1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
8 default: 'admin@example.com'
9 description: The email for the keystone admin account.
14 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
19 description: The keystone auth secret and db password.
22 CeilometerApiVirtualIP:
27 description: The ceilometer backend type.
29 CeilometerMeteringSecret:
31 description: Secret shared by the ceilometer services.
36 description: The password for the ceilometer service and db account.
42 CinderEnableNfsBackend:
44 description: Whether to enable or not the NFS backend for Cinder
46 CinderEnableIscsiBackend:
48 description: Whether to enable or not the Iscsi backend for Cinder
50 CinderEnableRbdBackend:
52 description: Whether to enable or not the Rbd backend for Cinder
56 description: The iSCSI helper to use with cinder.
58 CinderLVMLoopDeviceSize:
60 description: The size of the loopback file used by the cinder LVM driver.
62 CinderNfsMountOptions:
65 Mount options for NFS mounts used by Cinder NFS backend. Effective
66 when CinderEnableNfsBackend is true.
71 NFS servers used by Cinder NFS backend. Effective when
72 CinderEnableNfsBackend is true.
73 type: comma_delimited_list
76 description: The password for the cinder service and db account, used by cinder-api.
81 description: Contains parameters to configure Cinder backends. Typically
82 set via parameter_defaults in the resource registry.
86 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
88 ControllerExtraConfig:
91 Controller specific hiera configuration data to inject into the cluster.
93 ControlVirtualInterface:
95 description: Interface where virtual ip will be assigned.
99 description: Set to True to enable debugging on all services.
103 description: Whether to enable fencing in Pacemaker or not.
107 description: Whether to use Galera instead of regular MariaDB.
111 description: Whether to deploy Ceph Storage (OSD) on the Controller
115 description: Whether to enable Swift Storage on the Controller
120 Additional hieradata to inject into the cluster, note that
121 ControllerExtraConfig takes precedence over ExtraConfig.
126 Pacemaker fencing configuration. The JSON should have
127 the following structure:
131 "agent": "AGENT_NAME",
132 "host_mac": "HOST_MAC_ADDRESS",
133 "params": {"PARAM_NAME": "PARAM_VALUE"}
141 "agent": "fence_xvm",
142 "host_mac": "52:54:00:aa:bb:cc",
144 "multicast_address": "225.0.0.12",
145 "port": "baremetal_0",
147 "manage_key_file": true,
148 "key_file": "/etc/fence_xvm.key",
149 "key_file_password": "abcdef"
156 description: Flavor for control nodes to request when deploying.
159 - custom_constraint: nova.flavor
160 GlanceNotifierStrategy:
161 description: Strategy to use for Glance notification queue
165 description: The filepath of the file to use for logging messages from Glance.
170 description: The password for the glance service and db account, used by the glance services.
175 description: The short name of the Glance backend to use. Should be one
176 of swift, rbd, or file
179 - allowed_values: ['swift', 'file', 'rbd']
180 GlanceFilePcmkDevice:
183 An exported storage device that should be mounted by Pacemaker
184 as Glance storage. Effective when GlanceFilePcmkManage is true.
186 GlanceFilePcmkFstype:
189 Filesystem type for Pacemaker mount used as Glance storage.
190 Effective when GlanceFilePcmkManage is true.
192 GlanceFilePcmkManage:
195 Whether to make Glance file backend a mount managed by Pacemaker.
196 Effective when GlanceBackend is 'file'.
198 GlanceFilePcmkOptions:
201 Mount options for Pacemaker mount used as Glance storage.
202 Effective when GlanceFilePcmkManage is true.
204 HAProxySyslogAddress:
206 description: Syslog address where HAproxy will send its log
210 description: The password for the Heat service and db account, used by the Heat services.
213 HeatStackDomainAdminPassword:
214 description: Password for heat_domain_admin user.
