1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
8 default: 'admin@example.com'
9 description: The email for the keystone admin account.
14 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
19 description: The keystone auth secret and db password.
22 CeilometerApiVirtualIP:
27 description: The ceilometer backend type.
29 CeilometerMeteringSecret:
31 description: Secret shared by the ceilometer services.
36 description: The password for the ceilometer service and db account.
42 CinderEnableNfsBackend:
44 description: Whether to enable or not the NFS backend for Cinder
46 CinderEnableIscsiBackend:
48 description: Whether to enable or not the Iscsi backend for Cinder
50 CinderEnableRbdBackend:
52 description: Whether to enable or not the Rbd backend for Cinder
56 description: The iSCSI helper to use with cinder.
58 CinderLVMLoopDeviceSize:
60 description: The size of the loopback file used by the cinder LVM driver.
62 CinderNfsMountOptions:
65 Mount options for NFS mounts used by Cinder NFS backend. Effective
66 when CinderEnableNfsBackend is true.
71 NFS servers used by Cinder NFS backend. Effective when
72 CinderEnableNfsBackend is true.
73 type: comma_delimited_list
76 description: The password for the cinder service and db account, used by cinder-api.
81 description: Contains parameters to configure Cinder backends. Typically
82 set via parameter_defaults in the resource registry.
86 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
88 ControllerExtraConfig:
91 Controller specific hiera configuration data to inject into the cluster.
93 ControlVirtualInterface:
95 description: Interface where virtual ip will be assigned.
99 description: Set to True to enable debugging on all services.
103 description: Whether to enable fencing in Pacemaker or not.
107 description: Whether to use Galera instead of regular MariaDB.
111 description: Whether to deploy Ceph Storage (OSD) on the Controller
115 description: Whether to enable Swift Storage on the Controller
120 Additional hieradata to inject into the cluster, note that
121 ControllerExtraConfig takes precedence over ExtraConfig.
126 Pacemaker fencing configuration. The JSON should have
127 the following structure:
131 "agent": "AGENT_NAME",
132 "host_mac": "HOST_MAC_ADDRESS",
133 "params": {"PARAM_NAME": "PARAM_VALUE"}
141 "agent": "fence_xvm",
142 "host_mac": "52:54:00:aa:bb:cc",
144 "multicast_address": "225.0.0.12",
145 "port": "baremetal_0",
147 "manage_key_file": true,
148 "key_file": "/etc/fence_xvm.key",
149 "key_file_password": "abcdef"
156 description: Flavor for control nodes to request when deploying.
159 - custom_constraint: nova.flavor
160 GlanceNotifierStrategy:
161 description: Strategy to use for Glance notification queue
165 description: The filepath of the file to use for logging messages from Glance.
170 description: The password for the glance service and db account, used by the glance services.
175 description: Glance port.
179 description: Protocol to use when connecting to glance, set to https for SSL.
183 description: The short name of the Glance backend to use. Should be one
184 of swift, rbd, or file
187 - allowed_values: ['swift', 'file', 'rbd']
188 GlanceFilePcmkDevice:
191 An exported storage device that should be mounted by Pacemaker
192 as Glance storage. Effective when GlanceFilePcmkManage is true.
194 GlanceFilePcmkFstype:
197 Filesystem type for Pacemaker mount used as Glance storage.
198 Effective when GlanceFilePcmkManage is true.
200 GlanceFilePcmkManage:
203 Whether to make Glance file backend a mount managed by Pacemaker.
204 Effective when GlanceBackend is 'file'.
206 GlanceFilePcmkOptions:
209 Mount options for Pacemaker mount used as Glance storage.
210 Effective when GlanceFilePcmkManage is true.
212 HAProxySyslogAddress:
214 description: Syslog address where HAproxy will send its log
218 description: The password for the Heat service and db account, used by the Heat services.
221 HeatStackDomainAdminPassword:
222 description: Password for heat_domain_admin user.
