1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
8 default: 'admin@example.com'
9 description: The email for the keystone admin account.
14 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
19 description: The keystone auth secret and db password.
22 CeilometerApiVirtualIP:
27 description: The ceilometer backend type.
29 CeilometerMeteringSecret:
31 description: Secret shared by the ceilometer services.
36 description: The password for the ceilometer service and db account.
42 CinderEnableNfsBackend:
44 description: Whether to enable or not the NFS backend for Cinder
46 CinderEnableIscsiBackend:
48 description: Whether to enable or not the Iscsi backend for Cinder
50 CinderEnableRbdBackend:
52 description: Whether to enable or not the Rbd backend for Cinder
56 description: The iSCSI helper to use with cinder.
58 CinderLVMLoopDeviceSize:
60 description: The size of the loopback file used by the cinder LVM driver.
62 CinderNfsMountOptions:
65 Mount options for NFS mounts used by Cinder NFS backend. Effective
66 when CinderEnableNfsBackend is true.
71 NFS servers used by Cinder NFS backend. Effective when
72 CinderEnableNfsBackend is true.
73 type: comma_delimited_list
76 description: The password for the cinder service and db account, used by cinder-api.
81 description: Contains parameters to configure Cinder backends. Typically
82 set via parameter_defaults in the resource registry.
86 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
88 ControllerExtraConfig:
91 Controller specific hiera configuration data to inject into the cluster.
93 ControlVirtualInterface:
95 description: Interface where virtual ip will be assigned.
99 description: Set to True to enable debugging on all services.
103 description: Whether to enable fencing in Pacemaker or not.
107 description: Whether to use Galera instead of regular MariaDB.
111 description: Whether to deploy Ceph Storage (OSD) on the Controller
115 description: Whether to enable Swift Storage on the Controller
120 Additional hieradata to inject into the cluster, note that
121 ControllerExtraConfig takes precedence over ExtraConfig.
126 Pacemaker fencing configuration. The JSON should have
127 the following structure:
131 "agent": "AGENT_NAME",
132 "host_mac": "HOST_MAC_ADDRESS",
133 "params": {"PARAM_NAME": "PARAM_VALUE"}
141 "agent": "fence_xvm",
142 "host_mac": "52:54:00:aa:bb:cc",
144 "multicast_address": "225.0.0.12",
145 "port": "baremetal_0",
147 "manage_key_file": true,
148 "key_file": "/etc/fence_xvm.key",
149 "key_file_password": "abcdef"
156 description: Flavor for control nodes to request when deploying.
159 - custom_constraint: nova.flavor
160 GlanceNotifierStrategy:
161 description: Strategy to use for Glance notification queue
165 description: The filepath of the file to use for logging messages from Glance.
170 description: The password for the glance service and db account, used by the glance services.
175 description: Glance port.
179 description: Protocol to use when connecting to glance, set to https for SSL.
183 description: The short name of the Glance backend to use. Should be one
184 of swift, rbd, or file
187 - allowed_values: ['swift', 'file', 'rbd']
188 GlanceFilePcmkDevice:
191 An exported storage device that should be mounted by Pacemaker
192 as Glance storage. Effective when GlanceFilePcmkManage is true.
194 GlanceFilePcmkFstype:
197 Filesystem type for Pacemaker mount used as Glance storage.
198 Effective when GlanceFilePcmkManage is true.
200 GlanceFilePcmkManage:
203 Whether to make Glance file backend a mount managed by Pacemaker.
204 Effective when GlanceBackend is 'file'.
206 GlanceFilePcmkOptions:
209 Mount options for Pacemaker mount used as Glance storage.
210 Effective when GlanceFilePcmkManage is true.
212 HAProxySyslogAddress:
214 description: Syslog address where HAproxy will send its log
218 description: The password for the Heat service and db account, used by the Heat services.
221 HeatStackDomainAdminPassword:
222 description: Password for heat_domain_admin user.
