {get_param: HAProxySyslogAddress}
935 heat.watch_server_url:
939 - {get_param: HeatApiVirtualIPUri}
941 heat.metadata_server_url:
945 - {get_param: HeatApiVirtualIPUri}
947 heat.waitcondition_server_url:
951 - {get_param: HeatApiVirtualIPUri}
952 - ':8000/v1/waitcondition'
953 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
954 heat_enable_db_purge: {get_param: HeatEnableDBPurge}
955 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
956 horizon_secret: {get_param: HorizonSecret}
957 admin_email: {get_param: AdminEmail}
958 admin_password: {get_param: AdminPassword}
959 admin_token: {get_param: AdminToken}
960 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
961 debug: {get_param: Debug}
962 cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
963 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
964 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
965 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
970 SERVERS: {get_param: CinderNfsServers}
971 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
972 cinder_password: {get_param: CinderPassword}
973 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
974 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
975 cinder_backend_config: {get_param: CinderBackendConfig}
979 - - 'mysql+pymysql://cinder:'
980 - {get_param: CinderPassword}
982 - {get_param: MysqlVirtualIPUri}
984 glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
985 glance_password: {get_param: GlancePassword}
986 glance_backend: {get_param: GlanceBackend}
987 glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
988 glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
989 glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
990 glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
991 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
992 glance_log_file: {get_param: GlanceLogFile}
996 - - 'mysql+pymysql://glance:'
997 - {get_param: GlancePassword}
999 - {get_param: MysqlVirtualIPUri}
1001 heat_password: {get_param: HeatPassword}
1002 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
1006 - - 'mysql+pymysql://heat:'
1007 - {get_param: HeatPassword}
1009 - {get_param: MysqlVirtualIPUri}
1011 keystone_ca_certificate: {get_param: KeystoneCACertificate}
1012 keystone_signing_key: {get_param: KeystoneSigningKey}
1013 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
1014 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
1015 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
1016 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
1017 keystone_notification_format: {get_param: KeystoneNotificationFormat}
1018 keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
1022 - - 'mysql+pymysql://keystone:'
1023 - {get_param: AdminToken}
1025 - {get_param: MysqlVirtualIPUri}
1027 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
1028 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
1029 keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
1030 keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
1031 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
1032 enable_fencing: {get_param: EnableFencing}
1033 enable_galera: {get_param: EnableGalera}
1034 enable_load_balancer: {get_param: EnableLoadBalancer}
1035 enable_ceph_storage: {get_param: EnableCephStorage}
1036 enable_swift_storage: {get_param: EnableSwiftStorage}
1037 manage_firewall: {get_param: ManageFirewall}
1038 purge_firewall_rules: {get_param: PurgeFirewallRules}
1039 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
1040 mysql_max_connections: {get_param: MysqlMaxConnections}
1041 mysql_root_password: {get_param: MysqlRootPassword}
1044 template: tripleo-CLUSTER
1046 CLUSTER: {get_param: MysqlClusterUniquePart}
1047 neutron_flat_networks:
1051 NETWORKS: {get_param: NeutronFlatNetworks}
1052 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
1053 neutron_agent_mode: {get_param: NeutronAgentMode}
1054 neutron_router_distributed: {get_param: NeutronDVR}
1055 neutron_core_plugin: {get_param: NeutronCorePlugin}
1056 neutron_service_plugins:
1060 PLUGINS: {get_param: NeutronServicePlugins}
1061 neutron_type_drivers:
1065 DRIVERS: {get_param: NeutronTypeDrivers}
1066 neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent}
1067 neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent}
1068 neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent}
1069 neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent}
1070 neutron_mechanism_drivers:
1072 template: MECHANISMS
1074 MECHANISMS: {get_param: NeutronMechanismDrivers}
1075 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
1076 neutron_l3_ha: {get_param: NeutronL3HA}
1077 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
1078 neutron_network_vlan_ranges:
1082 RANGES: {get_param: NeutronNetworkVLANRanges}
1083 neutron_bridge_mappings:
1087 MAPPINGS: {get_param: NeutronBridgeMappings}
1088 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
1089 neutron_public_interface: {get_param: NeutronPublicInterface}
1090 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
1091 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
1092 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
1093 neutron_tunnel_id_ranges:
1097 RANGES: {get_param: NeutronTunnelIdRanges}
1102 RANGES: {get_param: NeutronVniRanges}
1103 neutron_tenant_network_types:
1107 TYPES: {get_param: NeutronNetworkType}
1108 neutron_tunnel_types:
1112 TYPES: {get_param: NeutronTunnelTypes}
1113 neutron_plugin_extensions:
1115 template: PLUGIN_EXTENSIONS
1117 PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions}
1118 neutron_agent_extensions:
1120 template: AGENT_EXTENSIONS
