1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
8 default: 'admin@example.com'
9 description: The email for the keystone admin account.
14 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
19 description: The keystone auth secret and db password.
22 CeilometerApiVirtualIP:
27 description: The ceilometer backend type.
29 CeilometerMeteringSecret:
31 description: Secret shared by the ceilometer services.
36 description: The password for the ceilometer service and db account.
42 CinderEnableNfsBackend:
44 description: Whether to enable or not the NFS backend for Cinder
46 CinderEnableIscsiBackend:
48 description: Whether to enable or not the Iscsi backend for Cinder
50 CinderEnableRbdBackend:
52 description: Whether to enable or not the Rbd backend for Cinder
56 description: The iSCSI helper to use with cinder.
58 CinderLVMLoopDeviceSize:
60 description: The size of the loopback file used by the cinder LVM driver.
62 CinderNfsMountOptions:
65 Mount options for NFS mounts used by Cinder NFS backend. Effective
66 when CinderEnableNfsBackend is true.
71 NFS servers used by Cinder NFS backend. Effective when
72 CinderEnableNfsBackend is true.
73 type: comma_delimited_list
76 description: The password for the cinder service and db account, used by cinder-api.
81 description: Contains parameters to configure Cinder backends. Typically
82 set via parameter_defaults in the resource registry.
86 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
88 ControllerExtraConfig:
91 Controller specific hiera configuration data to inject into the cluster.
93 ControlVirtualInterface:
95 description: Interface where virtual ip will be assigned.
99 description: Set to True to enable debugging on all services.
103 description: Whether to enable fencing in Pacemaker or not.
107 description: Whether to use Galera instead of regular MariaDB.
111 description: Whether to deploy Ceph Storage (OSD) on the Controller
115 description: Whether to enable Swift Storage on the Controller
120 Additional hieradata to inject into the cluster, note that
121 ControllerExtraConfig takes precedence over ExtraConfig.
126 Pacemaker fencing configuration. The JSON should have
127 the following structure:
131 "agent": "AGENT_NAME",
132 "host_mac": "HOST_MAC_ADDRESS",
133 "params": {"PARAM_NAME": "PARAM_VALUE"}
141 "agent": "fence_xvm",
142 "host_mac": "52:54:00:aa:bb:cc",
144 "multicast_address": "225.0.0.12",
145 "port": "baremetal_0",
147 "manage_key_file": true,
148 "key_file": "/etc/fence_xvm.key",
149 "key_file_password": "abcdef"
156 description: Flavor for control nodes to request when deploying.
159 - custom_constraint: nova.flavor
160 GlanceNotifierStrategy:
161 description: Strategy to use for Glance notification queue
165 description: The filepath of the file to use for logging messages from Glance.
170 description: The password for the glance service and db account, used by the glance services.
175 description: The short name of the Glance backend to use. Should be one
176 of swift, rbd, or file
179 - allowed_values: ['swift', 'file', 'rbd']
180 GlanceFilePcmkDevice:
183 An exported storage device that should be mounted by Pacemaker
184 as Glance storage. Effective when GlanceFilePcmkManage is true.
186 GlanceFilePcmkFstype:
189 Filesystem type for Pacemaker mount used as Glance storage.
190 Effective when GlanceFilePcmkManage is true.
192 GlanceFilePcmkManage:
195 Whether to make Glance file backend a mount managed by Pacemaker.
196 Effective when GlanceBackend is 'file'.
198 GlanceFilePcmkOptions:
201 Mount options for Pacemaker mount used as Glance storage.
202 Effective when GlanceFilePcmkManage is true.
204 HAProxySyslogAddress:
206 description: Syslog address where HAproxy will send its log
210 description: The password for the Heat service and db account, used by the Heat services.
213 HeatStackDomainAdminPassword:
214 description: Password for heat_domain_admin user.
218 HeatAuthEncryptionKey:
219 description: Auth encryption key for heat-engine
224 description: A list of IP/Hostname allowed to connect to horizon
225 type: comma_delimited_list
227 description: Secret key for Django
232 default: overcloud-control
234 - custom_constraint: glance.image
236 default: 'REBUILD_PRESERVE_EPHEMERAL'
237 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
241 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
244 - custom_constraint: nova.keypair
245 KeystoneCACertificate:
247 description: Keystone self-signed certificate authority certificate.