226 HeatAuthEncryptionKey:
227 description: Auth encryption key for heat-engine
232 description: A list of IP/Hostname allowed to connect to horizon
233 type: comma_delimited_list
235 description: Secret key for Django
240 default: overcloud-control
242 - custom_constraint: glance.image
244 default: 'REBUILD_PRESERVE_EPHEMERAL'
245 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
249 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
252 - custom_constraint: nova.keypair
253 KeystoneCACertificate:
255 description: Keystone self-signed certificate authority certificate.
257 KeystoneSigningCertificate:
259 description: Keystone certificate for verifying token validity.
263 description: Keystone key for signing tokens.
266 KeystoneSSLCertificate:
268 description: Keystone certificate for verifying token validity.
270 KeystoneSSLCertificateKey:
272 description: Keystone key for signing tokens.
275 KeystoneNotificationDriver:
276 description: Comma-separated list of Oslo notification drivers used by Keystone
277 default: ['messaging']
278 type: comma_delimited_list
279 KeystoneNotificationFormat:
280 description: The Keystone notification format
284 - allowed_values: [ 'basic', 'cadf' ]
288 description: Keystone region for endpoint
289 MysqlClusterUniquePart:
290 description: A unique identifier of the MySQL cluster the controller is in.
292 default: 'unset' # Has to be here because of the ignored empty value bug
293 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
295 # - length: {min: 4, max: 10}
296 MysqlInnodbBufferPoolSize:
298 Specifies the size of the buffer pool in megabytes. Setting to
299 zero should be interpreted as "no value" and will defer to the
304 description: Configures MySQL max_connections config setting
310 default: '' # Has to be here because of the ignored empty value bug
311 NeutronExternalNetworkBridge:
312 description: Name of bridge used for external network traffic.
315 NeutronBridgeMappings:
317 The OVS logical->physical bridge mappings to use. See the Neutron
318 documentation for details. Defaults to mapping br-ex - the external
319 bridge on hosts - to a physical name 'datacentre' which can be used
320 to create provider networks (and we use this for the default floating
321 network) - if changing this either use different post-install network
322 scripts or be sure to keep 'datacentre' as a mapping network name.
324 default: "datacentre:br-ex"
325 NeutronDnsmasqOptions:
326 default: 'dhcp-option-force=26,1400'
327 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
331 description: Agent mode for the neutron-l3-agent on the controller hosts
335 description: Whether to enable l3-agent HA
337 NeutronDhcpAgentsPerNetwork:
340 description: The number of neutron dhcp agents to schedule per network
343 description: Whether to configure Neutron Distributed Virtual Routers
345 NeutronMetadataProxySharedSecret:
347 description: Shared secret to prevent spoofing
353 The core plugin for Neutron. The value should be the entrypoint to be loaded
354 from neutron.core_plugins namespace.
356 NeutronServicePlugins:
359 Comma-separated list of service plugin entrypoints to be loaded from the
360 neutron.service_plugins namespace.
361 type: comma_delimited_list
363 default: "vxlan,vlan,flat,gre"
365 Comma-separated list of network type driver entrypoints to be loaded.
366 type: comma_delimited_list
367 NeutronMechanismDrivers:
368 default: 'openvswitch'
370 The mechanism drivers for the Neutron tenant network. To specify multiple
371 values, use a comma separated string, like so: 'openvswitch,l2_population'
373 NeutronAllowL3AgentFailover:
375 description: Allow automatic l3-agent failover
377 NeutronEnableTunnelling:
382 default: 'datacentre'
383 description: If set, flat networks to configure in neutron plugins.
386 description: Whether to enable l3-agent HA
390 description: The tenant network type for Neutron, either gre or vxlan.
392 NeutronNetworkVLANRanges:
393 default: 'datacentre'
395 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
396 Neutron documentation for permitted values. Defaults to permitting any
397 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
398 type: comma_delimited_list
401 description: The password for the neutron service and db account, used by neutron agents.
404 NeutronPublicInterface:
406 description: What interface to bridge onto br-ex for network nodes.