226 HeatAuthEncryptionKey:
227 description: Auth encryption key for heat-engine
232 description: A list of IP/Hostname allowed to connect to horizon
233 type: comma_delimited_list
235 description: Secret key for Django
240 default: overcloud-control
242 - custom_constraint: glance.image
244 default: 'REBUILD_PRESERVE_EPHEMERAL'
245 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
249 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
252 - custom_constraint: nova.keypair
253 KeystoneCACertificate:
255 description: Keystone self-signed certificate authority certificate.
257 KeystoneSigningCertificate:
259 description: Keystone certificate for verifying token validity.
263 description: Keystone key for signing tokens.
266 KeystoneSSLCertificate:
268 description: Keystone certificate for verifying token validity.
270 KeystoneSSLCertificateKey:
272 description: Keystone key for signing tokens.
275 KeystoneNotificationDriver:
276 description: Comma-separated list of Oslo notification drivers used by Keystone
277 default: ['messaging']
278 type: comma_delimited_list
279 KeystoneNotificationFormat:
280 description: The Keystone notification format
284 - allowed_values: [ 'basic', 'cadf' ]
288 description: Keystone region for endpoint
289 MysqlClusterUniquePart:
290 description: A unique identifier of the MySQL cluster the controller is in.
292 default: 'unset' # Has to be here because of the ignored empty value bug
293 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
295 # - length: {min: 4, max: 10}
296 MysqlInnodbBufferPoolSize:
298 Specifies the size of the buffer pool in megabytes. Setting to
299 zero should be interpreted as "no value" and will defer to the
304 description: Configures MySQL max_connections config setting
310 default: '' # Has to be here because of the ignored empty value bug
311 NeutronExternalNetworkBridge:
312 description: Name of bridge used for external network traffic.
315 NeutronBridgeMappings:
317 The OVS logical->physical bridge mappings to use. See the Neutron
318 documentation for details. Defaults to mapping br-ex - the external
319 bridge on hosts - to a physical name 'datacentre' which can be used
320 to create provider networks (and we use this for the default floating
321 network) - if changing this either use different post-install network
322 scripts or be sure to keep 'datacentre' as a mapping network name.
324 default: "datacentre:br-ex"
325 NeutronDnsmasqOptions:
326 default: 'dhcp-option-force=26,1400'
327 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
331 description: Agent mode for the neutron-l3-agent on the controller hosts
335 description: Whether to enable l3-agent HA
337 NeutronDhcpAgentsPerNetwork:
340 description: The number of neutron dhcp agents to schedule per network
343 description: Whether to configure Neutron Distributed Virtual Routers
345 NeutronMetadataProxySharedSecret:
347 description: Shared secret to prevent spoofing
353 The core plugin for Neutron. The value should be the entrypoint to be loaded
354 from neutron.core_plugins namespace.
356 NeutronServicePlugins:
359 Comma-separated list of service plugin entrypoints to be loaded from the
360 neutron.service_plugins namespace.
361 type: comma_delimited_list
363 default: "vxlan,vlan,flat,gre"
365 Comma-separated list of network type driver entrypoints to be loaded.
366 type: comma_delimited_list
367 NeutronMechanismDrivers:
368 default: 'openvswitch'
370 The mechanism drivers for the Neutron tenant network. To specify multiple
371 values, use a comma separated string, like so: 'openvswitch,l2_population'
373 NeutronAllowL3AgentFailover:
375 description: Allow automatic l3-agent failover
377 NeutronEnableTunnelling:
382 default: 'datacentre'
383 description: If set, flat networks to configure in neutron plugins.
386 description: Whether to enable l3-agent HA
390 description: The tenant network type for Neutron, either gre or vxlan.
392 NeutronNetworkVLANRanges:
393 default: 'datacentre'
395 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
396 Neutron documentation for permitted values. Defaults to permitting any
397 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
398 type: comma_delimited_list
401 description: The password for the neutron service and db account, used by neutron agents.
404 NeutronPublicInterface:
406 description: What interface to bridge onto br-ex for network nodes.