1122 AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
1123 neutron_password: {get_param: NeutronPassword}
1124 neutron_tenant_mtu: {get_param: NeutronTenantMtu}
1125 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
1129 - - 'mysql+pymysql://neutron:'
1130 - {get_param: NeutronPassword}
1132 - {get_param: MysqlVirtualIPUri}
1133 - '/ovs_neutron?charset=utf8'
1134 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
1135 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
1136 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
1137 neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
1138 nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
1139 ceilometer_backend: {get_param: CeilometerBackend}
1140 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
1141 ceilometer_password: {get_param: CeilometerPassword}
1142 aodh_password: {get_param: AodhPassword}
1143 ceilometer_coordination_url:
1147 - {get_param: RedisVirtualIPUri}
1152 - - 'mysql+pymysql://ceilometer:'
1153 - {get_param: CeilometerPassword}
1155 - {get_param: MysqlVirtualIPUri}
1157 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
1158 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
1159 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
1160 nova_ipv6: {get_param: NovaIPv6}
1161 nova_password: {get_param: NovaPassword}
1165 - - 'mysql+pymysql://nova:'
1166 - {get_param: NovaPassword}
1168 - {get_param: MysqlVirtualIPUri}
1173 - - 'mysql+pymysql://nova_api:'
1174 - {get_param: NovaPassword}
1176 - {get_param: MysqlVirtualIP}
1178 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
1179 instance_name_template: {get_param: InstanceNameTemplate}
1180 fencing_config: {get_param: FencingConfig}
1181 pcsd_password: {get_param: PcsdPassword}
1182 rabbit_username: {get_param: RabbitUserName}
1183 rabbit_password: {get_param: RabbitPassword}
1184 rabbit_cookie: {get_param: RabbitCookie}
1185 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
1186 rabbit_client_port: {get_param: RabbitClientPort}
1187 mongodb_no_journal: {get_param: MongoDbNoJournal}
1188 mongodb_ipv6: {get_param: MongoDbIPv6}
1189 # We need to force this into quotes or hiera will return integer causing
1190 # the puppet module validation regexp to fail.
1191 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
1196 LIMIT: {get_param: RabbitFDLimit}
1197 ntp_servers: {get_param: NtpServer}
1198 timezone: {get_param: TimeZone}
1199 control_virtual_interface: {get_param: ControlVirtualInterface}
1200 public_virtual_interface: {get_param: PublicVirtualInterface}
1201 swift_hash_suffix: {get_param: SwiftHashSuffix}
1202 swift_password: {get_param: SwiftPassword}
1203 swift_part_power: {get_param: SwiftPartPower}
1204 swift_replicas: {get_param: SwiftReplicas}
1205 swift_min_part_hours: {get_param: SwiftMinPartHours}
1206 swift_mount_check: {get_param: SwiftMountCheck}
1207 enable_package_install: {get_param: EnablePackageInstall}
1208 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
1209 sahara_password: {get_param: SaharaPassword}
1213 - - 'mysql://sahara:'
1214 - {get_param: SaharaPassword}
1216 - {get_param: MysqlVirtualIP}
1218 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
1219 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1220 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
1221 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
1222 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
1223 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
1224 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
1225 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
1226 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
1227 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
1228 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
1229 keystone_region: {get_param: KeystoneRegion}
1230 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
1231 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
1232 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
1233 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
1234 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
1235 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
1236 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
1237 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
1238 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
1239 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
1240 redis_vip: {get_param: RedisVirtualIP}
1241 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
1242 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1243 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
1244 mysql_virtual_ip: {get_param: MysqlVirtualIP}
1245 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
1246 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1247 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1249 # Map heat metadata into hiera datafiles
1251 type: OS::Heat::StructuredConfig
1253 group: os-apply-config
1258 - heat_config_%{::deploy_config_name}
1259 - controller_extraconfig
1264 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
1265 - ceph_cluster # provided by CephClusterConfig
1267 - bootstrap_node # provided by BootstrapNodeConfig
1268 - all_nodes # provided by allNodesConfig
1269 - vip_data # provided by vip-config
1272 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
1273 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
1274 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
1275 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
1276 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