408 NeutronPublicInterfaceTag:
411 VLAN tag for creating a public VLAN. The tag will be used to
412 create an access port on the exterior bridge for each control plane node,
413 and that port will be given the IP address returned by neutron from the
414 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
415 overcloud.yaml to include the deployment of VLAN ports to the control
418 NeutronPublicInterfaceDefaultRoute:
420 description: A custom default route for the NeutronPublicInterface.
422 NeutronPublicInterfaceIP:
424 description: A custom IP address to put onto the NeutronPublicInterface.
426 NeutronPublicInterfaceRawDevice:
428 description: If set, the public interface is a vlan with this device as the raw device.
433 The tunnel types for the Neutron tenant network. To specify multiple
434 values, use a comma separated string, like so: 'gre,vxlan'
436 NeutronTunnelIdRanges:
438 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
439 of GRE tunnel IDs that are available for tenant network allocation
440 default: ["1:1000", ]
441 type: comma_delimited_list
444 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
445 of VXLAN VNI IDs that are available for tenant network allocation
446 default: ["1:1000", ]
447 type: comma_delimited_list
453 description: The password for the nova service and db account, used by nova-api.
458 description: Should MongoDb journaling be disabled
465 description: The password for the 'pcsd' user.
467 PublicVirtualInterface:
470 Specifies the interface where the public-facing virtual ip will be assigned.
471 This should be int_public when a VLAN is being used.
475 default: '' # Has to be here because of the ignored empty value bug
478 default: '' # Has to be here because of the ignored empty value bug
482 description: The password for RabbitMQ
487 description: The username for RabbitMQ
492 Rabbit client subscriber parameter to specify
493 an SSL connection to the RabbitMQ host.
497 description: Set rabbit subscriber port, change this if using SSL
501 description: Configures RabbitMQ FD limit
505 default: '' # Has to be here because of the ignored empty value bug
506 SnmpdReadonlyUserName:
507 default: ro_snmp_user
508 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
510 SnmpdReadonlyUserPassword:
512 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
517 description: If set, the contents of an SSL certificate authority file.
521 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
526 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
531 description: A random string to be used as a salt when hashing to determine mappings
537 description: Value of mount_check in Swift account/container/object -server.conf
542 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
545 description: Partition Power to use when building Swift rings
549 description: The password for the swift service account, used by the swift proxy
559 description: How many replicas to use in the swift rings.
560 VirtualIP: # DEPRECATED: use per service settings instead
562 default: '' # Has to be here because of the ignored empty value bug
569 GlanceRegistryVirtualIP:
575 KeystoneAdminApiVirtualIP:
578 KeystonePublicApiVirtualIP:
584 EnablePackageInstall:
586 description: Set to true to enable package installation via Puppet
590 description: Mapping of service_name -> network name. Typically set
591 via parameter_defaults in the resource registry.
597 Setting to a previously unused value during stack-update will trigger
598 package update on all nodes
601 default: '' # Defaults to Heat created hostname
606 type: OS::Nova::Server
608 image: {get_param: Image}
609 image_update_policy: {get_param: ImageUpdatePolicy}
610 flavor: {get_param: Flavor}
611 key_name: {get_param: KeyName}
614 user_data_format: SOFTWARE_CONFIG
615 user_data: {get_resource: UserData}
616 name: {get_param: Hostname}
618 # Combine the NodeAdminUserData and NodeUserData mime archives
620 type: OS::Heat::MultipartMime
623 - config: {get_resource: NodeAdminUserData}
625 - config: {get_resource: NodeUserData}
628 # Creates the "heat-admin" user if configured via the environment
629 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
631 type: OS::TripleO::NodeAdminUserData
633 # For optional operator additional userdata
634 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
636 type: OS::TripleO::NodeUserData
639 type: OS::TripleO::Controller::Ports::ExternalPort
641 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
644 type: OS::TripleO::Controller::Ports::InternalApiPort
646 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
649 type: OS::TripleO::Controller::Ports::StoragePort
651 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
654 type: OS::TripleO::Controller::Ports::StorageMgmtPort
656 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
659 type: OS::TripleO::Controller::Ports::TenantPort
661 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
664 type: OS::TripleO::Network::Ports::NetIpMap
666 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
667 ExternalIp: {get_attr: [ExternalPort, ip_address]}
668 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
669 StorageIp: {get_attr: [StoragePort, ip_address]}
670 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
671 TenantIp: {get_attr: [TenantPort, ip_address]}
