1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
8 default: 'admin@example.com'
9 description: The email for the keystone admin account.
14 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
19 description: The keystone auth secret and db password.
22 CeilometerApiVirtualIP:
27 description: The ceilometer backend type.
29 CeilometerMeteringSecret:
31 description: Secret shared by the ceilometer services.
36 description: The password for the ceilometer service and db account.
42 CinderEnableNfsBackend:
44 description: Whether to enable or not the NFS backend for Cinder
46 CinderEnableIscsiBackend:
48 description: Whether to enable or not the Iscsi backend for Cinder
50 CinderEnableRbdBackend:
52 description: Whether to enable or not the Rbd backend for Cinder
56 description: The iSCSI helper to use with cinder.
58 CinderLVMLoopDeviceSize:
60 description: The size of the loopback file used by the cinder LVM driver.
62 CinderNfsMountOptions:
65 Mount options for NFS mounts used by Cinder NFS backend. Effective
66 when CinderEnableNfsBackend is true.
71 NFS servers used by Cinder NFS backend. Effective when
72 CinderEnableNfsBackend is true.
73 type: comma_delimited_list
76 description: The password for the cinder service and db account, used by cinder-api.
81 description: Contains parameters to configure Cinder backends. Typically
82 set via parameter_defaults in the resource registry.
86 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
88 ControllerExtraConfig:
91 Controller specific hiera configuration data to inject into the cluster.
93 ControlVirtualInterface:
95 description: Interface where virtual ip will be assigned.
99 description: Set to True to enable debugging on all services.
103 description: Whether to enable fencing in Pacemaker or not.
107 description: Whether to use Galera instead of regular MariaDB.
111 description: Whether to deploy Ceph Storage (OSD) on the Controller
115 description: Whether to enable Swift Storage on the Controller
120 Additional hieradata to inject into the cluster, note that
121 ControllerExtraConfig takes precedence over ExtraConfig.
126 Pacemaker fencing configuration. The JSON should have
127 the following structure:
131 "agent": "AGENT_NAME",
132 "host_mac": "HOST_MAC_ADDRESS",
133 "params": {"PARAM_NAME": "PARAM_VALUE"}
141 "agent": "fence_xvm",
142 "host_mac": "52:54:00:aa:bb:cc",
144 "multicast_address": "225.0.0.12",
145 "port": "baremetal_0",
147 "manage_key_file": true,
148 "key_file": "/etc/fence_xvm.key",
149 "key_file_password": "abcdef"
156 description: Flavor for control nodes to request when deploying.
159 - custom_constraint: nova.flavor
160 GlanceNotifierStrategy:
161 description: Strategy to use for Glance notification queue
165 description: The filepath of the file to use for logging messages from Glance.
170 description: The password for the glance service and db account, used by the glance services.
175 description: Glance port.
179 description: Protocol to use when connecting to glance, set to https for SSL.
183 description: The short name of the Glance backend to use. Should be one
184 of swift, rbd, or file
187 - allowed_values: ['swift', 'file', 'rbd']
188 GlanceFilePcmkDevice:
191 An exported storage device that should be mounted by Pacemaker
192 as Glance storage. Effective when GlanceFilePcmkManage is true.
194 GlanceFilePcmkFstype:
197 Filesystem type for Pacemaker mount used as Glance storage.
198 Effective when GlanceFilePcmkManage is true.
200 GlanceFilePcmkManage:
203 Whether to make Glance file backend a mount managed by Pacemaker.
204 Effective when GlanceBackend is 'file'.
206 GlanceFilePcmkOptions:
209 Mount options for Pacemaker mount used as Glance storage.
210 Effective when GlanceFilePcmkManage is true.
212 HAProxySyslogAddress:
214 description: Syslog address where HAproxy will send its log
218 description: The password for the Heat service and db account, used by the Heat services.
221 HeatStackDomainAdminPassword:
222 description: Password for heat_domain_admin user.