218 HeatAuthEncryptionKey:
219 description: Auth encryption key for heat-engine
224 description: A list of IP/Hostname allowed to connect to horizon
225 type: comma_delimited_list
227 description: Secret key for Django
232 default: overcloud-control
234 - custom_constraint: glance.image
236 default: 'REBUILD_PRESERVE_EPHEMERAL'
237 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
241 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
244 - custom_constraint: nova.keypair
245 KeystoneCACertificate:
247 description: Keystone self-signed certificate authority certificate.
249 KeystoneSigningCertificate:
251 description: Keystone certificate for verifying token validity.
255 description: Keystone key for signing tokens.
258 KeystoneSSLCertificate:
260 description: Keystone certificate for verifying token validity.
262 KeystoneSSLCertificateKey:
264 description: Keystone key for signing tokens.
267 KeystoneNotificationDriver:
268 description: Comma-separated list of Oslo notification drivers used by Keystone
269 default: ['messaging']
270 type: comma_delimited_list
271 KeystoneNotificationFormat:
272 description: The Keystone notification format
276 - allowed_values: [ 'basic', 'cadf' ]
280 description: Keystone region for endpoint
281 MysqlClusterUniquePart:
282 description: A unique identifier of the MySQL cluster the controller is in.
284 default: 'unset' # Has to be here because of the ignored empty value bug
285 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
287 # - length: {min: 4, max: 10}
288 MysqlInnodbBufferPoolSize:
290 Specifies the size of the buffer pool in megabytes. Setting to
291 zero should be interpreted as "no value" and will defer to the
296 description: Configures MySQL max_connections config setting
302 default: '' # Has to be here because of the ignored empty value bug
303 NeutronExternalNetworkBridge:
304 description: Name of bridge used for external network traffic.
307 NeutronBridgeMappings:
309 The OVS logical->physical bridge mappings to use. See the Neutron
310 documentation for details. Defaults to mapping br-ex - the external
311 bridge on hosts - to a physical name 'datacentre' which can be used
312 to create provider networks (and we use this for the default floating
313 network) - if changing this either use different post-install network
314 scripts or be sure to keep 'datacentre' as a mapping network name.
316 default: "datacentre:br-ex"
317 NeutronDnsmasqOptions:
318 default: 'dhcp-option-force=26,1400'
319 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
323 description: Agent mode for the neutron-l3-agent on the controller hosts
327 description: Whether to enable l3-agent HA
329 NeutronDhcpAgentsPerNetwork:
332 description: The number of neutron dhcp agents to schedule per network
335 description: Whether to configure Neutron Distributed Virtual Routers
337 NeutronMetadataProxySharedSecret:
339 description: Shared secret to prevent spoofing
345 The core plugin for Neutron. The value should be the entrypoint to be loaded
346 from neutron.core_plugins namespace.
348 NeutronServicePlugins:
351 Comma-separated list of service plugin entrypoints to be loaded from the
352 neutron.service_plugins namespace.
353 type: comma_delimited_list
355 default: "vxlan,vlan,flat,gre"
357 Comma-separated list of network type driver entrypoints to be loaded.
358 type: comma_delimited_list
359 NeutronMechanismDrivers:
360 default: 'openvswitch'
362 The mechanism drivers for the Neutron tenant network. To specify multiple
363 values, use a comma separated string, like so: 'openvswitch,l2_population'
365 NeutronAllowL3AgentFailover:
367 description: Allow automatic l3-agent failover
369 NeutronEnableTunnelling:
374 default: 'datacentre'
375 description: If set, flat networks to configure in neutron plugins.
378 description: Whether to enable l3-agent HA
382 description: The tenant network type for Neutron, either gre or vxlan.
384 NeutronNetworkVLANRanges:
385 default: 'datacentre'
387 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
388 Neutron documentation for permitted values. Defaults to permitting any
389 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
390 type: comma_delimited_list
393 description: The password for the neutron service and db account, used by neutron agents.
396 NeutronPublicInterface:
398 description: What interface to bridge onto br-ex for network nodes.
