1 heat_template_version: 2016-10-14
4 OpenStack controller node configured by Puppet.
8 description: The password for the aodh services.
11 controllerExtraConfig:
14 Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
16 ControllerExtraConfig:
19 Controller specific hiera configuration data to inject into the cluster.
24 A network mapped list of IPs to assign to Controllers in the following form:
26 "internal_api": ["a.b.c.d", "e.f.g.h"],
32 description: Enable IPv6 in Corosync
36 description: Set to True to enable debugging on all services.
40 description: Whether to enable fencing in Pacemaker or not.
44 description: Whether to deploy a LoadBalancer on the Controller
49 Additional hieradata to inject into the cluster, note that
50 ControllerExtraConfig takes precedence over ExtraConfig.
55 Pacemaker fencing configuration. The JSON should have
56 the following structure:
60 "agent": "AGENT_NAME",
61 "host_mac": "HOST_MAC_ADDRESS",
62 "params": {"PARAM_NAME": "PARAM_VALUE"}
71 "host_mac": "52:54:00:aa:bb:cc",
73 "multicast_address": "225.0.0.12",
74 "port": "baremetal_0",
76 "manage_key_file": true,
77 "key_file": "/etc/fence_xvm.key",
78 "key_file_password": "abcdef"
84 OvercloudControlFlavor:
85 description: Flavor for control nodes to request when deploying.
89 - custom_constraint: nova.flavor
91 description: Secret key for Django
96 default: overcloud-full
98 - custom_constraint: glance.image
100 default: 'REBUILD_PRESERVE_EPHEMERAL'
101 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
103 InstanceNameTemplate:
104 default: 'instance-%08x'
105 description: Template string to be used to generate instance names
109 description: Name of an existing Nova key pair to enable SSH access to the instances
112 - custom_constraint: nova.keypair
115 description: Whether to manage IPtables rules.
119 description: Enable IPv6 features in Memcached.
123 description: Whether IPtables rules should be purged before setting up the new ones.
125 NeutronMetadataProxySharedSecret:
126 description: Shared secret to prevent spoofing
130 description: The password for the neutron service and db account, used by neutron agents.
133 NeutronPublicInterface:
135 description: What interface to bridge onto br-ex for network nodes.
140 Whether to create cron job for purging soft deleted rows in Nova database.
144 description: Enable IPv6 features in Nova
147 description: The password for the nova service and db account, used by nova-api.
152 description: The password for the 'pcsd' user.
155 description: The password for Redis
160 default: '' # Has to be here because of the ignored empty value bug
163 default: '' # Has to be here because of the ignored empty value bug
164 description: An IP address which is wrapped in brackets in case of IPv6
167 description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
169 UpgradeLevelNovaCompute:
171 description: Nova Compute upgrade level
175 description: Mapping of service_name -> network name. Typically set
176 via parameter_defaults in the resource registry.
180 description: Mapping of service endpoint -> protocol. Typically set
181 via parameter_defaults in the resource registry.
187 Setting to a previously unused value during stack-update will trigger
188 package update on all nodes
191 default: '' # Defaults to Heat created hostname
195 description: Optional mapping to override hostnames
196 NetworkDeploymentActions:
197 type: comma_delimited_list
199 Heat action when to apply network configuration changes
204 SoftwareConfigTransport:
205 default: POLL_SERVER_CFN
207 How the server should receive the metadata required for software configuration.
210 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
214 The DNS domain used for the hosts. This should match the dhcp_domain
215 configured in the Undercloud neutron. Defaults to localdomain.
219 Extra properties or metadata passed to Nova for the created nodes in
220 the overcloud. It's accessible via the Nova metadata API.
222 ControllerSchedulerHints:
224 description: Optional scheduler hints to pass to nova
226 ServiceConfigSettings:
230 type: comma_delimited_list
234 description: Command which will be run whenever configuration data changes
235 default: os-refresh-config --timeout 14400
239 description: Do not use deprecated params, they will be removed.