1277 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
1278 - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
1279 - midonet_data #Optionally provided by AllNodesExtraConfig
1280 - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
1282 controller_extraconfig:
1283 mapped_data: {get_param: ControllerExtraConfig}
1285 mapped_data: {get_param: ExtraConfig}
1287 raw_data: {get_file: hieradata/common.yaml}
1289 raw_data: {get_file: hieradata/ceph.yaml}
1291 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1292 ceph::profile::params::public_network: {get_input: ceph_public_network}
1293 ceph::mon::public_addr: {get_input: ceph_public_ip}
1295 raw_data: {get_file: hieradata/database.yaml}
1297 raw_data: {get_file: hieradata/object.yaml}
1299 raw_data: {get_file: hieradata/controller.yaml}
1300 mapped_data: # data supplied directly to this deployment configuration, etc
1301 bootstack_nodeid: {get_input: bootstack_nodeid}
1304 enable_fencing: {get_input: enable_fencing}
1305 enable_load_balancer: {get_input: enable_load_balancer}
1306 hacluster_pwd: {get_input: pcsd_password}
1307 tripleo::fencing::config: {get_input: fencing_config}
1310 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1311 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1312 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1313 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1314 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1315 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1316 swift::proxy::workers: {get_input: swift_workers}
1317 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1318 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1319 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1320 swift_mount_check: {get_input: swift_mount_check}
1322 # NOTE(dprince): build_ring support is currently not wired in.
1323 # See: https://review.openstack.org/#/c/109225/
1324 tripleo::ringbuilder::build_ring: True
1327 cinder_enable_db_purge: {get_input: cinder_enable_db_purge}
1328 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1329 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1330 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1331 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1332 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1333 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1334 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1335 cinder::database_connection: {get_input: cinder_dsn}
1336 cinder::api::keystone_password: {get_input: cinder_password}
1337 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1338 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1339 cinder::api::bind_host: {get_input: cinder_api_network}
1340 cinder::rabbit_userid: {get_input: rabbit_username}
1341 cinder::rabbit_password: {get_input: rabbit_password}
1342 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1343 cinder::rabbit_port: {get_input: rabbit_client_port}
1344 cinder::debug: {get_input: debug}
1345 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1346 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1347 cinder_backend_config: {get_input: CinderBackendConfig}
1348 cinder::db::mysql::password: {get_input: cinder_password}
1351 glance::api::bind_port: {get_input: glance_port}
1352 glance::api::bind_host: {get_input: glance_api_network}
1353 glance::api::auth_uri: {get_input: keystone_auth_uri}
1354 glance::api::identity_uri: {get_input: keystone_identity_uri}
1355 glance::api::registry_host: {get_input: glance_registry_host}
1356 glance::api::keystone_password: {get_input: glance_password}
1357 glance::api::debug: {get_input: debug}
1358 glance::api::workers: {get_input: glance_workers}
1359 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1360 glance_log_file: {get_input: glance_log_file}
1361 glance_log_file: {get_input: glance_log_file}
1362 glance::api::database_connection: {get_input: glance_dsn}
1363 glance::registry::keystone_password: {get_input: glance_password}
1364 glance::registry::database_connection: {get_input: glance_dsn}
1365 glance::registry::bind_host: {get_input: glance_registry_network}
1366 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1367 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1368 glance::registry::debug: {get_input: debug}
1369 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
1370 glance::registry::workers: {get_input: glance_workers}
1371 glance::backend::swift::swift_store_user: service:glance
1372 glance::backend::swift::swift_store_key: {get_input: glance_password}
1373 glance_backend: {get_input: glance_backend}
1374 glance::db::mysql::password: {get_input: glance_password}
1375 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
1376 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
1377 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
1378 glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
1379 glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username}
1380 glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password}
1381 glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1384 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1385 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1386 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1387 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1388 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1389 heat::rabbit_userid: {get_input: rabbit_username}
1390 heat::rabbit_password: {get_input: rabbit_password}
1391 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1392 heat::rabbit_port: {get_input: rabbit_client_port}