226 HeatAuthEncryptionKey:
227 description: Auth encryption key for heat-engine
232 description: A list of IP/Hostname allowed to connect to horizon
233 type: comma_delimited_list
235 description: Secret key for Django
240 default: overcloud-control
242 - custom_constraint: glance.image
244 default: 'REBUILD_PRESERVE_EPHEMERAL'
245 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
249 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
252 - custom_constraint: nova.keypair
253 KeystoneCACertificate:
255 description: Keystone self-signed certificate authority certificate.
257 KeystoneSigningCertificate:
259 description: Keystone certificate for verifying token validity.
263 description: Keystone key for signing tokens.
266 KeystoneSSLCertificate:
268 description: Keystone certificate for verifying token validity.
270 KeystoneSSLCertificateKey:
272 description: Keystone key for signing tokens.
275 KeystoneNotificationDriver:
276 description: Comma-separated list of Oslo notification drivers used by Keystone
277 default: ['messaging']
278 type: comma_delimited_list
279 KeystoneNotificationFormat:
280 description: The Keystone notification format
284 - allowed_values: [ 'basic', 'cadf' ]
288 description: Keystone region for endpoint
289 MysqlClusterUniquePart:
290 description: A unique identifier of the MySQL cluster the controller is in.
292 default: 'unset' # Has to be here because of the ignored empty value bug
293 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
295 # - length: {min: 4, max: 10}
296 MysqlInnodbBufferPoolSize:
298 Specifies the size of the buffer pool in megabytes. Setting to
299 zero should be interpreted as "no value" and will defer to the
304 description: Configures MySQL max_connections config setting
310 default: '' # Has to be here because of the ignored empty value bug
311 NeutronExternalNetworkBridge:
312 description: Name of bridge used for external network traffic.
315 NeutronBridgeMappings:
317 The OVS logical->physical bridge mappings to use. See the Neutron
318 documentation for details. Defaults to mapping br-ex - the external
319 bridge on hosts - to a physical name 'datacentre' which can be used
320 to create provider networks (and we use this for the default floating
321 network) - if changing this either use different post-install network
322 scripts or be sure to keep 'datacentre' as a mapping network name.
324 default: "datacentre:br-ex"
325 NeutronDnsmasqOptions:
326 default: 'dhcp-option-force=26,1400'
327 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
331 description: Agent mode for the neutron-l3-agent on the controller hosts
335 description: Whether to enable l3-agent HA
337 NeutronDhcpAgentsPerNetwork:
340 description: The number of neutron dhcp agents to schedule per network
343 description: Whether to configure Neutron Distributed Virtual Routers
345 NeutronMetadataProxySharedSecret:
347 description: Shared secret to prevent spoofing
353 The core plugin for Neutron. The value should be the entrypoint to be loaded
354 from neutron.core_plugins namespace.
356 NeutronServicePlugins:
359 Comma-separated list of service plugin entrypoints to be loaded from the
360 neutron.service_plugins namespace.
361 type: comma_delimited_list
363 default: "vxlan,vlan,flat,gre"
365 Comma-separated list of network type driver entrypoints to be loaded.
366 type: comma_delimited_list
367 NeutronMechanismDrivers:
368 default: 'openvswitch'
370 The mechanism drivers for the Neutron tenant network. To specify multiple
371 values, use a comma separated string, like so: 'openvswitch,l2_population'
373 NeutronAllowL3AgentFailover:
375 description: Allow automatic l3-agent failover
377 NeutronEnableTunnelling:
383 Enable/disable the L2 population feature in the Neutron agents.
387 default: 'datacentre'
388 description: If set, flat networks to configure in neutron plugins.
391 description: Whether to enable l3-agent HA
395 description: The tenant network type for Neutron, either gre or vxlan.
397 NeutronNetworkVLANRanges:
398 default: 'datacentre'
400 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
401 Neutron documentation for permitted values. Defaults to permitting any
402 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
403 type: comma_delimited_list
406 description: The password for the neutron service and db account, used by neutron agents.
409 NeutronPublicInterface:
411 description: What interface to bridge onto br-ex for network nodes.