241 - controllerExtraConfig
246 type: OS::TripleO::Server
249 command: {get_param: ConfigCommand}
251 image: {get_param: controllerImage}
252 image_update_policy: {get_param: ImageUpdatePolicy}
253 flavor: {get_param: OvercloudControlFlavor}
254 key_name: {get_param: KeyName}
257 user_data_format: SOFTWARE_CONFIG
258 user_data: {get_resource: UserData}
261 template: {get_param: Hostname}
262 params: {get_param: HostnameMap}
263 software_config_transport: {get_param: SoftwareConfigTransport}
264 metadata: {get_param: ServerMetadata}
265 scheduler_hints: {get_param: ControllerSchedulerHints}
267 # Combine the NodeAdminUserData and NodeUserData mime archives
269 type: OS::Heat::MultipartMime
272 - config: {get_resource: NodeAdminUserData}
274 - config: {get_resource: NodeUserData}
277 # Creates the "heat-admin" user if configured via the environment
278 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
280 type: OS::TripleO::NodeAdminUserData
282 # For optional operator additional userdata
283 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
285 type: OS::TripleO::NodeUserData
288 type: OS::TripleO::Controller::Ports::ExternalPort
290 IPPool: {get_param: ControllerIPs}
291 NodeIndex: {get_param: NodeIndex}
292 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
295 type: OS::TripleO::Controller::Ports::InternalApiPort
297 IPPool: {get_param: ControllerIPs}
298 NodeIndex: {get_param: NodeIndex}
299 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
302 type: OS::TripleO::Controller::Ports::StoragePort
304 IPPool: {get_param: ControllerIPs}
305 NodeIndex: {get_param: NodeIndex}
306 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
309 type: OS::TripleO::Controller::Ports::StorageMgmtPort
311 IPPool: {get_param: ControllerIPs}
312 NodeIndex: {get_param: NodeIndex}
313 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
316 type: OS::TripleO::Controller::Ports::TenantPort
318 IPPool: {get_param: ControllerIPs}
319 NodeIndex: {get_param: NodeIndex}
320 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
323 type: OS::TripleO::Controller::Ports::ManagementPort
325 IPPool: {get_param: ControllerIPs}
326 NodeIndex: {get_param: NodeIndex}
327 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
330 type: OS::TripleO::Network::Ports::NetIpMap
332 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
333 ExternalIp: {get_attr: [ExternalPort, ip_address]}
334 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
335 ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
336 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
337 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
338 InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
339 StorageIp: {get_attr: [StoragePort, ip_address]}
340 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
341 StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
342 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
343 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
344 StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
345 TenantIp: {get_attr: [TenantPort, ip_address]}
346 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
347 TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
348 ManagementIp: {get_attr: [ManagementPort, ip_address]}
349 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
350 ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
353 type: OS::TripleO::Controller::Net::SoftwareConfig
355 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
356 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
357 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
358 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
359 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
360 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
361 ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
364 type: OS::TripleO::SoftwareDeployment
366 name: NetworkDeployment
367 config: {get_resource: NetworkConfig}
368 server: {get_resource: Controller}
369 actions: {get_param: NetworkDeploymentActions}
372 interface_name: {get_param: NeutronPublicInterface}
374 # Resource for site-specific injection of root certificate
376 depends_on: NetworkDeployment
377 type: OS::TripleO::NodeTLSCAData
379 server: {get_resource: Controller}
381 # Resource for site-specific passing of private keys/certificates
383 depends_on: NodeTLSCAData
384 type: OS::TripleO::NodeTLSData
386 server: {get_resource: Controller}
387 NodeIndex: {get_param: NodeIndex}
390 ControllerDeployment:
391 type: OS::TripleO::SoftwareDeployment
392 depends_on: NetworkDeployment
394 name: ControllerDeployment
395 config: {get_resource: ControllerConfig}
396 server: {get_resource: Controller}
398 bootstack_nodeid: {get_attr: [Controller, name]}
399 horizon_secret: {get_param: HorizonSecret}
400 debug: {get_param: Debug}
401 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
402 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