1393 heat::auth_uri: {get_input: keystone_auth_uri}
1394 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1395 heat::identity_uri: {get_input: keystone_identity_uri}
1396 heat::keystone_password: {get_input: heat_password}
1397 heat::api::bind_host: {get_input: heat_api_network}
1398 heat::api::workers: {get_input: heat_workers}
1399 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1400 heat::api_cloudwatch::workers: {get_input: heat_workers}
1401 heat::api_cfn::bind_host: {get_input: heat_api_network}
1402 heat::api_cfn::workers: {get_input: heat_workers}
1403 heat::database_connection: {get_input: heat_dsn}
1404 heat::debug: {get_input: debug}
1405 heat::db::mysql::password: {get_input: heat_password}
1406 heat_enable_db_purge: {get_input: heat_enable_db_purge}
1409 keystone::admin_token: {get_input: admin_token}
1410 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1411 keystone_signing_key: {get_input: keystone_signing_key}
1412 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1413 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1414 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1415 keystone::database_connection: {get_input: keystone_dsn}
1416 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1417 keystone::public_bind_host: {get_input: keystone_public_api_network}
1418 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
1419 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
1420 keystone::debug: {get_input: debug}
1421 keystone::db::mysql::password: {get_input: admin_token}
1422 keystone::rabbit_userid: {get_input: rabbit_username}
1423 keystone::rabbit_password: {get_input: rabbit_password}
1424 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1425 keystone::rabbit_port: {get_input: rabbit_client_port}
1426 keystone::notification_driver: {get_input: keystone_notification_driver}
1427 keystone::notification_format: {get_input: keystone_notification_format}
1428 keystone::roles::admin::email: {get_input: admin_email}
1429 keystone::roles::admin::password: {get_input: admin_password}
1430 keystone::endpoint::public_url: {get_input: keystone_public_url}
1431 keystone::endpoint::internal_url: {get_input: keystone_internal_url}
1432 keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
1433 keystone::endpoint::region: {get_input: keystone_region}
1434 keystone::admin_workers: {get_input: keystone_workers}
1435 keystone::public_workers: {get_input: keystone_workers}
1436 keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
1437 keystone::public_endpoint: {get_input: keystone_public_url}
1439 mongodb::server::bind_ip: {get_input: mongo_db_network}
1440 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1441 mongodb::server::ipv6: {get_input: mongodb_ipv6}
1443 admin_password: {get_input: admin_password}
1444 enable_galera: {get_input: enable_galera}
1445 enable_ceph_storage: {get_input: enable_ceph_storage}
1446 enable_swift_storage: {get_input: enable_swift_storage}
1447 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1448 mysql_max_connections: {get_input: mysql_max_connections}
1449 mysql::server::root_password: {get_input: mysql_root_password}
1450 mysql_cluster_name: {get_input: mysql_cluster_name}
1451 mysql_bind_host: {get_input: mysql_network}
1452 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1455 neutron::bind_host: {get_input: neutron_api_network}
1456 neutron::rabbit_password: {get_input: rabbit_password}
1457 neutron::rabbit_user: {get_input: rabbit_username}
1458 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1459 neutron::rabbit_port: {get_input: rabbit_client_port}
1460 neutron::debug: {get_input: debug}
1461 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1462 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1463 neutron::server::database_connection: {get_input: neutron_dsn}
1464 neutron::server::api_workers: {get_input: neutron_workers}
1465 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1466 neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
1467 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1468 neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
1469 neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
1470 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1471 neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks}
1472 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1473 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1474 neutron::agents::metadata::metadata_workers: {get_input: neutron_workers}
1475 neutron_agent_mode: {get_input: neutron_agent_mode}
1476 neutron_router_distributed: {get_input: neutron_router_distributed}
1477 neutron::core_plugin: {get_input: neutron_core_plugin}
1478 neutron::service_plugins: {get_input: neutron_service_plugins}
1479 neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent}
1480 neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent}
1481 neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent}
1482 neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent}
1483 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1484 neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers}
1485 neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions}
1486 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1487 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1488 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1489 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1490 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1491 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1492 neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings}