249 KeystoneSigningCertificate:
251 description: Keystone certificate for verifying token validity.
255 description: Keystone key for signing tokens.
258 KeystoneSSLCertificate:
260 description: Keystone certificate for verifying token validity.
262 KeystoneSSLCertificateKey:
264 description: Keystone key for signing tokens.
267 KeystoneNotificationDriver:
268 description: Comma-separated list of Oslo notification drivers used by Keystone
269 default: ['messaging']
270 type: comma_delimited_list
271 KeystoneNotificationFormat:
272 description: The Keystone notification format
276 - allowed_values: [ 'basic', 'cadf' ]
280 description: Keystone region for endpoint
281 MysqlClusterUniquePart:
282 description: A unique identifier of the MySQL cluster the controller is in.
284 default: 'unset' # Has to be here because of the ignored empty value bug
285 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
287 # - length: {min: 4, max: 10}
288 MysqlInnodbBufferPoolSize:
290 Specifies the size of the buffer pool in megabytes. Setting to
291 zero should be interpreted as "no value" and will defer to the
296 description: Configures MySQL max_connections config setting
302 default: '' # Has to be here because of the ignored empty value bug
303 NeutronExternalNetworkBridge:
304 description: Name of bridge used for external network traffic.
307 NeutronBridgeMappings:
309 The OVS logical->physical bridge mappings to use. See the Neutron
310 documentation for details. Defaults to mapping br-ex - the external
311 bridge on hosts - to a physical name 'datacentre' which can be used
312 to create provider networks (and we use this for the default floating
313 network) - if changing this either use different post-install network
314 scripts or be sure to keep 'datacentre' as a mapping network name.
316 default: "datacentre:br-ex"
317 NeutronDnsmasqOptions:
318 default: 'dhcp-option-force=26,1400'
319 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
323 description: Agent mode for the neutron-l3-agent on the controller hosts
327 description: Whether to enable l3-agent HA
329 NeutronDhcpAgentsPerNetwork:
332 description: The number of neutron dhcp agents to schedule per network
335 description: Whether to configure Neutron Distributed Virtual Routers
337 NeutronMetadataProxySharedSecret:
339 description: Shared secret to prevent spoofing
345 The core plugin for Neutron. The value should be the entrypoint to be loaded
346 from neutron.core_plugins namespace.
348 NeutronServicePlugins:
351 Comma-separated list of service plugin entrypoints to be loaded from the
352 neutron.service_plugins namespace.
353 type: comma_delimited_list
355 default: "vxlan,vlan,flat,gre"
357 Comma-separated list of network type driver entrypoints to be loaded.
358 type: comma_delimited_list
359 NeutronMechanismDrivers:
360 default: 'openvswitch'
362 The mechanism drivers for the Neutron tenant network. To specify multiple
363 values, use a comma separated string, like so: 'openvswitch,l2_population'
365 NeutronAllowL3AgentFailover:
367 description: Allow automatic l3-agent failover
369 NeutronEnableTunnelling:
374 default: 'datacentre'
375 description: If set, flat networks to configure in neutron plugins.
378 description: Whether to enable l3-agent HA
382 description: The tenant network type for Neutron, either gre or vxlan.
384 NeutronNetworkVLANRanges:
385 default: 'datacentre'
387 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
388 Neutron documentation for permitted values. Defaults to permitting any
389 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
390 type: comma_delimited_list
393 description: The password for the neutron service and db account, used by neutron agents.
396 NeutronPublicInterface:
398 description: What interface to bridge onto br-ex for network nodes.
400 NeutronPublicInterfaceTag:
403 VLAN tag for creating a public VLAN. The tag will be used to
404 create an access port on the exterior bridge for each control plane node,
405 and that port will be given the IP address returned by neutron from the
406 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
407 overcloud.yaml to include the deployment of VLAN ports to the control
410 NeutronPublicInterfaceDefaultRoute:
412 description: A custom default route for the NeutronPublicInterface.