408 NeutronPublicInterfaceTag:
411 VLAN tag for creating a public VLAN. The tag will be used to
412 create an access port on the exterior bridge for each control plane node,
413 and that port will be given the IP address returned by neutron from the
414 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
415 overcloud.yaml to include the deployment of VLAN ports to the control
418 NeutronPublicInterfaceDefaultRoute:
420 description: A custom default route for the NeutronPublicInterface.
422 NeutronPublicInterfaceIP:
424 description: A custom IP address to put onto the NeutronPublicInterface.
426 NeutronPublicInterfaceRawDevice:
428 description: If set, the public interface is a vlan with this device as the raw device.
433 The tunnel types for the Neutron tenant network. To specify multiple
434 values, use a comma separated string, like so: 'gre,vxlan'
436 NeutronTunnelIdRanges:
438 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
439 of GRE tunnel IDs that are available for tenant network allocation
440 default: ["1:1000", ]
441 type: comma_delimited_list
444 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
445 of VXLAN VNI IDs that are available for tenant network allocation
446 default: ["1:1000", ]
447 type: comma_delimited_list
453 description: The password for the nova service and db account, used by nova-api.
458 description: Should MongoDb journaling be disabled
462 description: Comma-separated list of ntp servers
463 type: comma_delimited_list
466 description: The password for the 'pcsd' user.
468 PublicVirtualInterface:
471 Specifies the interface where the public-facing virtual ip will be assigned.
472 This should be int_public when a VLAN is being used.
476 default: '' # Has to be here because of the ignored empty value bug
479 default: '' # Has to be here because of the ignored empty value bug
483 description: The password for RabbitMQ
488 description: The username for RabbitMQ
493 Rabbit client subscriber parameter to specify
494 an SSL connection to the RabbitMQ host.
498 description: Set rabbit subscriber port, change this if using SSL
502 description: Configures RabbitMQ FD limit
506 default: '' # Has to be here because of the ignored empty value bug
507 SnmpdReadonlyUserName:
508 default: ro_snmp_user
509 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
511 SnmpdReadonlyUserPassword:
513 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
518 description: If set, the contents of an SSL certificate authority file.
522 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
527 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
532 description: A random string to be used as a salt when hashing to determine mappings
538 description: Value of mount_check in Swift account/container/object -server.conf
543 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
546 description: Partition Power to use when building Swift rings
550 description: The password for the swift service account, used by the swift proxy
560 description: How many replicas to use in the swift rings.
561 VirtualIP: # DEPRECATED: use per service settings instead
563 default: '' # Has to be here because of the ignored empty value bug
570 GlanceRegistryVirtualIP:
576 KeystoneAdminApiVirtualIP:
579 KeystonePublicApiVirtualIP:
585 EnablePackageInstall:
587 description: Set to true to enable package installation via Puppet
591 description: Mapping of service_name -> network name. Typically set
592 via parameter_defaults in the resource registry.
598 Setting to a previously unused value during stack-update will trigger
599 package update on all nodes
602 default: '' # Defaults to Heat created hostname
607 type: OS::Nova::Server
609 image: {get_param: Image}
610 image_update_policy: {get_param: ImageUpdatePolicy}
611 flavor: {get_param: Flavor}
612 key_name: {get_param: KeyName}
615 user_data_format: SOFTWARE_CONFIG
616 user_data: {get_resource: UserData}
617 name: {get_param: Hostname}
619 # Combine the NodeAdminUserData and NodeUserData mime archives
621 type: OS::Heat::MultipartMime
624 - config: {get_resource: NodeAdminUserData}
626 - config: {get_resource: NodeUserData}
629 # Creates the "heat-admin" user if configured via the environment
630 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
632 type: OS::TripleO::NodeAdminUserData
634 # For optional operator additional userdata
635 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
637 type: OS::TripleO::NodeUserData
640 type: OS::TripleO::Controller::Ports::ExternalPort
642 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
645 type: OS::TripleO::Controller::Ports::InternalApiPort
647 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
650 type: OS::TripleO::Controller::Ports::StoragePort
652 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
655 type: OS::TripleO::Controller::Ports::StorageMgmtPort
657 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
660 type: OS::TripleO::Controller::Ports::TenantPort
662 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
665 type: OS::TripleO::Network::Ports::NetIpMap
667 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
668 ExternalIp: {get_attr: [ExternalPort, ip_address]}
669 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
670 StorageIp: {get_attr: [StoragePort, ip_address]}