403 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
404 enable_fencing: {get_param: EnableFencing}
405 enable_load_balancer: {get_param: EnableLoadBalancer}
406 manage_firewall: {get_param: ManageFirewall}
407 purge_firewall_rules: {get_param: PurgeFirewallRules}
408 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
409 aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
410 aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
411 aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
412 ceilometer_coordination_url:
416 - {get_param: RedisPassword}
418 - {get_param: RedisVirtualIPUri}
420 nova_enable_db_purge: {get_param: NovaEnableDBPurge}
421 nova_ipv6: {get_param: NovaIPv6}
422 corosync_ipv6: {get_param: CorosyncIPv6}
423 memcached_ipv6: {get_param: MemcachedIPv6}
424 nova_password: {get_param: NovaPassword}
425 upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
426 instance_name_template: {get_param: InstanceNameTemplate}
427 fencing_config: {get_param: FencingConfig}
428 pcsd_password: {get_param: PcsdPassword}
429 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
430 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
431 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
432 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
433 manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
434 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongodbNetwork]}]}
435 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
436 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
437 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
438 aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
439 gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
440 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
441 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
442 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
445 template: "['SUBNET']"
452 template: "NETWORK_subnet"
454 NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
455 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
456 redis_vip: {get_param: RedisVirtualIP}
457 sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
458 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
459 ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
461 # Map heat metadata into hiera datafiles
463 type: OS::Heat::StructuredConfig
465 group: os-apply-config
470 - heat_config_%{::deploy_config_name}
471 - controller_extraconfig
476 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
477 - bootstrap_node # provided by BootstrapNodeConfig
478 - all_nodes # provided by allNodesConfig
479 - vip_data # provided by vip-config
481 - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
482 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
483 - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
484 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
485 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
486 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
487 - midonet_data #Optionally provided by AllNodesExtraConfig
488 - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
489 merge_behavior: deeper
493 service_names: {get_param: ServiceNames}
497 - {get_param: ServiceConfigSettings}
498 - values: {get_attr: [NetIpMap, net_ip_map]}
499 controller_extraconfig:
502 - {get_param: controllerExtraConfig}
503 - {get_param: ControllerExtraConfig}
505 mapped_data: {get_param: ExtraConfig}
507 mapped_data: # data supplied directly to this deployment configuration, etc
508 bootstack_nodeid: {get_input: bootstack_nodeid}
511 enable_fencing: {get_input: enable_fencing}
512 enable_load_balancer: {get_input: enable_load_balancer}
513 hacluster_pwd: {get_input: pcsd_password}
514 corosync_ipv6: {get_input: corosync_ipv6}
515 tripleo::fencing::config: {get_input: fencing_config}
518 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
519 keystone::public_bind_host: {get_input: keystone_public_api_network}
520 keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
521 keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
524 manila::api::bind_host: {get_input: manila_api_network}
527 mongodb::server::bind_ip: {get_input: mongo_db_network}
530 neutron::bind_host: {get_input: neutron_api_network}
531 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
532 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
535 aodh::api::host: {get_input: aodh_api_network}
536 aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
539 ceilometer::api::host: {get_input: ceilometer_api_network}
540 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
541 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
544 gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
545 gnocchi::api::host: {get_input: gnocchi_api_network}
546 gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
547 gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
548 gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