674 type: OS::TripleO::Network::Ports::NetIpSubnetMap
676 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
677 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
678 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
679 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
680 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
681 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
684 type: OS::TripleO::Controller::Net::SoftwareConfig
686 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
687 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
688 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
689 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
690 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
691 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
694 type: OS::TripleO::SoftwareDeployment
696 config: {get_resource: NetworkConfig}
697 server: {get_resource: Controller}
700 interface_name: {get_param: NeutronPublicInterface}
702 ControllerDeployment:
703 type: OS::TripleO::SoftwareDeployment
704 depends_on: NetworkDeployment
706 config: {get_resource: ControllerConfig}
707 server: {get_resource: Controller}
709 bootstack_nodeid: {get_attr: [Controller, name]}
710 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
711 haproxy_log_address: {get_param: HAProxySyslogAddress}
712 heat.watch_server_url:
716 - {get_param: HeatApiVirtualIP}
718 heat.metadata_server_url:
722 - {get_param: HeatApiVirtualIP}
724 heat.waitcondition_server_url:
728 - {get_param: HeatApiVirtualIP}
729 - ':8000/v1/waitcondition'
730 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
731 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
732 horizon_secret: {get_param: HorizonSecret}
733 admin_email: {get_param: AdminEmail}
734 admin_password: {get_param: AdminPassword}
735 admin_token: {get_param: AdminToken}
736 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
737 debug: {get_param: Debug}
738 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
739 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
740 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
743 template: "['SERVERS']"
748 - {get_param: CinderNfsServers}
749 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
750 cinder_password: {get_param: CinderPassword}
751 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
752 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
753 cinder_backend_config: {get_param: CinderBackendConfig}
757 - - 'mysql://cinder:'
758 - {get_param: CinderPassword}
760 - {get_param: MysqlVirtualIP}
762 glance_port: {get_param: GlancePort}
763 glance_password: {get_param: GlancePassword}
764 glance_backend: {get_param: GlanceBackend}
765 glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
766 glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
767 glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
768 glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
769 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
770 glance_log_file: {get_param: GlanceLogFile}
774 - - 'mysql://glance:'
775 - {get_param: GlancePassword}
777 - {get_param: MysqlVirtualIP}
779 heat_password: {get_param: HeatPassword}
780 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
785 - {get_param: HeatPassword}
787 - {get_param: MysqlVirtualIP}
789 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
790 keystone_ca_certificate: {get_param: KeystoneCACertificate}
791 keystone_signing_key: {get_param: KeystoneSigningKey}
792 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
793 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
794 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
795 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
796 keystone_notification_format: {get_param: KeystoneNotificationFormat}
800 - - 'mysql://keystone:'
801 - {get_param: AdminToken}
803 - {get_param: MysqlVirtualIP}
805 keystone_identity_uri:
809 - {get_param: KeystoneAdminApiVirtualIP}
815 - {get_param: KeystonePublicApiVirtualIP}
821 - {get_param: PublicVirtualIP}
823 keystone_internal_url:
827 - {get_param: KeystonePublicApiVirtualIP}
833 - {get_param: KeystonePublicApiVirtualIP}
834 - ':5000/v2.0/ec2tokens'
835 enable_fencing: {get_param: EnableFencing}
836 enable_galera: {get_param: EnableGalera}
837 enable_ceph_storage: {get_param: EnableCephStorage}
838 enable_swift_storage: {get_param: EnableSwiftStorage}
839 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
840 mysql_max_connections: {get_param: MysqlMaxConnections}
841 mysql_root_password: {get_param: MysqlRootPassword}
844 template: tripleo-CLUSTER
846 CLUSTER: {get_param: MysqlClusterUniquePart}
847 neutron_flat_networks: {get_param: NeutronFlatNetworks}
848 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
849 neutron_agent_mode: {get_param: NeutronAgentMode}
850 neutron_router_distributed: {get_param: NeutronDVR}
851 neutron_core_plugin: {get_param: NeutronCorePlugin}
852 neutron_service_plugins:
854 template: "['PLUGINS']"
859 - {get_param: NeutronServicePlugins}
860 neutron_type_drivers:
862 template: "['DRIVERS']"
867 - {get_param: NeutronTypeDrivers}
868 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
869 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
870 neutron_l3_ha: {get_param: NeutronL3HA}