671 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
672 TenantIp: {get_attr: [TenantPort, ip_address]}
675 type: OS::TripleO::Network::Ports::NetIpSubnetMap
677 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
678 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
679 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
680 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
681 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
682 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
685 type: OS::TripleO::Controller::Net::SoftwareConfig
687 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
688 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
689 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
690 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
691 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
692 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
695 type: OS::TripleO::SoftwareDeployment
697 config: {get_resource: NetworkConfig}
698 server: {get_resource: Controller}
701 interface_name: {get_param: NeutronPublicInterface}
703 ControllerDeployment:
704 type: OS::TripleO::SoftwareDeployment
705 depends_on: NetworkDeployment
707 config: {get_resource: ControllerConfig}
708 server: {get_resource: Controller}
710 bootstack_nodeid: {get_attr: [Controller, name]}
711 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
712 haproxy_log_address: {get_param: HAProxySyslogAddress}
713 heat.watch_server_url:
717 - {get_param: HeatApiVirtualIP}
719 heat.metadata_server_url:
723 - {get_param: HeatApiVirtualIP}
725 heat.waitcondition_server_url:
729 - {get_param: HeatApiVirtualIP}
730 - ':8000/v1/waitcondition'
731 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
732 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
733 horizon_secret: {get_param: HorizonSecret}
734 admin_email: {get_param: AdminEmail}
735 admin_password: {get_param: AdminPassword}
736 admin_token: {get_param: AdminToken}
737 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
738 debug: {get_param: Debug}
739 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
740 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
741 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
744 template: "['SERVERS']"
749 - {get_param: CinderNfsServers}
750 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
751 cinder_password: {get_param: CinderPassword}
752 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
753 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
754 cinder_backend_config: {get_param: CinderBackendConfig}
758 - - 'mysql://cinder:'
759 - {get_param: CinderPassword}
761 - {get_param: MysqlVirtualIP}
763 glance_port: {get_param: GlancePort}
764 glance_password: {get_param: GlancePassword}
765 glance_backend: {get_param: GlanceBackend}
766 glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
767 glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
768 glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
769 glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
770 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
771 glance_log_file: {get_param: GlanceLogFile}
775 - - 'mysql://glance:'
776 - {get_param: GlancePassword}
778 - {get_param: MysqlVirtualIP}
780 heat_password: {get_param: HeatPassword}
781 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
786 - {get_param: HeatPassword}
788 - {get_param: MysqlVirtualIP}
790 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
791 keystone_ca_certificate: {get_param: KeystoneCACertificate}
792 keystone_signing_key: {get_param: KeystoneSigningKey}
793 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
794 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
795 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
796 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
797 keystone_notification_format: {get_param: KeystoneNotificationFormat}
801 - - 'mysql://keystone:'
802 - {get_param: AdminToken}
804 - {get_param: MysqlVirtualIP}
806 keystone_identity_uri:
810 - {get_param: KeystoneAdminApiVirtualIP}
816 - {get_param: KeystonePublicApiVirtualIP}
822 - {get_param: PublicVirtualIP}
824 keystone_internal_url:
828 - {get_param: KeystonePublicApiVirtualIP}
834 - {get_param: KeystonePublicApiVirtualIP}
835 - ':5000/v2.0/ec2tokens'
836 enable_fencing: {get_param: EnableFencing}
837 enable_galera: {get_param: EnableGalera}
838 enable_ceph_storage: {get_param: EnableCephStorage}
839 enable_swift_storage: {get_param: EnableSwiftStorage}
840 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
841 mysql_max_connections: {get_param: MysqlMaxConnections}
842 mysql_root_password: {get_param: MysqlRootPassword}
845 template: tripleo-CLUSTER
847 CLUSTER: {get_param: MysqlClusterUniquePart}
848 neutron_flat_networks: {get_param: NeutronFlatNetworks}
849 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
850 neutron_agent_mode: {get_param: NeutronAgentMode}
851 neutron_router_distributed: {get_param: NeutronDVR}
852 neutron_core_plugin: {get_param: NeutronCorePlugin}
853 neutron_service_plugins:
855 template: "['PLUGINS']"
860 - {get_param: NeutronServicePlugins}
861 neutron_type_drivers:
863 template: "['DRIVERS']"
868 - {get_param: NeutronTypeDrivers}
869 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