414 NeutronPublicInterfaceIP:
416 description: A custom IP address to put onto the NeutronPublicInterface.
418 NeutronPublicInterfaceRawDevice:
420 description: If set, the public interface is a vlan with this device as the raw device.
425 The tunnel types for the Neutron tenant network. To specify multiple
426 values, use a comma separated string, like so: 'gre,vxlan'
428 NeutronTunnelIdRanges:
430 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
431 of GRE tunnel IDs that are available for tenant network allocation
432 default: ["1:1000", ]
433 type: comma_delimited_list
436 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
437 of VXLAN VNI IDs that are available for tenant network allocation
438 default: ["1:1000", ]
439 type: comma_delimited_list
445 description: The password for the nova service and db account, used by nova-api.
450 description: Should MongoDb journaling be disabled
454 description: Comma-separated list of ntp servers
455 type: comma_delimited_list
458 description: The password for the 'pcsd' user.
460 PublicVirtualInterface:
463 Specifies the interface where the public-facing virtual ip will be assigned.
464 This should be int_public when a VLAN is being used.
468 default: '' # Has to be here because of the ignored empty value bug
471 default: '' # Has to be here because of the ignored empty value bug
475 description: The password for RabbitMQ
480 description: The username for RabbitMQ
485 Rabbit client subscriber parameter to specify
486 an SSL connection to the RabbitMQ host.
490 description: Set rabbit subscriber port, change this if using SSL
494 description: Configures RabbitMQ FD limit
498 default: '' # Has to be here because of the ignored empty value bug
499 SnmpdReadonlyUserName:
500 default: ro_snmp_user
501 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
503 SnmpdReadonlyUserPassword:
505 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
510 description: If set, the contents of an SSL certificate authority file.
514 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
519 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
524 description: A random string to be used as a salt when hashing to determine mappings
530 description: Value of mount_check in Swift account/container/object -server.conf
535 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
538 description: Partition Power to use when building Swift rings
542 description: The password for the swift service account, used by the swift proxy
552 description: How many replicas to use in the swift rings.
553 VirtualIP: # DEPRECATED: use per service settings instead
555 default: '' # Has to be here because of the ignored empty value bug
562 GlanceRegistryVirtualIP:
568 KeystoneAdminApiVirtualIP:
571 KeystonePublicApiVirtualIP:
577 EnablePackageInstall:
579 description: Set to true to enable package installation via Puppet
583 description: Mapping of service_name -> network name. Typically set
584 via parameter_defaults in the resource registry.
588 description: Mapping of service endpoint -> protocol. Typically set
589 via parameter_defaults in the resource registry.
595 Setting to a previously unused value during stack-update will trigger
596 package update on all nodes
599 default: '' # Defaults to Heat created hostname
604 type: OS::Nova::Server
606 image: {get_param: Image}
607 image_update_policy: {get_param: ImageUpdatePolicy}
608 flavor: {get_param: Flavor}
609 key_name: {get_param: KeyName}
612 user_data_format: SOFTWARE_CONFIG
613 user_data: {get_resource: UserData}
614 name: {get_param: Hostname}
616 # Combine the NodeAdminUserData and NodeUserData mime archives
618 type: OS::Heat::MultipartMime
621 - config: {get_resource: NodeAdminUserData}
623 - config: {get_resource: NodeUserData}
626 # Creates the "heat-admin" user if configured via the environment
627 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
629 type: OS::TripleO::NodeAdminUserData
631 # For optional operator additional userdata
632 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
634 type: OS::TripleO::NodeUserData
637 type: OS::TripleO::Controller::Ports::ExternalPort
639 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
642 type: OS::TripleO::Controller::Ports::InternalApiPort
644 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
647 type: OS::TripleO::Controller::Ports::StoragePort
649 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
652 type: OS::TripleO::Controller::Ports::StorageMgmtPort
654 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
657 type: OS::TripleO::Controller::Ports::TenantPort
659 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
662 type: OS::TripleO::Network::Ports::NetIpMap
664 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
665 ExternalIp: {get_attr: [ExternalPort, ip_address]}
666 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
667 StorageIp: {get_attr: [StoragePort, ip_address]}
668 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
669 TenantIp: {get_attr: [TenantPort, ip_address]}
672 type: OS::TripleO::Network::Ports::NetIpSubnetMap
674 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
675 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
676 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
677 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
678 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