551 nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
552 nova::use_ipv6: {get_input: nova_ipv6}
553 nova::api::api_bind_address: {get_input: nova_api_network}
554 nova::api::metadata_listen: {get_input: nova_metadata_network}
555 nova::glance_api_servers: {get_input: glance_api_servers}
556 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
557 nova::api::instance_name_template: {get_input: instance_name_template}
558 nova::vncproxy::host: {get_input: nova_api_network}
559 nova_enable_db_purge: {get_input: nova_enable_db_purge}
562 apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
563 apache::ip: {get_input: horizon_network}
564 horizon::django_debug: {get_input: debug}
565 horizon::secret_key: {get_input: horizon_secret}
566 horizon::bind_address: {get_input: horizon_network}
567 horizon::keystone_url: {get_input: keystone_auth_uri}
570 sahara::host: {get_input: sahara_api_network}
573 redis::bind: {get_input: redis_network}
574 redis_vip: {get_input: redis_vip}
576 tripleo::firewall::manage_firewall: {get_input: manage_firewall}
577 tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
579 memcached_ipv6: {get_input: memcached_ipv6}
580 memcached::listen_ip: {get_input: memcached_network}
581 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
582 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
584 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
585 ControllerExtraConfigPre:
586 depends_on: ControllerDeployment
587 type: OS::TripleO::ControllerExtraConfigPre
589 server: {get_resource: Controller}
591 # Hook for site-specific additional pre-deployment config,
592 # applying to all nodes, e.g node registration/unregistration
594 depends_on: [ControllerExtraConfigPre, NodeTLSData]
595 type: OS::TripleO::NodeExtraConfig
597 server: {get_resource: Controller}
600 type: OS::TripleO::Tasks::PackageUpdate
603 type: OS::Heat::SoftwareDeployment
605 name: UpdateDeployment
606 config: {get_resource: UpdateConfig}
607 server: {get_resource: Controller}
610 get_param: UpdateIdentifier
614 description: IP address of the server in the ctlplane network
615 value: {get_attr: [Controller, networks, ctlplane, 0]}
617 description: IP address of the server in the external network
618 value: {get_attr: [ExternalPort, ip_address]}
619 internal_api_ip_address:
620 description: IP address of the server in the internal_api network
621 value: {get_attr: [InternalApiPort, ip_address]}
623 description: IP address of the server in the storage network
624 value: {get_attr: [StoragePort, ip_address]}
625 storage_mgmt_ip_address:
626 description: IP address of the server in the storage_mgmt network
627 value: {get_attr: [StorageMgmtPort, ip_address]}
629 description: IP address of the server in the tenant network
630 value: {get_attr: [TenantPort, ip_address]}
631 management_ip_address:
632 description: IP address of the server in the management network
633 value: {get_attr: [ManagementPort, ip_address]}
635 description: Hostname of the server
636 value: {get_attr: [Controller, name]}
639 Server's IP address and hostname in the /etc/hosts format
643 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
644 EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
645 INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
646 STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
647 STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
648 TENANTIP TENANTHOST.DOMAIN TENANTHOST
649 MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
651 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
652 DOMAIN: {get_param: CloudDomain}
653 PRIMARYHOST: {get_attr: [Controller, name]}
654 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
658 - - {get_attr: [Controller, name]}
660 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
664 - - {get_attr: [Controller, name]}
666 STORAGEIP: {get_attr: [StoragePort, ip_address]}
670 - - {get_attr: [Controller, name]}
672 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
676 - - {get_attr: [Controller, name]}
678 TENANTIP: {get_attr: [TenantPort, ip_address]}
682 - - {get_attr: [Controller, name]}
684 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
688 - - {get_attr: [Controller, name]}
690 nova_server_resource:
691 description: Heat resource handle for the Nova compute server
693 {get_resource: Controller}
695 description: Swift device formatted for swift-ring-builder
701 - ['r1z1-IP:%PORT%/d1']
703 template: 'r1z1-IP:%PORT%/DEVICE'
705 DEVICE: {get_param: SwiftRawDisks}
712 template: "NETWORK_uri"
714 NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
715 swift_proxy_memcache:
716 description: Swift proxy-memcache value
726 template: "NETWORK_uri"
728 NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
730 description: MD5 checksum of the TLS Key Modulus
731 value: {get_attr: [NodeTLSData, key_modulus_md5]}
732 tls_cert_modulus_md5:
733 description: MD5 checksum of the TLS Certificate Modulus
734 value: {get_attr: [NodeTLSData, cert_modulus_md5]}