400 NeutronPublicInterfaceTag:
403 VLAN tag for creating a public VLAN. The tag will be used to
404 create an access port on the exterior bridge for each control plane node,
405 and that port will be given the IP address returned by neutron from the
406 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
407 overcloud.yaml to include the deployment of VLAN ports to the control
410 NeutronPublicInterfaceDefaultRoute:
412 description: A custom default route for the NeutronPublicInterface.
414 NeutronPublicInterfaceIP:
416 description: A custom IP address to put onto the NeutronPublicInterface.
418 NeutronPublicInterfaceRawDevice:
420 description: If set, the public interface is a vlan with this device as the raw device.
425 The tunnel types for the Neutron tenant network. To specify multiple
426 values, use a comma separated string, like so: 'gre,vxlan'
428 NeutronTunnelIdRanges:
430 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
431 of GRE tunnel IDs that are available for tenant network allocation
432 default: ["1:1000", ]
433 type: comma_delimited_list
436 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
437 of VXLAN VNI IDs that are available for tenant network allocation
438 default: ["1:1000", ]
439 type: comma_delimited_list
445 description: The password for the nova service and db account, used by nova-api.
450 description: Should MongoDb journaling be disabled
457 description: The password for the 'pcsd' user.
459 PublicVirtualInterface:
462 Specifies the interface where the public-facing virtual ip will be assigned.
463 This should be int_public when a VLAN is being used.
467 default: '' # Has to be here because of the ignored empty value bug
470 default: '' # Has to be here because of the ignored empty value bug
474 description: The password for RabbitMQ
479 description: The username for RabbitMQ
484 Rabbit client subscriber parameter to specify
485 an SSL connection to the RabbitMQ host.
489 description: Set rabbit subscriber port, change this if using SSL
493 description: Configures RabbitMQ FD limit
497 default: '' # Has to be here because of the ignored empty value bug
498 SnmpdReadonlyUserName:
499 default: ro_snmp_user
500 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
502 SnmpdReadonlyUserPassword:
504 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
509 description: If set, the contents of an SSL certificate authority file.
513 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
518 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
523 description: A random string to be used as a salt when hashing to determine mappings
529 description: Value of mount_check in Swift account/container/object -server.conf
534 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
537 description: Partition Power to use when building Swift rings
541 description: The password for the swift service account, used by the swift proxy
551 description: How many replicas to use in the swift rings.
552 VirtualIP: # DEPRECATED: use per service settings instead
554 default: '' # Has to be here because of the ignored empty value bug
561 GlanceRegistryVirtualIP:
567 KeystoneAdminApiVirtualIP:
570 KeystonePublicApiVirtualIP:
576 EnablePackageInstall:
578 description: Set to true to enable package installation via Puppet
582 description: Mapping of service_name -> network name. Typically set
583 via parameter_defaults in the resource registry.
587 description: Mapping of service endpoint -> protocol. Typically set
588 via parameter_defaults in the resource registry.