413 NeutronPublicInterfaceTag:
416 VLAN tag for creating a public VLAN. The tag will be used to
417 create an access port on the exterior bridge for each control plane node,
418 and that port will be given the IP address returned by neutron from the
419 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
420 overcloud.yaml to include the deployment of VLAN ports to the control
423 NeutronPublicInterfaceDefaultRoute:
425 description: A custom default route for the NeutronPublicInterface.
427 NeutronPublicInterfaceIP:
429 description: A custom IP address to put onto the NeutronPublicInterface.
431 NeutronPublicInterfaceRawDevice:
433 description: If set, the public interface is a vlan with this device as the raw device.
438 The tunnel types for the Neutron tenant network. To specify multiple
439 values, use a comma separated string, like so: 'gre,vxlan'
441 NeutronTunnelIdRanges:
443 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
444 of GRE tunnel IDs that are available for tenant network allocation
445 default: ["1:1000", ]
446 type: comma_delimited_list
449 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
450 of VXLAN VNI IDs that are available for tenant network allocation
451 default: ["1:1000", ]
452 type: comma_delimited_list
458 description: The password for the nova service and db account, used by nova-api.
463 description: Should MongoDb journaling be disabled
467 description: Comma-separated list of ntp servers
468 type: comma_delimited_list
471 description: The password for the 'pcsd' user.
473 PublicVirtualInterface:
476 Specifies the interface where the public-facing virtual ip will be assigned.
477 This should be int_public when a VLAN is being used.
481 default: '' # Has to be here because of the ignored empty value bug
484 default: '' # Has to be here because of the ignored empty value bug
488 description: The password for RabbitMQ
493 description: The username for RabbitMQ
498 Rabbit client subscriber parameter to specify
499 an SSL connection to the RabbitMQ host.
503 description: Set rabbit subscriber port, change this if using SSL
507 description: Configures RabbitMQ FD limit
511 default: '' # Has to be here because of the ignored empty value bug
512 SnmpdReadonlyUserName:
513 default: ro_snmp_user
514 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
516 SnmpdReadonlyUserPassword:
518 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
523 description: If set, the contents of an SSL certificate authority file.
527 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
532 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
537 description: A random string to be used as a salt when hashing to determine mappings
543 description: Value of mount_check in Swift account/container/object -server.conf
548 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
551 description: Partition Power to use when building Swift rings
555 description: The password for the swift service account, used by the swift proxy
565 description: How many replicas to use in the swift rings.
566 VirtualIP: # DEPRECATED: use per service settings instead
568 default: '' # Has to be here because of the ignored empty value bug
575 GlanceRegistryVirtualIP:
581 KeystoneAdminApiVirtualIP:
584 KeystonePublicApiVirtualIP:
590 EnablePackageInstall:
592 description: Set to true to enable package installation via Puppet
596 description: Mapping of service_name -> network name. Typically set
597 via parameter_defaults in the resource registry.
603 Setting to a previously unused value during stack-update will trigger
604 package update on all nodes
607 default: '' # Defaults to Heat created hostname
612 type: OS::Nova::Server
614 image: {get_param: Image}
615 image_update_policy: {get_param: ImageUpdatePolicy}
616 flavor: {get_param: Flavor}
617 key_name: {get_param: KeyName}
620 user_data_format: SOFTWARE_CONFIG
621 user_data: {get_resource: UserData}
622 name: {get_param: Hostname}
624 # Combine the NodeAdminUserData and NodeUserData mime archives
626 type: OS::Heat::MultipartMime
629 - config: {get_resource: NodeAdminUserData}
631 - config: {get_resource: NodeUserData}
634 # Creates the "heat-admin" user if configured via the environment
635 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
637 type: OS::TripleO::NodeAdminUserData
639 # For optional operator additional userdata
640 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
642 type: OS::TripleO::NodeUserData
645 type: OS::TripleO::Controller::Ports::ExternalPort
647 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
650 type: OS::TripleO::Controller::Ports::InternalApiPort
652 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
655 type: OS::TripleO::Controller::Ports::StoragePort
657 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
660 type: OS::TripleO::Controller::Ports::StorageMgmtPort
662 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
665 type: OS::TripleO::Controller::Ports::TenantPort
667 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
670 type: OS::TripleO::Network::Ports::NetIpMap
672 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
673 ExternalIp: {get_attr: [ExternalPort, ip_address]}
674 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
675 StorageIp: {get_attr: [StoragePort, ip_address]}
676 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