870 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
871 neutron_l3_ha: {get_param: NeutronL3HA}
872 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
873 neutron_network_vlan_ranges:
875 template: "['RANGES']"
880 - {get_param: NeutronNetworkVLANRanges}
881 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
882 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
883 neutron_public_interface: {get_param: NeutronPublicInterface}
884 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
885 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
886 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
887 neutron_tenant_network_type: {get_param: NeutronNetworkType}
888 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
889 neutron_tunnel_id_ranges:
891 template: "['RANGES']"
896 - {get_param: NeutronTunnelIdRanges}
899 template: "['RANGES']"
904 - {get_param: NeutronVniRanges}
905 neutron_password: {get_param: NeutronPassword}
906 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
910 - - 'mysql://neutron:'
911 - {get_param: NeutronPassword}
913 - {get_param: MysqlVirtualIP}
914 - '/ovs_neutron?charset=utf8'
919 - {get_param: NeutronApiVirtualIP}
921 neutron_admin_auth_url:
925 - {get_param: KeystoneAdminApiVirtualIP}
927 ceilometer_backend: {get_param: CeilometerBackend}
928 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
929 ceilometer_password: {get_param: CeilometerPassword}
930 ceilometer_coordination_url:
934 - {get_param: RedisVirtualIP}
939 - - 'mysql://ceilometer:'
940 - {get_param: CeilometerPassword}
942 - {get_param: MysqlVirtualIP}
944 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
945 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
946 nova_password: {get_param: NovaPassword}
951 - {get_param: NovaPassword}
953 - {get_param: MysqlVirtualIP}
955 fencing_config: {get_param: FencingConfig}
956 pcsd_password: {get_param: PcsdPassword}
957 rabbit_username: {get_param: RabbitUserName}
958 rabbit_password: {get_param: RabbitPassword}
959 rabbit_cookie: {get_param: RabbitCookie}
960 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
961 rabbit_client_port: {get_param: RabbitClientPort}
962 mongodb_no_journal: {get_param: MongoDbNoJournal}
963 # We need to force this into quotes or hiera will return integer causing
964 # the puppet module validation regexp to fail.
965 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
970 LIMIT: {get_param: RabbitFDLimit}
971 ntp_servers: {get_param: NtpServer}
972 control_virtual_interface: {get_param: ControlVirtualInterface}
973 public_virtual_interface: {get_param: PublicVirtualInterface}
974 swift_hash_suffix: {get_param: SwiftHashSuffix}
975 swift_password: {get_param: SwiftPassword}
976 swift_part_power: {get_param: SwiftPartPower}
977 swift_replicas: {get_param: SwiftReplicas}
978 swift_min_part_hours: {get_param: SwiftMinPartHours}
979 swift_mount_check: {get_param: SwiftMountCheck}
980 enable_package_install: {get_param: EnablePackageInstall}
981 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
982 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
983 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
984 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
985 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
986 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
987 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
991 - - {get_param: GlanceProtocol}
993 - {get_param: GlanceApiVirtualIP}
995 - {get_param: GlancePort}
996 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
997 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
998 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
999 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
1000 keystone_region: {get_param: KeystoneRegion}
1001 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
1002 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
1003 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
1004 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
1005 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
1006 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
1007 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
1008 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
1009 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
1010 redis_vip: {get_param: RedisVirtualIP}
1011 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1012 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
1013 mysql_virtual_ip: {get_param: MysqlVirtualIP}
1014 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
1015 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1016 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1018 # Map heat metadata into hiera datafiles
1020 type: OS::Heat::StructuredConfig
1022 group: os-apply-config
1027 - heat_config_%{::deploy_config_name}
1028 - controller_extraconfig
1033 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
1034 - ceph_cluster # provided by CephClusterConfig
1036 - bootstrap_node # provided by BootstrapNodeConfig
1037 - all_nodes # provided by allNodesConfig
1038 - vip_data # provided by vip-config
1041 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
1042 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
1043 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