594 Setting to a previously unused value during stack-update will trigger
595 package update on all nodes
598 default: '' # Defaults to Heat created hostname
603 type: OS::Nova::Server
605 image: {get_param: Image}
606 image_update_policy: {get_param: ImageUpdatePolicy}
607 flavor: {get_param: Flavor}
608 key_name: {get_param: KeyName}
611 user_data_format: SOFTWARE_CONFIG
612 user_data: {get_resource: UserData}
613 name: {get_param: Hostname}
615 # Combine the NodeAdminUserData and NodeUserData mime archives
617 type: OS::Heat::MultipartMime
620 - config: {get_resource: NodeAdminUserData}
622 - config: {get_resource: NodeUserData}
625 # Creates the "heat-admin" user if configured via the environment
626 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
628 type: OS::TripleO::NodeAdminUserData
630 # For optional operator additional userdata
631 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
633 type: OS::TripleO::NodeUserData
636 type: OS::TripleO::Controller::Ports::ExternalPort
638 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
641 type: OS::TripleO::Controller::Ports::InternalApiPort
643 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
646 type: OS::TripleO::Controller::Ports::StoragePort
648 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
651 type: OS::TripleO::Controller::Ports::StorageMgmtPort
653 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
656 type: OS::TripleO::Controller::Ports::TenantPort
658 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
661 type: OS::TripleO::Network::Ports::NetIpMap
663 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
664 ExternalIp: {get_attr: [ExternalPort, ip_address]}
665 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
666 StorageIp: {get_attr: [StoragePort, ip_address]}
667 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
668 TenantIp: {get_attr: [TenantPort, ip_address]}
671 type: OS::TripleO::Network::Ports::NetIpSubnetMap
673 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
674 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
675 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
676 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
677 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
678 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
681 type: OS::TripleO::Controller::Net::SoftwareConfig
683 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
684 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
685 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
686 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
687 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
688 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
691 type: OS::TripleO::SoftwareDeployment
693 config: {get_resource: NetworkConfig}
694 server: {get_resource: Controller}
697 interface_name: {get_param: NeutronPublicInterface}
699 ControllerDeployment:
700 type: OS::TripleO::SoftwareDeployment
701 depends_on: NetworkDeployment
703 config: {get_resource: ControllerConfig}
704 server: {get_resource: Controller}
706 bootstack_nodeid: {get_attr: [Controller, name]}
707 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
708 haproxy_log_address: {get_param: HAProxySyslogAddress}
709 heat.watch_server_url:
713 - {get_param: HeatApiVirtualIP}
715 heat.metadata_server_url:
719 - {get_param: HeatApiVirtualIP}
721 heat.waitcondition_server_url:
725 - {get_param: HeatApiVirtualIP}
726 - ':8000/v1/waitcondition'
727 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
728 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
729 horizon_secret: {get_param: HorizonSecret}
730 admin_email: {get_param: AdminEmail}
731 admin_password: {get_param: AdminPassword}
732 admin_token: {get_param: AdminToken}
733 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
734 debug: {get_param: Debug}
735 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
736 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
737 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
740 template: "['SERVERS']"
745 - {get_param: CinderNfsServers}
746 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
747 cinder_password: {get_param: CinderPassword}
748 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
749 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
750 cinder_backend_config: {get_param: CinderBackendConfig}
754 - - 'mysql://cinder:'
755 - {get_param: CinderPassword}
757 - {get_param: MysqlVirtualIP}
759 glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
760 glance_password: {get_param: GlancePassword}
761 glance_backend: {get_param: GlanceBackend}
762 glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
763 glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
764 glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
765 glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
766 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
767 glance_log_file: {get_param: GlanceLogFile}
771 - - 'mysql://glance:'
772 - {get_param: GlancePassword}
774 - {get_param: MysqlVirtualIP}
776 heat_password: {get_param: HeatPassword}
777 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
782 - {get_param: HeatPassword}
784 - {get_param: MysqlVirtualIP}
786 keystone_ca_certificate: {get_param: KeystoneCACertificate}
787 keystone_signing_key: {get_param: KeystoneSigningKey}
788 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
789 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
790 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
791 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
792 keystone_notification_format: {get_param: KeystoneNotificationFormat}