677 TenantIp: {get_attr: [TenantPort, ip_address]}
680 type: OS::TripleO::Network::Ports::NetIpSubnetMap
682 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
683 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
684 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
685 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
686 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
687 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
690 type: OS::TripleO::Controller::Net::SoftwareConfig
692 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
693 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
694 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
695 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
696 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
697 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
700 type: OS::TripleO::SoftwareDeployment
702 config: {get_resource: NetworkConfig}
703 server: {get_resource: Controller}
706 interface_name: {get_param: NeutronPublicInterface}
708 ControllerDeployment:
709 type: OS::TripleO::SoftwareDeployment
710 depends_on: NetworkDeployment
712 config: {get_resource: ControllerConfig}
713 server: {get_resource: Controller}
715 bootstack_nodeid: {get_attr: [Controller, name]}
716 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
717 neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
718 haproxy_log_address: {get_param: HAProxySyslogAddress}
719 heat.watch_server_url:
723 - {get_param: HeatApiVirtualIP}
725 heat.metadata_server_url:
729 - {get_param: HeatApiVirtualIP}
731 heat.waitcondition_server_url:
735 - {get_param: HeatApiVirtualIP}
736 - ':8000/v1/waitcondition'
737 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
738 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
739 horizon_secret: {get_param: HorizonSecret}
740 admin_email: {get_param: AdminEmail}
741 admin_password: {get_param: AdminPassword}
742 admin_token: {get_param: AdminToken}
743 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
744 debug: {get_param: Debug}
745 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
746 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
747 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
750 template: "['SERVERS']"
755 - {get_param: CinderNfsServers}
756 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
757 cinder_password: {get_param: CinderPassword}
758 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
759 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
760 cinder_backend_config: {get_param: CinderBackendConfig}
764 - - 'mysql://cinder:'
765 - {get_param: CinderPassword}
767 - {get_param: MysqlVirtualIP}
769 glance_port: {get_param: GlancePort}
770 glance_password: {get_param: GlancePassword}
771 glance_backend: {get_param: GlanceBackend}
772 glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
773 glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
774 glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
775 glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
776 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
777 glance_log_file: {get_param: GlanceLogFile}
781 - - 'mysql://glance:'
782 - {get_param: GlancePassword}
784 - {get_param: MysqlVirtualIP}
786 heat_password: {get_param: HeatPassword}
787 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
792 - {get_param: HeatPassword}
794 - {get_param: MysqlVirtualIP}
796 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
797 keystone_ca_certificate: {get_param: KeystoneCACertificate}
798 keystone_signing_key: {get_param: KeystoneSigningKey}
799 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
800 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
801 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
802 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
803 keystone_notification_format: {get_param: KeystoneNotificationFormat}
807 - - 'mysql://keystone:'
808 - {get_param: AdminToken}
810 - {get_param: MysqlVirtualIP}
812 keystone_identity_uri:
816 - {get_param: KeystoneAdminApiVirtualIP}
822 - {get_param: KeystonePublicApiVirtualIP}
828 - {get_param: PublicVirtualIP}
830 keystone_internal_url:
834 - {get_param: KeystonePublicApiVirtualIP}
840 - {get_param: KeystonePublicApiVirtualIP}
841 - ':5000/v2.0/ec2tokens'
842 enable_fencing: {get_param: EnableFencing}
843 enable_galera: {get_param: EnableGalera}
844 enable_ceph_storage: {get_param: EnableCephStorage}
845 enable_swift_storage: {get_param: EnableSwiftStorage}
846 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
847 mysql_max_connections: {get_param: MysqlMaxConnections}
848 mysql_root_password: {get_param: MysqlRootPassword}
851 template: tripleo-CLUSTER
853 CLUSTER: {get_param: MysqlClusterUniquePart}
854 neutron_flat_networks: {get_param: NeutronFlatNetworks}
855 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
856 neutron_agent_mode: {get_param: NeutronAgentMode}
857 neutron_router_distributed: {get_param: NeutronDVR}
858 neutron_core_plugin: {get_param: NeutronCorePlugin}
859 neutron_service_plugins:
861 template: "['PLUGINS']"
866 - {get_param: NeutronServicePlugins}
867 neutron_type_drivers:
869 template: "['DRIVERS']"
874 - {get_param: NeutronTypeDrivers}
875 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