871 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
872 neutron_network_vlan_ranges:
874 template: "['RANGES']"
879 - {get_param: NeutronNetworkVLANRanges}
880 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
881 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
882 neutron_public_interface: {get_param: NeutronPublicInterface}
883 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
884 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
885 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
886 neutron_tenant_network_type: {get_param: NeutronNetworkType}
887 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
888 neutron_tunnel_id_ranges:
890 template: "['RANGES']"
895 - {get_param: NeutronTunnelIdRanges}
898 template: "['RANGES']"
903 - {get_param: NeutronVniRanges}
904 neutron_password: {get_param: NeutronPassword}
905 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
909 - - 'mysql://neutron:'
910 - {get_param: NeutronPassword}
912 - {get_param: MysqlVirtualIP}
913 - '/ovs_neutron?charset=utf8'
918 - {get_param: NeutronApiVirtualIP}
920 neutron_admin_auth_url:
924 - {get_param: KeystoneAdminApiVirtualIP}
926 ceilometer_backend: {get_param: CeilometerBackend}
927 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
928 ceilometer_password: {get_param: CeilometerPassword}
929 ceilometer_coordination_url:
933 - {get_param: RedisVirtualIP}
938 - - 'mysql://ceilometer:'
939 - {get_param: CeilometerPassword}
941 - {get_param: MysqlVirtualIP}
943 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
944 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
945 nova_password: {get_param: NovaPassword}
950 - {get_param: NovaPassword}
952 - {get_param: MysqlVirtualIP}
954 fencing_config: {get_param: FencingConfig}
955 pcsd_password: {get_param: PcsdPassword}
956 rabbit_username: {get_param: RabbitUserName}
957 rabbit_password: {get_param: RabbitPassword}
958 rabbit_cookie: {get_param: RabbitCookie}
959 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
960 rabbit_client_port: {get_param: RabbitClientPort}
961 mongodb_no_journal: {get_param: MongoDbNoJournal}
962 # We need to force this into quotes or hiera will return integer causing
963 # the puppet module validation regexp to fail.
964 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
969 LIMIT: {get_param: RabbitFDLimit}
972 template: '["server"]'
974 server: {get_param: NtpServer}
975 control_virtual_interface: {get_param: ControlVirtualInterface}
976 public_virtual_interface: {get_param: PublicVirtualInterface}
977 swift_hash_suffix: {get_param: SwiftHashSuffix}
978 swift_password: {get_param: SwiftPassword}
979 swift_part_power: {get_param: SwiftPartPower}
980 swift_replicas: {get_param: SwiftReplicas}
981 swift_min_part_hours: {get_param: SwiftMinPartHours}
982 swift_mount_check: {get_param: SwiftMountCheck}
983 enable_package_install: {get_param: EnablePackageInstall}
984 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
985 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
986 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
987 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
988 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
989 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
990 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
994 - - {get_param: GlanceProtocol}
996 - {get_param: GlanceApiVirtualIP}
998 - {get_param: GlancePort}
999 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
1000 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
1001 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
1002 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
1003 keystone_region: {get_param: KeystoneRegion}
1004 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
1005 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
1006 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
1007 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
1008 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
1009 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
1010 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
1011 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
1012 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
1013 redis_vip: {get_param: RedisVirtualIP}
1014 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1015 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
1016 mysql_virtual_ip: {get_param: MysqlVirtualIP}
1017 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
1018 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1019 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1021 # Map heat metadata into hiera datafiles
1023 type: OS::Heat::StructuredConfig
1025 group: os-apply-config
1030 - heat_config_%{::deploy_config_name}
1031 - controller_extraconfig
1036 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
1037 - ceph_cluster # provided by CephClusterConfig
1039 - bootstrap_node # provided by BootstrapNodeConfig
1040 - all_nodes # provided by allNodesConfig
1041 - vip_data # provided by vip-config
1044 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
1045 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
1046 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
1047 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