796 - - 'mysql://keystone:'
797 - {get_param: AdminToken}
799 - {get_param: MysqlVirtualIP}
801 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
802 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
803 keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
804 keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
805 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
806 enable_fencing: {get_param: EnableFencing}
807 enable_galera: {get_param: EnableGalera}
808 enable_ceph_storage: {get_param: EnableCephStorage}
809 enable_swift_storage: {get_param: EnableSwiftStorage}
810 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
811 mysql_max_connections: {get_param: MysqlMaxConnections}
812 mysql_root_password: {get_param: MysqlRootPassword}
815 template: tripleo-CLUSTER
817 CLUSTER: {get_param: MysqlClusterUniquePart}
818 neutron_flat_networks: {get_param: NeutronFlatNetworks}
819 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
820 neutron_agent_mode: {get_param: NeutronAgentMode}
821 neutron_router_distributed: {get_param: NeutronDVR}
822 neutron_core_plugin: {get_param: NeutronCorePlugin}
823 neutron_service_plugins:
825 template: "['PLUGINS']"
830 - {get_param: NeutronServicePlugins}
831 neutron_type_drivers:
833 template: "['DRIVERS']"
838 - {get_param: NeutronTypeDrivers}
839 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
840 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
841 neutron_l3_ha: {get_param: NeutronL3HA}
842 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
843 neutron_network_vlan_ranges:
845 template: "['RANGES']"
850 - {get_param: NeutronNetworkVLANRanges}
851 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
852 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
853 neutron_public_interface: {get_param: NeutronPublicInterface}
854 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
855 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
856 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
857 neutron_tenant_network_type: {get_param: NeutronNetworkType}
858 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
859 neutron_tunnel_id_ranges:
861 template: "['RANGES']"
866 - {get_param: NeutronTunnelIdRanges}
869 template: "['RANGES']"
874 - {get_param: NeutronVniRanges}
875 neutron_password: {get_param: NeutronPassword}
876 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
880 - - 'mysql://neutron:'
881 - {get_param: NeutronPassword}
883 - {get_param: MysqlVirtualIP}
884 - '/ovs_neutron?charset=utf8'
885 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
886 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
887 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
888 neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] }
889 ceilometer_backend: {get_param: CeilometerBackend}
890 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
891 ceilometer_password: {get_param: CeilometerPassword}
892 ceilometer_coordination_url:
896 - {get_param: RedisVirtualIP}
901 - - 'mysql://ceilometer:'
902 - {get_param: CeilometerPassword}
904 - {get_param: MysqlVirtualIP}
906 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
907 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
908 nova_password: {get_param: NovaPassword}
913 - {get_param: NovaPassword}
915 - {get_param: MysqlVirtualIP}
917 fencing_config: {get_param: FencingConfig}
918 pcsd_password: {get_param: PcsdPassword}
919 rabbit_username: {get_param: RabbitUserName}
920 rabbit_password: {get_param: RabbitPassword}
921 rabbit_cookie: {get_param: RabbitCookie}
922 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
923 rabbit_client_port: {get_param: RabbitClientPort}
924 mongodb_no_journal: {get_param: MongoDbNoJournal}
925 # We need to force this into quotes or hiera will return integer causing
926 # the puppet module validation regexp to fail.
927 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
932 LIMIT: {get_param: RabbitFDLimit}
935 template: '["server"]'
937 server: {get_param: NtpServer}
938 control_virtual_interface: {get_param: ControlVirtualInterface}
939 public_virtual_interface: {get_param: PublicVirtualInterface}
940 swift_hash_suffix: {get_param: SwiftHashSuffix}
941 swift_password: {get_param: SwiftPassword}
942 swift_part_power: {get_param: SwiftPartPower}
943 swift_replicas: {get_param: SwiftReplicas}
944 swift_min_part_hours: {get_param: SwiftMinPartHours}
945 swift_mount_check: {get_param: SwiftMountCheck}
946 enable_package_install: {get_param: EnablePackageInstall}
947 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
948 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
949 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
950 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
951 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
952 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
953 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
954 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
955 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
956 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
957 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
958 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
959 keystone_region: {get_param: KeystoneRegion}
960 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
961 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
962 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
963 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
964 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
965 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
966 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