876 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
877 neutron_l3_ha: {get_param: NeutronL3HA}
878 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
879 neutron_network_vlan_ranges:
881 template: "['RANGES']"
886 - {get_param: NeutronNetworkVLANRanges}
887 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
888 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
889 neutron_public_interface: {get_param: NeutronPublicInterface}
890 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
891 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
892 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
893 neutron_tenant_network_type: {get_param: NeutronNetworkType}
894 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
895 neutron_tunnel_id_ranges:
897 template: "['RANGES']"
902 - {get_param: NeutronTunnelIdRanges}
905 template: "['RANGES']"
910 - {get_param: NeutronVniRanges}
911 neutron_password: {get_param: NeutronPassword}
912 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
916 - - 'mysql://neutron:'
917 - {get_param: NeutronPassword}
919 - {get_param: MysqlVirtualIP}
920 - '/ovs_neutron?charset=utf8'
925 - {get_param: NeutronApiVirtualIP}
927 neutron_admin_auth_url:
931 - {get_param: KeystoneAdminApiVirtualIP}
933 ceilometer_backend: {get_param: CeilometerBackend}
934 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
935 ceilometer_password: {get_param: CeilometerPassword}
936 ceilometer_coordination_url:
940 - {get_param: RedisVirtualIP}
945 - - 'mysql://ceilometer:'
946 - {get_param: CeilometerPassword}
948 - {get_param: MysqlVirtualIP}
950 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
951 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
952 nova_password: {get_param: NovaPassword}
957 - {get_param: NovaPassword}
959 - {get_param: MysqlVirtualIP}
961 fencing_config: {get_param: FencingConfig}
962 pcsd_password: {get_param: PcsdPassword}
963 rabbit_username: {get_param: RabbitUserName}
964 rabbit_password: {get_param: RabbitPassword}
965 rabbit_cookie: {get_param: RabbitCookie}
966 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
967 rabbit_client_port: {get_param: RabbitClientPort}
968 mongodb_no_journal: {get_param: MongoDbNoJournal}
969 # We need to force this into quotes or hiera will return integer causing
970 # the puppet module validation regexp to fail.
971 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
976 LIMIT: {get_param: RabbitFDLimit}
977 ntp_servers: {get_param: NtpServer}
978 control_virtual_interface: {get_param: ControlVirtualInterface}
979 public_virtual_interface: {get_param: PublicVirtualInterface}
980 swift_hash_suffix: {get_param: SwiftHashSuffix}
981 swift_password: {get_param: SwiftPassword}
982 swift_part_power: {get_param: SwiftPartPower}
983 swift_replicas: {get_param: SwiftReplicas}
984 swift_min_part_hours: {get_param: SwiftMinPartHours}
985 swift_mount_check: {get_param: SwiftMountCheck}
986 enable_package_install: {get_param: EnablePackageInstall}
987 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
988 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
989 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
990 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
991 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
992 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
993 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
997 - - {get_param: GlanceProtocol}
999 - {get_param: GlanceApiVirtualIP}
1001 - {get_param: GlancePort}
1002 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
1003 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
1004 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
1005 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
1006 keystone_region: {get_param: KeystoneRegion}
1007 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
1008 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
1009 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
1010 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
1011 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
1012 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
1013 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
1014 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
1015 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
1016 redis_vip: {get_param: RedisVirtualIP}
1017 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1018 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
1019 mysql_virtual_ip: {get_param: MysqlVirtualIP}
1020 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
1021 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1022 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
1024 # Map heat metadata into hiera datafiles
1026 type: OS::Heat::StructuredConfig
1028 group: os-apply-config
1033 - heat_config_%{::deploy_config_name}
1034 - controller_extraconfig
1039 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
1040 - ceph_cluster # provided by CephClusterConfig
1042 - bootstrap_node # provided by BootstrapNodeConfig
1043 - all_nodes # provided by allNodesConfig
1044 - vip_data # provided by vip-config
1047 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
1048 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
1049 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