679 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
682 type: OS::TripleO::Controller::Net::SoftwareConfig
684 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
685 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
686 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
687 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
688 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
689 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
692 type: OS::TripleO::SoftwareDeployment
694 config: {get_resource: NetworkConfig}
695 server: {get_resource: Controller}
698 interface_name: {get_param: NeutronPublicInterface}
700 ControllerDeployment:
701 type: OS::TripleO::SoftwareDeployment
702 depends_on: NetworkDeployment
704 config: {get_resource: ControllerConfig}
705 server: {get_resource: Controller}
707 bootstack_nodeid: {get_attr: [Controller, name]}
708 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
709 haproxy_log_address: {get_param: HAProxySyslogAddress}
710 heat.watch_server_url:
714 - {get_param: HeatApiVirtualIP}
716 heat.metadata_server_url:
720 - {get_param: HeatApiVirtualIP}
722 heat.waitcondition_server_url:
726 - {get_param: HeatApiVirtualIP}
727 - ':8000/v1/waitcondition'
728 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
729 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
730 horizon_secret: {get_param: HorizonSecret}
731 admin_email: {get_param: AdminEmail}
732 admin_password: {get_param: AdminPassword}
733 admin_token: {get_param: AdminToken}
734 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
735 debug: {get_param: Debug}
736 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
737 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
738 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
741 template: "['SERVERS']"
746 - {get_param: CinderNfsServers}
747 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
748 cinder_password: {get_param: CinderPassword}
749 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
750 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
751 cinder_backend_config: {get_param: CinderBackendConfig}
755 - - 'mysql://cinder:'
756 - {get_param: CinderPassword}
758 - {get_param: MysqlVirtualIP}
760 glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
761 glance_password: {get_param: GlancePassword}
762 glance_backend: {get_param: GlanceBackend}
763 glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
764 glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
765 glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
766 glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
767 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
768 glance_log_file: {get_param: GlanceLogFile}
772 - - 'mysql://glance:'
773 - {get_param: GlancePassword}
775 - {get_param: MysqlVirtualIP}
777 heat_password: {get_param: HeatPassword}
778 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
783 - {get_param: HeatPassword}
785 - {get_param: MysqlVirtualIP}
787 keystone_ca_certificate: {get_param: KeystoneCACertificate}
788 keystone_signing_key: {get_param: KeystoneSigningKey}
789 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
790 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
791 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
792 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
793 keystone_notification_format: {get_param: KeystoneNotificationFormat}
797 - - 'mysql://keystone:'
798 - {get_param: AdminToken}
800 - {get_param: MysqlVirtualIP}
802 keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
803 keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
804 keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
805 keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
806 keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
807 enable_fencing: {get_param: EnableFencing}
808 enable_galera: {get_param: EnableGalera}
809 enable_ceph_storage: {get_param: EnableCephStorage}
810 enable_swift_storage: {get_param: EnableSwiftStorage}
811 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
812 mysql_max_connections: {get_param: MysqlMaxConnections}
813 mysql_root_password: {get_param: MysqlRootPassword}
816 template: tripleo-CLUSTER
818 CLUSTER: {get_param: MysqlClusterUniquePart}
819 neutron_flat_networks: {get_param: NeutronFlatNetworks}
820 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
821 neutron_agent_mode: {get_param: NeutronAgentMode}
822 neutron_router_distributed: {get_param: NeutronDVR}
823 neutron_core_plugin: {get_param: NeutronCorePlugin}
824 neutron_service_plugins:
826 template: "['PLUGINS']"
831 - {get_param: NeutronServicePlugins}
832 neutron_type_drivers:
834 template: "['DRIVERS']"
839 - {get_param: NeutronTypeDrivers}
840 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
841 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
842 neutron_l3_ha: {get_param: NeutronL3HA}
843 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
844 neutron_network_vlan_ranges:
846 template: "['RANGES']"
851 - {get_param: NeutronNetworkVLANRanges}
852 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
853 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
854 neutron_public_interface: {get_param: NeutronPublicInterface}
855 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
856 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