967 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
968 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
969 redis_vip: {get_param: RedisVirtualIP}
970 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
971 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
972 mysql_virtual_ip: {get_param: MysqlVirtualIP}
973 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
974 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
975 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
977 # Map heat metadata into hiera datafiles
979 type: OS::Heat::StructuredConfig
981 group: os-apply-config
986 - heat_config_%{::deploy_config_name}
987 - controller_extraconfig
992 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
993 - ceph_cluster # provided by CephClusterConfig
995 - bootstrap_node # provided by BootstrapNodeConfig
996 - all_nodes # provided by allNodesConfig
997 - vip_data # provided by vip-config
1000 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
1001 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
1002 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
1003 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
1005 controller_extraconfig:
1006 mapped_data: {get_param: ControllerExtraConfig}
1008 mapped_data: {get_param: ExtraConfig}
1010 raw_data: {get_file: hieradata/common.yaml}
1012 raw_data: {get_file: hieradata/ceph.yaml}
1014 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1015 ceph::profile::params::public_network: {get_input: ceph_public_network}
1016 ceph::mon::public_addr: {get_input: ceph_public_ip}
1018 raw_data: {get_file: hieradata/database.yaml}
1020 raw_data: {get_file: hieradata/object.yaml}
1022 raw_data: {get_file: hieradata/controller.yaml}
1023 mapped_data: # data supplied directly to this deployment configuration, etc
1024 bootstack_nodeid: {get_input: bootstack_nodeid}
1027 enable_fencing: {get_input: enable_fencing}
1028 hacluster_pwd: {get_input: pcsd_password}
1029 tripleo::fencing::config: {get_input: fencing_config}
1032 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1033 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1034 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1035 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1036 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1037 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1038 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1039 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1040 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1041 swift_mount_check: {get_input: swift_mount_check}
1043 # NOTE(dprince): build_ring support is currently not wired in.
1044 # See: https://review.openstack.org/#/c/109225/
1045 tripleo::ringbuilder::build_ring: True
1048 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1049 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1050 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1051 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1052 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1053 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1054 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1055 cinder::database_connection: {get_input: cinder_dsn}
1056 cinder::api::keystone_password: {get_input: cinder_password}
1057 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1058 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1059 cinder::api::bind_host: {get_input: cinder_api_network}
1060 cinder::rabbit_userid: {get_input: rabbit_username}
1061 cinder::rabbit_password: {get_input: rabbit_password}
1062 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1063 cinder::rabbit_port: {get_input: rabbit_client_port}
1064 cinder::debug: {get_input: debug}
1065 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1066 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1067 cinder_backend_config: {get_input: CinderBackendConfig}
1068 cinder::db::mysql::password: {get_input: cinder_password}
1071 glance::api::bind_port: {get_input: glance_port}
1072 glance::api::bind_host: {get_input: glance_api_network}
1073 glance::api::auth_uri: {get_input: keystone_auth_uri}
1074 glance::api::identity_uri: {get_input: keystone_identity_uri}
1075 glance::api::registry_host: {get_input: glance_registry_host}
1076 glance::api::keystone_password: {get_input: glance_password}
1077 glance::api::debug: {get_input: debug}
1078 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1079 glance_log_file: {get_input: glance_log_file}
1080 glance_log_file: {get_input: glance_log_file}
1081 glance::api::database_connection: {get_input: glance_dsn}
1082 glance::registry::keystone_password: {get_input: glance_password}
1083 glance::registry::database_connection: {get_input: glance_dsn}
1084 glance::registry::bind_host: {get_input: glance_registry_network}
1085 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1086 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1087 glance::registry::debug: {get_input: debug}
1088 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
1089 glance::backend::swift::swift_store_user: service:glance
1090 glance::backend::swift::swift_store_key: {get_input: glance_password}
1091 glance_backend: {get_input: glance_backend}
1092 glance::db::mysql::password: {get_input: glance_password}
1093 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
1094 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
1095 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
1096 glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