1044 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
1046 controller_extraconfig:
1047 mapped_data: {get_param: ControllerExtraConfig}
1049 mapped_data: {get_param: ExtraConfig}
1051 raw_data: {get_file: hieradata/common.yaml}
1053 raw_data: {get_file: hieradata/ceph.yaml}
1055 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1056 ceph::profile::params::public_network: {get_input: ceph_public_network}
1057 ceph::mon::public_addr: {get_input: ceph_public_ip}
1059 raw_data: {get_file: hieradata/database.yaml}
1061 raw_data: {get_file: hieradata/object.yaml}
1063 raw_data: {get_file: hieradata/controller.yaml}
1064 mapped_data: # data supplied directly to this deployment configuration, etc
1065 bootstack_nodeid: {get_input: bootstack_nodeid}
1068 enable_fencing: {get_input: enable_fencing}
1069 hacluster_pwd: {get_input: pcsd_password}
1070 tripleo::fencing::config: {get_input: fencing_config}
1073 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1074 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1075 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1076 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1077 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1078 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1079 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1080 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1081 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1082 swift_mount_check: {get_input: swift_mount_check}
1084 # NOTE(dprince): build_ring support is currently not wired in.
1085 # See: https://review.openstack.org/#/c/109225/
1086 tripleo::ringbuilder::build_ring: True
1089 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1090 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1091 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1092 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1093 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1094 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1095 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1096 cinder::database_connection: {get_input: cinder_dsn}
1097 cinder::api::keystone_password: {get_input: cinder_password}
1098 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1099 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1100 cinder::api::bind_host: {get_input: cinder_api_network}
1101 cinder::rabbit_userid: {get_input: rabbit_username}
1102 cinder::rabbit_password: {get_input: rabbit_password}
1103 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1104 cinder::rabbit_port: {get_input: rabbit_client_port}
1105 cinder::debug: {get_input: debug}
1106 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1107 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1108 cinder_backend_config: {get_input: CinderBackendConfig}
1109 cinder::db::mysql::password: {get_input: cinder_password}
1112 glance::api::bind_port: {get_input: glance_port}
1113 glance::api::bind_host: {get_input: glance_api_network}
1114 glance::api::auth_uri: {get_input: keystone_auth_uri}
1115 glance::api::identity_uri: {get_input: keystone_identity_uri}
1116 glance::api::registry_host: {get_input: glance_registry_host}
1117 glance::api::keystone_password: {get_input: glance_password}
1118 glance::api::debug: {get_input: debug}
1119 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1120 glance_log_file: {get_input: glance_log_file}
1121 glance_log_file: {get_input: glance_log_file}
1122 glance::api::database_connection: {get_input: glance_dsn}
1123 glance::registry::keystone_password: {get_input: glance_password}
1124 glance::registry::database_connection: {get_input: glance_dsn}
1125 glance::registry::bind_host: {get_input: glance_registry_network}
1126 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1127 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1128 glance::registry::debug: {get_input: debug}
1129 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1130 glance::backend::swift::swift_store_user: service:glance
1131 glance::backend::swift::swift_store_key: {get_input: glance_password}
1132 glance_backend: {get_input: glance_backend}
1133 glance::db::mysql::password: {get_input: glance_password}
1134 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
1135 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
1136 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
1137 glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
1140 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1141 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1142 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1143 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1144 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1145 heat::rabbit_userid: {get_input: rabbit_username}
1146 heat::rabbit_password: {get_input: rabbit_password}
1147 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1148 heat::rabbit_port: {get_input: rabbit_client_port}
1149 heat::auth_uri: {get_input: keystone_auth_uri}
1150 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1151 heat::identity_uri: {get_input: keystone_identity_uri}
1152 heat::keystone_password: {get_input: heat_password}
1153 heat::api::bind_host: {get_input: heat_api_network}
1154 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1155 heat::api_cfn::bind_host: {get_input: heat_api_network}