1493 neutron_public_interface: {get_input: neutron_public_interface}
1494 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1495 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1496 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1497 neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types}
1498 neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types}
1499 neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions}
1500 neutron::server::auth_password: {get_input: neutron_password}
1501 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1502 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1503 neutron_dsn: {get_input: neutron_dsn}
1504 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1505 neutron::db::mysql::password: {get_input: neutron_password}
1506 neutron::keystone::auth::public_url: {get_input: neutron_public_url }
1507 neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
1508 neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
1509 neutron::keystone::auth::password: {get_input: neutron_password }
1510 neutron::keystone::auth::region: {get_input: keystone_region}
1511 neutron::server::notifications::nova_url: {get_input: nova_internal_url}
1512 neutron::server::notifications::auth_url: {get_input: neutron_auth_url}
1513 neutron::server::notifications::tenant_name: 'service'
1514 neutron::server::notifications::project_name: 'service'
1515 neutron::server::notifications::password: {get_input: nova_password}
1518 ceilometer_backend: {get_input: ceilometer_backend}
1519 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1520 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1521 ceilometer::rabbit_userid: {get_input: rabbit_username}
1522 ceilometer::rabbit_password: {get_input: rabbit_password}
1523 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1524 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1525 ceilometer::debug: {get_input: debug}
1526 ceilometer::api::host: {get_input: ceilometer_api_network}
1527 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1528 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1529 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1530 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1531 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
1532 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1533 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1534 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1535 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1538 aodh::rabbit_userid: {get_input: rabbit_username}
1539 aodh::rabbit_password: {get_input: rabbit_password}
1540 aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1541 aodh::rabbit_port: {get_input: rabbit_client_port}
1542 aodh::debug: {get_input: debug}
1543 aodh::wsgi::apache::ssl: false
1544 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
1545 aodh::api::service_name: 'httpd'
1546 aodh::api::host: {get_input: aodh_api_network}
1547 aodh::api::keystone_password: {get_input: aodh_password}
1548 aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1549 aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1550 aodh::auth::auth_password: {get_input: aodh_password}
1551 aodh::db::mysql::password: {get_input: aodh_password}
1552 # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
1553 aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
1556 nova::rabbit_userid: {get_input: rabbit_username}
1557 nova::rabbit_password: {get_input: rabbit_password}
1558 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1559 nova::rabbit_port: {get_input: rabbit_client_port}
1560 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
1561 nova::debug: {get_input: debug}
1562 nova::use_ipv6: {get_input: nova_ipv6}
1563 nova::api::auth_uri: {get_input: keystone_auth_uri}
1564 nova::api::identity_uri: {get_input: keystone_identity_uri}
1565 nova::api::api_bind_address: {get_input: nova_api_network}
1566 nova::api::metadata_listen: {get_input: nova_metadata_network}
1567 nova::api::admin_password: {get_input: nova_password}
1568 nova::api::osapi_compute_workers: {get_input: nova_workers}
1569 nova::api::ec2_workers: {get_input: nova_workers}
1570 nova::api::metadata_workers: {get_input: nova_workers}
1571 nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
1572 nova::database_connection: {get_input: nova_dsn}
1573 nova::api_database_connection: {get_input: nova_api_dsn}
1574 nova::glance_api_servers: {get_input: glance_api_servers}
1575 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1576 nova::api::instance_name_template: {get_input: instance_name_template}
1577 nova::network::neutron::neutron_password: {get_input: neutron_password}
1578 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
1579 nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
1580 nova::vncproxy::host: {get_input: nova_api_network}
1581 nova::db::mysql::password: {get_input: nova_password}
1582 nova::db::mysql_api::password: {get_input: nova_password}
1583 nova_enable_db_purge: {get_input: nova_enable_db_purge}
1586 apache::ip: {get_input: horizon_network}
1587 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1588 horizon::django_debug: {get_input: debug}
1589 horizon::secret_key: {get_input: horizon_secret}
1590 horizon::bind_address: {get_input: horizon_network}
1591 horizon::keystone_url: {get_input: keystone_auth_uri}
1594 sahara::host: {get_input: sahara_api_network}
1602 sahara::admin_password: {get_input: sahara_password}
1603 sahara::auth_uri: {get_input: keystone_auth_uri}
1604 sahara::admin_user: sahara
1605 sahara::identity_uri: {get_input: keystone_identity_uri}
1606 sahara::use_neutron: true