1099 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1100 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1101 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1102 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1103 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1104 heat::rabbit_userid: {get_input: rabbit_username}
1105 heat::rabbit_password: {get_input: rabbit_password}
1106 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1107 heat::rabbit_port: {get_input: rabbit_client_port}
1108 heat::auth_uri: {get_input: keystone_auth_uri}
1109 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1110 heat::identity_uri: {get_input: keystone_identity_uri}
1111 heat::keystone_password: {get_input: heat_password}
1112 heat::api::bind_host: {get_input: heat_api_network}
1113 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1114 heat::api_cfn::bind_host: {get_input: heat_api_network}
1115 heat::database_connection: {get_input: heat_dsn}
1116 heat::debug: {get_input: debug}
1117 heat::db::mysql::password: {get_input: heat_password}
1120 keystone::admin_token: {get_input: admin_token}
1121 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1122 keystone_signing_key: {get_input: keystone_signing_key}
1123 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1124 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1125 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1126 keystone::database_connection: {get_input: keystone_dsn}
1127 keystone::public_bind_host: {get_input: keystone_public_api_network}
1128 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1129 keystone::debug: {get_input: debug}
1130 keystone::db::mysql::password: {get_input: admin_token}
1131 keystone::rabbit_userid: {get_input: rabbit_username}
1132 keystone::rabbit_password: {get_input: rabbit_password}
1133 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1134 keystone::rabbit_port: {get_input: rabbit_client_port}
1135 keystone::notification_driver: {get_input: keystone_notification_driver}
1136 keystone::notification_format: {get_input: keystone_notification_format}
1137 keystone::roles::admin::email: {get_input: admin_email}
1138 keystone::roles::admin::password: {get_input: admin_password}
1139 keystone::endpoint::public_url: {get_input: keystone_public_url}
1140 keystone::endpoint::internal_url: {get_input: keystone_internal_url}
1141 keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
1142 keystone::endpoint::region: {get_input: keystone_region}
1144 mongodb::server::bind_ip: {get_input: mongo_db_network}
1145 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1147 admin_password: {get_input: admin_password}
1148 enable_galera: {get_input: enable_galera}
1149 enable_ceph_storage: {get_input: enable_ceph_storage}
1150 enable_swift_storage: {get_input: enable_swift_storage}
1151 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1152 mysql_max_connections: {get_input: mysql_max_connections}
1153 mysql::server::root_password: {get_input: mysql_root_password}
1154 mysql_cluster_name: {get_input: mysql_cluster_name}
1155 mysql_bind_host: {get_input: mysql_network}
1156 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1159 neutron::bind_host: {get_input: neutron_api_network}
1160 neutron::rabbit_password: {get_input: rabbit_password}
1161 neutron::rabbit_user: {get_input: rabbit_user}
1162 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1163 neutron::rabbit_port: {get_input: rabbit_client_port}
1164 neutron::debug: {get_input: debug}
1165 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1166 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1167 neutron::server::database_connection: {get_input: neutron_dsn}
1168 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1169 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1170 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1171 neutron_flat_networks: {get_input: neutron_flat_networks}
1172 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1173 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1174 neutron_agent_mode: {get_input: neutron_agent_mode}
1175 neutron_router_distributed: {get_input: neutron_router_distributed}
1176 neutron::core_plugin: {get_input: neutron_core_plugin}
1177 neutron::service_plugins: {get_input: neutron_service_plugins}
1178 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1179 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1180 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1181 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1182 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1183 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1184 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1185 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1186 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1187 neutron_public_interface: {get_input: neutron_public_interface}
1188 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1189 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1190 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1191 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1192 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1193 neutron::server::auth_password: {get_input: neutron_password}
1194 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1195 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1196 neutron_dsn: {get_input: neutron_dsn}
1197 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1198 neutron::db::mysql::password: {get_input: neutron_password}
1201 ceilometer_backend: {get_input: ceilometer_backend}
1202 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1203 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1204 ceilometer::rabbit_userid: {get_input: rabbit_username}
1205 ceilometer::rabbit_password: {get_input: rabbit_password}