1050 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
1052 controller_extraconfig:
1053 mapped_data: {get_param: ControllerExtraConfig}
1055 mapped_data: {get_param: ExtraConfig}
1057 raw_data: {get_file: hieradata/common.yaml}
1059 raw_data: {get_file: hieradata/ceph.yaml}
1061 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1062 ceph::profile::params::public_network: {get_input: ceph_public_network}
1063 ceph::mon::public_addr: {get_input: ceph_public_ip}
1065 raw_data: {get_file: hieradata/database.yaml}
1067 raw_data: {get_file: hieradata/object.yaml}
1069 raw_data: {get_file: hieradata/controller.yaml}
1070 mapped_data: # data supplied directly to this deployment configuration, etc
1071 bootstack_nodeid: {get_input: bootstack_nodeid}
1074 enable_fencing: {get_input: enable_fencing}
1075 hacluster_pwd: {get_input: pcsd_password}
1076 tripleo::fencing::config: {get_input: fencing_config}
1079 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1080 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1081 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1082 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1083 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1084 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1085 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1086 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1087 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1088 swift_mount_check: {get_input: swift_mount_check}
1090 # NOTE(dprince): build_ring support is currently not wired in.
1091 # See: https://review.openstack.org/#/c/109225/
1092 tripleo::ringbuilder::build_ring: True
1095 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1096 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1097 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1098 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1099 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1100 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1101 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1102 cinder::database_connection: {get_input: cinder_dsn}
1103 cinder::api::keystone_password: {get_input: cinder_password}
1104 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1105 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1106 cinder::api::bind_host: {get_input: cinder_api_network}
1107 cinder::rabbit_userid: {get_input: rabbit_username}
1108 cinder::rabbit_password: {get_input: rabbit_password}
1109 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1110 cinder::rabbit_port: {get_input: rabbit_client_port}
1111 cinder::debug: {get_input: debug}
1112 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1113 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1114 cinder_backend_config: {get_input: CinderBackendConfig}
1115 cinder::db::mysql::password: {get_input: cinder_password}
1118 glance::api::bind_port: {get_input: glance_port}
1119 glance::api::bind_host: {get_input: glance_api_network}
1120 glance::api::auth_uri: {get_input: keystone_auth_uri}
1121 glance::api::identity_uri: {get_input: keystone_identity_uri}
1122 glance::api::registry_host: {get_input: glance_registry_host}
1123 glance::api::keystone_password: {get_input: glance_password}
1124 glance::api::debug: {get_input: debug}
1125 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1126 glance_log_file: {get_input: glance_log_file}
1127 glance_log_file: {get_input: glance_log_file}
1128 glance::api::database_connection: {get_input: glance_dsn}
1129 glance::registry::keystone_password: {get_input: glance_password}
1130 glance::registry::database_connection: {get_input: glance_dsn}
1131 glance::registry::bind_host: {get_input: glance_registry_network}
1132 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1133 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1134 glance::registry::debug: {get_input: debug}
1135 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1136 glance::backend::swift::swift_store_user: service:glance
1137 glance::backend::swift::swift_store_key: {get_input: glance_password}
1138 glance_backend: {get_input: glance_backend}
1139 glance::db::mysql::password: {get_input: glance_password}
1140 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
1141 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
1142 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
1143 glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
1146 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1147 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1148 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1149 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1150 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1151 heat::rabbit_userid: {get_input: rabbit_username}
1152 heat::rabbit_password: {get_input: rabbit_password}
1153 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1154 heat::rabbit_port: {get_input: rabbit_client_port}
1155 heat::auth_uri: {get_input: keystone_auth_uri}
1156 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1157 heat::identity_uri: {get_input: keystone_identity_uri}
1158 heat::keystone_password: {get_input: heat_password}
1159 heat::api::bind_host: {get_input: heat_api_network}
1160 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1161 heat::api_cfn::bind_host: {get_input: heat_api_network}