1049 controller_extraconfig:
1050 mapped_data: {get_param: ControllerExtraConfig}
1052 mapped_data: {get_param: ExtraConfig}
1054 raw_data: {get_file: hieradata/common.yaml}
1056 raw_data: {get_file: hieradata/ceph.yaml}
1058 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1059 ceph::profile::params::public_network: {get_input: ceph_public_network}
1060 ceph::mon::public_addr: {get_input: ceph_public_ip}
1062 raw_data: {get_file: hieradata/database.yaml}
1064 raw_data: {get_file: hieradata/object.yaml}
1066 raw_data: {get_file: hieradata/controller.yaml}
1067 mapped_data: # data supplied directly to this deployment configuration, etc
1068 bootstack_nodeid: {get_input: bootstack_nodeid}
1071 enable_fencing: {get_input: enable_fencing}
1072 hacluster_pwd: {get_input: pcsd_password}
1073 tripleo::fencing::config: {get_input: fencing_config}
1076 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1077 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1078 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1079 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1080 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1081 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1082 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1083 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1084 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1085 swift_mount_check: {get_input: swift_mount_check}
1087 # NOTE(dprince): build_ring support is currently not wired in.
1088 # See: https://review.openstack.org/#/c/109225/
1089 tripleo::ringbuilder::build_ring: True
1092 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1093 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1094 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1095 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1096 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1097 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1098 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1099 cinder::database_connection: {get_input: cinder_dsn}
1100 cinder::api::keystone_password: {get_input: cinder_password}
1101 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1102 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1103 cinder::api::bind_host: {get_input: cinder_api_network}
1104 cinder::rabbit_userid: {get_input: rabbit_username}
1105 cinder::rabbit_password: {get_input: rabbit_password}
1106 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1107 cinder::rabbit_port: {get_input: rabbit_client_port}
1108 cinder::debug: {get_input: debug}
1109 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1110 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1111 cinder_backend_config: {get_input: CinderBackendConfig}
1112 cinder::db::mysql::password: {get_input: cinder_password}
1115 glance::api::bind_port: {get_input: glance_port}
1116 glance::api::bind_host: {get_input: glance_api_network}
1117 glance::api::auth_uri: {get_input: keystone_auth_uri}
1118 glance::api::identity_uri: {get_input: keystone_identity_uri}
1119 glance::api::registry_host: {get_input: glance_registry_host}
1120 glance::api::keystone_password: {get_input: glance_password}
1121 glance::api::debug: {get_input: debug}
1122 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1123 glance_log_file: {get_input: glance_log_file}
1124 glance_log_file: {get_input: glance_log_file}
1125 glance::api::database_connection: {get_input: glance_dsn}
1126 glance::registry::keystone_password: {get_input: glance_password}
1127 glance::registry::database_connection: {get_input: glance_dsn}
1128 glance::registry::bind_host: {get_input: glance_registry_network}
1129 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1130 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1131 glance::registry::debug: {get_input: debug}
1132 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1133 glance::backend::swift::swift_store_user: service:glance
1134 glance::backend::swift::swift_store_key: {get_input: glance_password}
1135 glance_backend: {get_input: glance_backend}
1136 glance::db::mysql::password: {get_input: glance_password}
1137 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
1138 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
1139 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
1140 glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
1143 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1144 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1145 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1146 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1147 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1148 heat::rabbit_userid: {get_input: rabbit_username}
1149 heat::rabbit_password: {get_input: rabbit_password}
1150 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1151 heat::rabbit_port: {get_input: rabbit_client_port}
1152 heat::auth_uri: {get_input: keystone_auth_uri}
1153 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1154 heat::identity_uri: {get_input: keystone_identity_uri}
1155 heat::keystone_password: {get_input: heat_password}
1156 heat::api::bind_host: {get_input: heat_api_network}
1157 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1158 heat::api_cfn::bind_host: {get_input: heat_api_network}