1607 sahara::database_connection: {get_input: sahara_dsn}
1608 sahara::debug: {get_input: debug}
1609 sahara::rpc_backend: rabbit
1610 sahara::rabbit_userid: {get_input: rabbit_username}
1611 sahara::rabbit_password: {get_input: rabbit_password}
1612 sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1613 sahara::rabbit_port: {get_input: rabbit_client_port}
1614 sahara::db::mysql::password: {get_input: sahara_password}
1617 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1618 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1619 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1620 rabbitmq::default_user: {get_input: rabbit_username}
1621 rabbitmq::default_pass: {get_input: rabbit_password}
1623 redis::bind: {get_input: redis_network}
1624 redis_vip: {get_input: redis_vip}
1626 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
1627 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
1629 memcached::listen_ip: {get_input: memcached_network}
1630 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1631 ntp::servers: {get_input: ntp_servers}
1632 timezone::timezone: {get_input: timezone}
1633 control_virtual_interface: {get_input: control_virtual_interface}
1634 public_virtual_interface: {get_input: public_virtual_interface}
1635 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1636 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1637 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1638 tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
1639 tripleo::packages::enable_install: {get_input: enable_package_install}
1640 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1642 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1643 ControllerExtraConfigPre:
1644 depends_on: ControllerDeployment
1645 type: OS::TripleO::ControllerExtraConfigPre
1647 server: {get_resource: Controller}
1649 # Hook for site-specific additional pre-deployment config,
1650 # applying to all nodes, e.g node registration/unregistration
1652 depends_on: [ControllerExtraConfigPre, NodeTLSData]
1653 type: OS::TripleO::NodeExtraConfig
1655 server: {get_resource: Controller}
1658 type: OS::TripleO::Tasks::PackageUpdate
1661 type: OS::Heat::SoftwareDeployment
1663 name: UpdateDeployment
1664 config: {get_resource: UpdateConfig}
1665 server: {get_resource: Controller}
1668 get_param: UpdateIdentifier
1672 description: IP address of the server in the ctlplane network
1673 value: {get_attr: [Controller, networks, ctlplane, 0]}
1674 external_ip_address:
1675 description: IP address of the server in the external network
1676 value: {get_attr: [ExternalPort, ip_address]}
1677 internal_api_ip_address:
1678 description: IP address of the server in the internal_api network
1679 value: {get_attr: [InternalApiPort, ip_address]}
1681 description: IP address of the server in the storage network
1682 value: {get_attr: [StoragePort, ip_address]}
1683 storage_mgmt_ip_address:
1684 description: IP address of the server in the storage_mgmt network
1685 value: {get_attr: [StorageMgmtPort, ip_address]}
1687 description: IP address of the server in the tenant network
1688 value: {get_attr: [TenantPort, ip_address]}
1689 management_ip_address:
1690 description: IP address of the server in the management network
1691 value: {get_attr: [ManagementPort, ip_address]}
1693 description: Hostname of the server
1694 value: {get_attr: [Controller, name]}
1697 Node object in the format {ip: ..., name: ...} format that the corosync
1700 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1701 name: {get_attr: [Controller, name]}
1704 Server's IP address and hostname in the /etc/hosts format
1708 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
1709 EXTERNALIP EXTERNALHOST
1710 INTERNAL_APIIP INTERNAL_APIHOST
1711 STORAGEIP STORAGEHOST
1712 STORAGE_MGMTIP STORAGE_MGMTHOST
1714 MANAGEMENTIP MANAGEMENTHOST
1716 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1717 DOMAIN: {get_param: CloudDomain}
1718 PRIMARYHOST: {get_attr: [Controller, name]}
1719 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
1723 - - {get_attr: [Controller, name]}
1725 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
1729 - - {get_attr: [Controller, name]}
1731 STORAGEIP: {get_attr: [StoragePort, ip_address]}
1735 - - {get_attr: [Controller, name]}
1737 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
1741 - - {get_attr: [Controller, name]}
1743 TENANTIP: {get_attr: [TenantPort, ip_address]}
1747 - - {get_attr: [Controller, name]}
1749 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
1753 - - {get_attr: [Controller, name]}
1755 nova_server_resource:
1756 description: Heat resource handle for the Nova compute server
1758 {get_resource: Controller}
1760 description: Swift device formatted for swift-ring-builder
1763 template: 'r1z1-IP:%PORT%/d1'
1765 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1766 swift_proxy_memcache:
1767 description: Swift proxy-memcache value
1770 template: "IP:11211"
1772 IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1774 description: identifier which changes if the controller configuration may need re-applying
1778 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1779 - {get_attr: [NodeTLSCAData, deploy_stdout]}
1780 - {get_attr: [NodeTLSData, deploy_stdout]}
1781 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1782 - {get_param: UpdateIdentifier}
1783 tls_key_modulus_md5:
1784 description: MD5 checksum of the TLS Key Modulus
1785 value: {get_attr: [NodeTLSData, key_modulus_md5]}
1786 tls_cert_modulus_md5:
1787 description: MD5 checksum of the TLS Certificate Modulus
1788 value: {get_attr: [NodeTLSData, cert_modulus_md5]}