1162 heat::database_connection: {get_input: heat_dsn}
1163 heat::debug: {get_input: debug}
1164 heat::db::mysql::password: {get_input: heat_password}
1167 keystone::admin_token: {get_input: admin_token}
1168 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1169 keystone_signing_key: {get_input: keystone_signing_key}
1170 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1171 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1172 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1173 keystone::database_connection: {get_input: keystone_dsn}
1174 keystone::public_bind_host: {get_input: keystone_public_api_network}
1175 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1176 keystone::debug: {get_input: debug}
1177 keystone::db::mysql::password: {get_input: admin_token}
1178 keystone::rabbit_userid: {get_input: rabbit_username}
1179 keystone::rabbit_password: {get_input: rabbit_password}
1180 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1181 keystone::rabbit_port: {get_input: rabbit_client_port}
1182 keystone::notification_driver: {get_input: keystone_notification_driver}
1183 keystone::notification_format: {get_input: keystone_notification_format}
1184 keystone::roles::admin::email: {get_input: admin_email}
1185 keystone::roles::admin::password: {get_input: admin_password}
1186 keystone::endpoint::public_url: {get_input: keystone_public_url}
1187 keystone::endpoint::internal_url: {get_input: keystone_internal_url}
1188 keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
1189 keystone::endpoint::region: {get_input: keystone_region}
1191 mongodb::server::bind_ip: {get_input: mongo_db_network}
1192 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1194 admin_password: {get_input: admin_password}
1195 enable_galera: {get_input: enable_galera}
1196 enable_ceph_storage: {get_input: enable_ceph_storage}
1197 enable_swift_storage: {get_input: enable_swift_storage}
1198 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1199 mysql_max_connections: {get_input: mysql_max_connections}
1200 mysql::server::root_password: {get_input: mysql_root_password}
1201 mysql_cluster_name: {get_input: mysql_cluster_name}
1202 mysql_bind_host: {get_input: mysql_network}
1203 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1206 neutron::bind_host: {get_input: neutron_api_network}
1207 neutron::rabbit_password: {get_input: rabbit_password}
1208 neutron::rabbit_user: {get_input: rabbit_user}
1209 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1210 neutron::rabbit_port: {get_input: rabbit_client_port}
1211 neutron::debug: {get_input: debug}
1212 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1213 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1214 neutron::server::database_connection: {get_input: neutron_dsn}
1215 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1216 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1217 neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
1218 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1219 neutron_flat_networks: {get_input: neutron_flat_networks}
1220 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1221 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1222 neutron_agent_mode: {get_input: neutron_agent_mode}
1223 neutron_router_distributed: {get_input: neutron_router_distributed}
1224 neutron::core_plugin: {get_input: neutron_core_plugin}
1225 neutron::service_plugins: {get_input: neutron_service_plugins}
1226 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1227 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1228 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1229 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1230 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1231 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1232 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1233 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1234 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1235 neutron_public_interface: {get_input: neutron_public_interface}
1236 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1237 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1238 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1239 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1240 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1241 neutron::server::auth_password: {get_input: neutron_password}
1242 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1243 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1244 neutron_dsn: {get_input: neutron_dsn}
1245 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1246 neutron::db::mysql::password: {get_input: neutron_password}
1249 ceilometer_backend: {get_input: ceilometer_backend}
1250 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1251 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1252 ceilometer::rabbit_userid: {get_input: rabbit_username}
1253 ceilometer::rabbit_password: {get_input: rabbit_password}
1254 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1255 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1256 ceilometer::debug: {get_input: debug}
1257 ceilometer::api::host: {get_input: ceilometer_api_network}