1159 heat::database_connection: {get_input: heat_dsn}
1160 heat::debug: {get_input: debug}
1161 heat::db::mysql::password: {get_input: heat_password}
1164 keystone::admin_token: {get_input: admin_token}
1165 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1166 keystone_signing_key: {get_input: keystone_signing_key}
1167 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1168 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1169 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1170 keystone::database_connection: {get_input: keystone_dsn}
1171 keystone::public_bind_host: {get_input: keystone_public_api_network}
1172 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1173 keystone::debug: {get_input: debug}
1174 keystone::db::mysql::password: {get_input: admin_token}
1175 keystone::rabbit_userid: {get_input: rabbit_username}
1176 keystone::rabbit_password: {get_input: rabbit_password}
1177 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1178 keystone::rabbit_port: {get_input: rabbit_client_port}
1179 keystone::notification_driver: {get_input: keystone_notification_driver}
1180 keystone::notification_format: {get_input: keystone_notification_format}
1181 keystone::roles::admin::email: {get_input: admin_email}
1182 keystone::roles::admin::password: {get_input: admin_password}
1183 keystone::endpoint::public_url: {get_input: keystone_public_url}
1184 keystone::endpoint::internal_url: {get_input: keystone_internal_url}
1185 keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
1186 keystone::endpoint::region: {get_input: keystone_region}
1188 mongodb::server::bind_ip: {get_input: mongo_db_network}
1189 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1191 admin_password: {get_input: admin_password}
1192 enable_galera: {get_input: enable_galera}
1193 enable_ceph_storage: {get_input: enable_ceph_storage}
1194 enable_swift_storage: {get_input: enable_swift_storage}
1195 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1196 mysql_max_connections: {get_input: mysql_max_connections}
1197 mysql::server::root_password: {get_input: mysql_root_password}
1198 mysql_cluster_name: {get_input: mysql_cluster_name}
1199 mysql_bind_host: {get_input: mysql_network}
1200 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1203 neutron::bind_host: {get_input: neutron_api_network}
1204 neutron::rabbit_password: {get_input: rabbit_password}
1205 neutron::rabbit_user: {get_input: rabbit_user}
1206 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1207 neutron::rabbit_port: {get_input: rabbit_client_port}
1208 neutron::debug: {get_input: debug}
1209 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1210 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1211 neutron::server::database_connection: {get_input: neutron_dsn}
1212 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1213 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1214 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1215 neutron_flat_networks: {get_input: neutron_flat_networks}
1216 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1217 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1218 neutron_agent_mode: {get_input: neutron_agent_mode}
1219 neutron_router_distributed: {get_input: neutron_router_distributed}
1220 neutron::core_plugin: {get_input: neutron_core_plugin}
1221 neutron::service_plugins: {get_input: neutron_service_plugins}
1222 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1223 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1224 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1225 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1226 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1227 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1228 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1229 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1230 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1231 neutron_public_interface: {get_input: neutron_public_interface}
1232 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1233 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1234 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1235 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1236 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1237 neutron::server::auth_password: {get_input: neutron_password}
1238 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1239 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1240 neutron_dsn: {get_input: neutron_dsn}
1241 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1242 neutron::db::mysql::password: {get_input: neutron_password}
1245 ceilometer_backend: {get_input: ceilometer_backend}
1246 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1247 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1248 ceilometer::rabbit_userid: {get_input: rabbit_username}
1249 ceilometer::rabbit_password: {get_input: rabbit_password}
1250 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1251 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1252 ceilometer::debug: {get_input: debug}
1253 ceilometer::api::host: {get_input: ceilometer_api_network}