1206 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1207 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1208 ceilometer::debug: {get_input: debug}
1209 ceilometer::api::host: {get_input: ceilometer_api_network}
1210 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1211 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1212 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1213 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1214 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
1215 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1216 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1217 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1218 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1221 nova::rabbit_userid: {get_input: rabbit_username}
1222 nova::rabbit_password: {get_input: rabbit_password}
1223 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1224 nova::rabbit_port: {get_input: rabbit_client_port}
1225 nova::debug: {get_input: debug}
1226 nova::api::auth_uri: {get_input: keystone_auth_uri}
1227 nova::api::identity_uri: {get_input: keystone_identity_uri}
1228 nova::api::api_bind_address: {get_input: nova_api_network}
1229 nova::api::metadata_listen: {get_input: nova_metadata_network}
1230 nova::api::admin_password: {get_input: nova_password}
1231 nova::database_connection: {get_input: nova_dsn}
1232 nova::glance_api_servers: {get_input: glance_api_servers}
1233 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1234 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1235 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
1236 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1237 nova::vncproxy::host: {get_input: nova_api_network}
1238 nova::db::mysql::password: {get_input: nova_password}
1241 apache::ip: {get_input: horizon_network}
1242 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1243 horizon::django_debug: {get_input: debug}
1244 horizon::secret_key: {get_input: horizon_secret}
1245 horizon::bind_address: {get_input: horizon_network}
1246 horizon::keystone_url: {get_input: keystone_auth_uri}
1249 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1250 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1251 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1253 redis::bind: {get_input: redis_network}
1254 redis_vip: {get_input: redis_vip}
1256 memcached::listen_ip: {get_input: memcached_network}
1257 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1258 ntp::servers: {get_input: ntp_servers}
1259 control_virtual_interface: {get_input: control_virtual_interface}
1260 public_virtual_interface: {get_input: public_virtual_interface}
1261 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1262 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1263 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1264 tripleo::packages::enable_install: {get_input: enable_package_install}
1265 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1267 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1268 ControllerExtraConfigPre:
1269 depends_on: ControllerDeployment
1270 type: OS::TripleO::ControllerExtraConfigPre
1272 server: {get_resource: Controller}
1274 # Hook for site-specific additional pre-deployment config,
1275 # applying to all nodes, e.g node registration/unregistration
1277 depends_on: ControllerExtraConfigPre
1278 type: OS::TripleO::NodeExtraConfig
1280 server: {get_resource: Controller}
1283 type: OS::TripleO::Tasks::PackageUpdate
1286 type: OS::Heat::SoftwareDeployment
1288 config: {get_resource: UpdateConfig}
1289 server: {get_resource: Controller}
1292 get_param: UpdateIdentifier
1296 description: IP address of the server in the ctlplane network
1297 value: {get_attr: [Controller, networks, ctlplane, 0]}
1298 external_ip_address:
1299 description: IP address of the server in the external network
1300 value: {get_attr: [ExternalPort, ip_address]}
1301 internal_api_ip_address:
1302 description: IP address of the server in the internal_api network
1303 value: {get_attr: [InternalApiPort, ip_address]}
1305 description: IP address of the server in the storage network
1306 value: {get_attr: [StoragePort, ip_address]}
1307 storage_mgmt_ip_address:
1308 description: IP address of the server in the storage_mgmt network
1309 value: {get_attr: [StorageMgmtPort, ip_address]}
1311 description: IP address of the server in the tenant network
1312 value: {get_attr: [TenantPort, ip_address]}
1314 description: Hostname of the server
1315 value: {get_attr: [Controller, name]}
1318 Node object in the format {ip: ..., name: ...} format that the corosync
1321 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1322 name: {get_attr: [Controller, name]}
1325 Server's IP address and hostname in the /etc/hosts format
1328 template: IP HOST.localdomain HOST CLOUDNAME
1330 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1331 HOST: {get_attr: [Controller, name]}
1332 CLOUDNAME: {get_param: CloudName}
1333 nova_server_resource:
1334 description: Heat resource handle for the Nova compute server
1336 {get_resource: Controller}
1338 description: Swift device formatted for swift-ring-builder
1341 template: 'r1z1-IP:%PORT%/d1'
1343 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1344 swift_proxy_memcache:
1345 description: Swift proxy-memcache value
1348 template: "IP:11211"
1350 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1352 description: identifier which changes if the controller configuration may need re-applying
1356 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1357 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1358 - {get_param: UpdateIdentifier}