1156 heat::database_connection: {get_input: heat_dsn}
1157 heat::debug: {get_input: debug}
1158 heat::db::mysql::password: {get_input: heat_password}
1161 keystone::admin_token: {get_input: admin_token}
1162 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1163 keystone_signing_key: {get_input: keystone_signing_key}
1164 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1165 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1166 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1167 keystone::database_connection: {get_input: keystone_dsn}
1168 keystone::public_bind_host: {get_input: keystone_public_api_network}
1169 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1170 keystone::debug: {get_input: debug}
1171 keystone::db::mysql::password: {get_input: admin_token}
1172 keystone::rabbit_userid: {get_input: rabbit_username}
1173 keystone::rabbit_password: {get_input: rabbit_password}
1174 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1175 keystone::rabbit_port: {get_input: rabbit_client_port}
1176 keystone::notification_driver: {get_input: keystone_notification_driver}
1177 keystone::notification_format: {get_input: keystone_notification_format}
1178 keystone::roles::admin::email: {get_input: admin_email}
1179 keystone::roles::admin::password: {get_input: admin_password}
1180 keystone::endpoint::public_url: {get_input: keystone_public_url}
1181 keystone::endpoint::internal_url: {get_input: keystone_internal_url}
1182 keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
1183 keystone::endpoint::region: {get_input: keystone_region}
1185 mongodb::server::bind_ip: {get_input: mongo_db_network}
1186 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1188 admin_password: {get_input: admin_password}
1189 enable_galera: {get_input: enable_galera}
1190 enable_ceph_storage: {get_input: enable_ceph_storage}
1191 enable_swift_storage: {get_input: enable_swift_storage}
1192 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1193 mysql_max_connections: {get_input: mysql_max_connections}
1194 mysql::server::root_password: {get_input: mysql_root_password}
1195 mysql_cluster_name: {get_input: mysql_cluster_name}
1196 mysql_bind_host: {get_input: mysql_network}
1197 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1200 neutron::bind_host: {get_input: neutron_api_network}
1201 neutron::rabbit_password: {get_input: rabbit_password}
1202 neutron::rabbit_user: {get_input: rabbit_user}
1203 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1204 neutron::rabbit_port: {get_input: rabbit_client_port}
1205 neutron::debug: {get_input: debug}
1206 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1207 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1208 neutron::server::database_connection: {get_input: neutron_dsn}
1209 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1210 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1211 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1212 neutron_flat_networks: {get_input: neutron_flat_networks}
1213 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1214 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1215 neutron_agent_mode: {get_input: neutron_agent_mode}
1216 neutron_router_distributed: {get_input: neutron_router_distributed}
1217 neutron::core_plugin: {get_input: neutron_core_plugin}
1218 neutron::service_plugins: {get_input: neutron_service_plugins}
1219 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1220 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1221 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1222 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1223 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1224 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1225 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1226 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1227 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1228 neutron_public_interface: {get_input: neutron_public_interface}
1229 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1230 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1231 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1232 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1233 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1234 neutron::server::auth_password: {get_input: neutron_password}
1235 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1236 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1237 neutron_dsn: {get_input: neutron_dsn}
1238 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1239 neutron::db::mysql::password: {get_input: neutron_password}
1242 ceilometer_backend: {get_input: ceilometer_backend}
1243 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1244 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1245 ceilometer::rabbit_userid: {get_input: rabbit_username}
1246 ceilometer::rabbit_password: {get_input: rabbit_password}
1247 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1248 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1249 ceilometer::debug: {get_input: debug}
1250 ceilometer::api::host: {get_input: ceilometer_api_network}