1254 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1255 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1256 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1257 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1258 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1259 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1260 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1261 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1262 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1265 nova::rabbit_userid: {get_input: rabbit_username}
1266 nova::rabbit_password: {get_input: rabbit_password}
1267 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1268 nova::rabbit_port: {get_input: rabbit_client_port}
1269 nova::debug: {get_input: debug}
1270 nova::api::auth_uri: {get_input: keystone_auth_uri}
1271 nova::api::identity_uri: {get_input: keystone_identity_uri}
1272 nova::api::api_bind_address: {get_input: nova_api_network}
1273 nova::api::metadata_listen: {get_input: nova_metadata_network}
1274 nova::api::admin_password: {get_input: nova_password}
1275 nova::database_connection: {get_input: nova_dsn}
1276 nova::glance_api_servers: {get_input: glance_api_servers}
1277 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1278 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1279 nova::network::neutron::neutron_url: {get_input: neutron_url}
1280 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1281 nova::vncproxy::host: {get_input: nova_api_network}
1282 nova::db::mysql::password: {get_input: nova_password}
1285 apache::ip: {get_input: horizon_network}
1286 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1287 horizon::django_debug: {get_input: debug}
1288 horizon::secret_key: {get_input: horizon_secret}
1289 horizon::bind_address: {get_input: horizon_network}
1290 horizon::keystone_url: {get_input: keystone_auth_uri}
1293 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1294 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1295 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1297 redis::bind: {get_input: redis_network}
1298 redis_vip: {get_input: redis_vip}
1300 memcached::listen_ip: {get_input: memcached_network}
1301 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1302 ntp::servers: {get_input: ntp_servers}
1303 control_virtual_interface: {get_input: control_virtual_interface}
1304 public_virtual_interface: {get_input: public_virtual_interface}
1305 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1306 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1307 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1308 tripleo::packages::enable_install: {get_input: enable_package_install}
1309 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1311 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1312 ControllerExtraConfigPre:
1313 depends_on: ControllerDeployment
1314 type: OS::TripleO::ControllerExtraConfigPre
1316 server: {get_resource: Controller}
1318 # Hook for site-specific additional pre-deployment config,
1319 # applying to all nodes, e.g node registration/unregistration
1321 depends_on: ControllerExtraConfigPre
1322 type: OS::TripleO::NodeExtraConfig
1324 server: {get_resource: Controller}
1327 type: OS::TripleO::Tasks::PackageUpdate
1330 type: OS::Heat::SoftwareDeployment
1332 config: {get_resource: UpdateConfig}
1333 server: {get_resource: Controller}
1336 get_param: UpdateIdentifier
1340 description: IP address of the server in the ctlplane network
1341 value: {get_attr: [Controller, networks, ctlplane, 0]}
1342 external_ip_address:
1343 description: IP address of the server in the external network
1344 value: {get_attr: [ExternalPort, ip_address]}
1345 internal_api_ip_address:
1346 description: IP address of the server in the internal_api network
1347 value: {get_attr: [InternalApiPort, ip_address]}
1349 description: IP address of the server in the storage network
1350 value: {get_attr: [StoragePort, ip_address]}
1351 storage_mgmt_ip_address:
1352 description: IP address of the server in the storage_mgmt network
1353 value: {get_attr: [StorageMgmtPort, ip_address]}
1355 description: IP address of the server in the tenant network
1356 value: {get_attr: [TenantPort, ip_address]}
1358 description: Hostname of the server
1359 value: {get_attr: [Controller, name]}
1362 Node object in the format {ip: ..., name: ...} format that the corosync
1365 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1366 name: {get_attr: [Controller, name]}
1369 Server's IP address and hostname in the /etc/hosts format
1372 template: IP HOST.localdomain HOST CLOUDNAME
1374 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1375 HOST: {get_attr: [Controller, name]}
1376 CLOUDNAME: {get_param: CloudName}
1377 nova_server_resource:
1378 description: Heat resource handle for the Nova compute server
1380 {get_resource: Controller}
1382 description: Swift device formatted for swift-ring-builder
1385 template: 'r1z1-IP:%PORT%/d1'
1387 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1388 swift_proxy_memcache:
1389 description: Swift proxy-memcache value
1392 template: "IP:11211"
1394 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1396 description: identifier which changes if the controller configuration may need re-applying
1400 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1401 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1402 - {get_param: UpdateIdentifier}