1258 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1259 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1260 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1261 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1262 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1263 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1264 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1265 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1266 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1269 nova::rabbit_userid: {get_input: rabbit_username}
1270 nova::rabbit_password: {get_input: rabbit_password}
1271 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1272 nova::rabbit_port: {get_input: rabbit_client_port}
1273 nova::debug: {get_input: debug}
1274 nova::api::auth_uri: {get_input: keystone_auth_uri}
1275 nova::api::identity_uri: {get_input: keystone_identity_uri}
1276 nova::api::api_bind_address: {get_input: nova_api_network}
1277 nova::api::metadata_listen: {get_input: nova_metadata_network}
1278 nova::api::admin_password: {get_input: nova_password}
1279 nova::database_connection: {get_input: nova_dsn}
1280 nova::glance_api_servers: {get_input: glance_api_servers}
1281 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1282 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1283 nova::network::neutron::neutron_url: {get_input: neutron_url}
1284 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1285 nova::vncproxy::host: {get_input: nova_api_network}
1286 nova::db::mysql::password: {get_input: nova_password}
1289 apache::ip: {get_input: horizon_network}
1290 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1291 horizon::django_debug: {get_input: debug}
1292 horizon::secret_key: {get_input: horizon_secret}
1293 horizon::bind_address: {get_input: horizon_network}
1294 horizon::keystone_url: {get_input: keystone_auth_uri}
1297 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1298 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1299 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1301 redis::bind: {get_input: redis_network}
1302 redis_vip: {get_input: redis_vip}
1304 memcached::listen_ip: {get_input: memcached_network}
1305 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1306 ntp::servers: {get_input: ntp_servers}
1307 control_virtual_interface: {get_input: control_virtual_interface}
1308 public_virtual_interface: {get_input: public_virtual_interface}
1309 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1310 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1311 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1312 tripleo::packages::enable_install: {get_input: enable_package_install}
1313 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1315 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1316 ControllerExtraConfigPre:
1317 depends_on: ControllerDeployment
1318 type: OS::TripleO::ControllerExtraConfigPre
1320 server: {get_resource: Controller}
1322 # Hook for site-specific additional pre-deployment config,
1323 # applying to all nodes, e.g node registration/unregistration
1325 depends_on: ControllerExtraConfigPre
1326 type: OS::TripleO::NodeExtraConfig
1328 server: {get_resource: Controller}
1331 type: OS::TripleO::Tasks::PackageUpdate
1334 type: OS::Heat::SoftwareDeployment
1336 config: {get_resource: UpdateConfig}
1337 server: {get_resource: Controller}
1340 get_param: UpdateIdentifier
1344 description: IP address of the server in the ctlplane network
1345 value: {get_attr: [Controller, networks, ctlplane, 0]}
1346 external_ip_address:
1347 description: IP address of the server in the external network
1348 value: {get_attr: [ExternalPort, ip_address]}
1349 internal_api_ip_address:
1350 description: IP address of the server in the internal_api network
1351 value: {get_attr: [InternalApiPort, ip_address]}
1353 description: IP address of the server in the storage network
1354 value: {get_attr: [StoragePort, ip_address]}
1355 storage_mgmt_ip_address:
1356 description: IP address of the server in the storage_mgmt network
1357 value: {get_attr: [StorageMgmtPort, ip_address]}
1359 description: IP address of the server in the tenant network
1360 value: {get_attr: [TenantPort, ip_address]}
1362 description: Hostname of the server
1363 value: {get_attr: [Controller, name]}
1366 Node object in the format {ip: ..., name: ...} format that the corosync
1369 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1370 name: {get_attr: [Controller, name]}
1373 Server's IP address and hostname in the /etc/hosts format
1376 template: IP HOST.localdomain HOST CLOUDNAME
1378 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1379 HOST: {get_attr: [Controller, name]}
1380 CLOUDNAME: {get_param: CloudName}
1381 nova_server_resource:
1382 description: Heat resource handle for the Nova compute server
1384 {get_resource: Controller}
1386 description: Swift device formatted for swift-ring-builder
1389 template: 'r1z1-IP:%PORT%/d1'
1391 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1392 swift_proxy_memcache:
1393 description: Swift proxy-memcache value
1396 template: "IP:11211"
1398 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1400 description: identifier which changes if the controller configuration may need re-applying
1404 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1405 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1406 - {get_param: UpdateIdentifier}