1251 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1252 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1253 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1254 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1255 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1256 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1257 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1258 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1259 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1262 nova::rabbit_userid: {get_input: rabbit_username}
1263 nova::rabbit_password: {get_input: rabbit_password}
1264 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1265 nova::rabbit_port: {get_input: rabbit_client_port}
1266 nova::debug: {get_input: debug}
1267 nova::api::auth_uri: {get_input: keystone_auth_uri}
1268 nova::api::identity_uri: {get_input: keystone_identity_uri}
1269 nova::api::api_bind_address: {get_input: nova_api_network}
1270 nova::api::metadata_listen: {get_input: nova_metadata_network}
1271 nova::api::admin_password: {get_input: nova_password}
1272 nova::database_connection: {get_input: nova_dsn}
1273 nova::glance_api_servers: {get_input: glance_api_servers}
1274 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1275 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1276 nova::network::neutron::neutron_url: {get_input: neutron_url}
1277 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1278 nova::vncproxy::host: {get_input: nova_api_network}
1279 nova::db::mysql::password: {get_input: nova_password}
1282 apache::ip: {get_input: horizon_network}
1283 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1284 horizon::django_debug: {get_input: debug}
1285 horizon::secret_key: {get_input: horizon_secret}
1286 horizon::bind_address: {get_input: horizon_network}
1287 horizon::keystone_url: {get_input: keystone_auth_uri}
1290 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1291 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1292 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1294 redis::bind: {get_input: redis_network}
1295 redis_vip: {get_input: redis_vip}
1297 memcached::listen_ip: {get_input: memcached_network}
1298 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1299 ntp::servers: {get_input: ntp_servers}
1300 control_virtual_interface: {get_input: control_virtual_interface}
1301 public_virtual_interface: {get_input: public_virtual_interface}
1302 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1303 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1304 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1305 tripleo::packages::enable_install: {get_input: enable_package_install}
1306 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1308 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1309 ControllerExtraConfigPre:
1310 depends_on: ControllerDeployment
1311 type: OS::TripleO::ControllerExtraConfigPre
1313 server: {get_resource: Controller}
1315 # Hook for site-specific additional pre-deployment config,
1316 # applying to all nodes, e.g node registration/unregistration
1318 depends_on: ControllerExtraConfigPre
1319 type: OS::TripleO::NodeExtraConfig
1321 server: {get_resource: Controller}
1324 type: OS::TripleO::Tasks::PackageUpdate
1327 type: OS::Heat::SoftwareDeployment
1329 config: {get_resource: UpdateConfig}
1330 server: {get_resource: Controller}
1333 get_param: UpdateIdentifier
1337 description: IP address of the server in the ctlplane network
1338 value: {get_attr: [Controller, networks, ctlplane, 0]}
1339 external_ip_address:
1340 description: IP address of the server in the external network
1341 value: {get_attr: [ExternalPort, ip_address]}
1342 internal_api_ip_address:
1343 description: IP address of the server in the internal_api network
1344 value: {get_attr: [InternalApiPort, ip_address]}
1346 description: IP address of the server in the storage network
1347 value: {get_attr: [StoragePort, ip_address]}
1348 storage_mgmt_ip_address:
1349 description: IP address of the server in the storage_mgmt network
1350 value: {get_attr: [StorageMgmtPort, ip_address]}
1352 description: IP address of the server in the tenant network
1353 value: {get_attr: [TenantPort, ip_address]}
1355 description: Hostname of the server
1356 value: {get_attr: [Controller, name]}
1359 Node object in the format {ip: ..., name: ...} format that the corosync
1362 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1363 name: {get_attr: [Controller, name]}
1366 Server's IP address and hostname in the /etc/hosts format
1369 template: IP HOST.localdomain HOST CLOUDNAME
1371 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1372 HOST: {get_attr: [Controller, name]}
1373 CLOUDNAME: {get_param: CloudName}
1374 nova_server_resource:
1375 description: Heat resource handle for the Nova compute server
1377 {get_resource: Controller}
1379 description: Swift device formatted for swift-ring-builder
1382 template: 'r1z1-IP:%PORT%/d1'
1384 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1385 swift_proxy_memcache:
1386 description: Swift proxy-memcache value
1389 template: "IP:11211"
1391 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1393 description: identifier which changes if the controller configuration may need re-applying
1397 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1398 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1399 - {get_param: UpdateIdentifier}