857 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
858 neutron_tenant_network_type: {get_param: NeutronNetworkType}
859 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
860 neutron_tunnel_id_ranges:
862 template: "['RANGES']"
867 - {get_param: NeutronTunnelIdRanges}
870 template: "['RANGES']"
875 - {get_param: NeutronVniRanges}
876 neutron_password: {get_param: NeutronPassword}
877 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
881 - - 'mysql://neutron:'
882 - {get_param: NeutronPassword}
884 - {get_param: MysqlVirtualIP}
885 - '/ovs_neutron?charset=utf8'
886 neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
887 neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
888 neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
889 neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] }
890 ceilometer_backend: {get_param: CeilometerBackend}
891 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
892 ceilometer_password: {get_param: CeilometerPassword}
893 ceilometer_coordination_url:
897 - {get_param: RedisVirtualIP}
902 - - 'mysql://ceilometer:'
903 - {get_param: CeilometerPassword}
905 - {get_param: MysqlVirtualIP}
907 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
908 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
909 nova_password: {get_param: NovaPassword}
914 - {get_param: NovaPassword}
916 - {get_param: MysqlVirtualIP}
918 fencing_config: {get_param: FencingConfig}
919 pcsd_password: {get_param: PcsdPassword}
920 rabbit_username: {get_param: RabbitUserName}
921 rabbit_password: {get_param: RabbitPassword}
922 rabbit_cookie: {get_param: RabbitCookie}
923 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
924 rabbit_client_port: {get_param: RabbitClientPort}
925 mongodb_no_journal: {get_param: MongoDbNoJournal}
926 # We need to force this into quotes or hiera will return integer causing
927 # the puppet module validation regexp to fail.
928 # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
933 LIMIT: {get_param: RabbitFDLimit}
934 ntp_servers: {get_param: NtpServer}
935 control_virtual_interface: {get_param: ControlVirtualInterface}
936 public_virtual_interface: {get_param: PublicVirtualInterface}
937 swift_hash_suffix: {get_param: SwiftHashSuffix}
938 swift_password: {get_param: SwiftPassword}
939 swift_part_power: {get_param: SwiftPartPower}
940 swift_replicas: {get_param: SwiftReplicas}
941 swift_min_part_hours: {get_param: SwiftMinPartHours}
942 swift_mount_check: {get_param: SwiftMountCheck}
943 enable_package_install: {get_param: EnablePackageInstall}
944 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
945 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
946 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
947 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
948 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
949 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
950 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
951 glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
952 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
953 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
954 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
955 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
956 keystone_region: {get_param: KeystoneRegion}
957 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
958 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
959 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
960 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
961 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
962 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
963 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
964 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
965 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
966 redis_vip: {get_param: RedisVirtualIP}
967 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
968 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
969 mysql_virtual_ip: {get_param: MysqlVirtualIP}
970 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
971 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
972 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
974 # Map heat metadata into hiera datafiles
976 type: OS::Heat::StructuredConfig
978 group: os-apply-config
983 - heat_config_%{::deploy_config_name}
984 - controller_extraconfig
989 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
990 - ceph_cluster # provided by CephClusterConfig
992 - bootstrap_node # provided by BootstrapNodeConfig
993 - all_nodes # provided by allNodesConfig
994 - vip_data # provided by vip-config
997 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
998 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
999 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
1000 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
1002 controller_extraconfig:
1003 mapped_data: {get_param: ControllerExtraConfig}
1005 mapped_data: {get_param: ExtraConfig}
1007 raw_data: {get_file: hieradata/common.yaml}
1009 raw_data: {get_file: hieradata/ceph.yaml}
1011 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
1012 ceph::profile::params::public_network: {get_input: ceph_public_network}
1013 ceph::mon::public_addr: {get_input: ceph_public_ip}
1015 raw_data: {get_file: hieradata/database.yaml}
1017 raw_data: {get_file: hieradata/object.yaml}
1019 raw_data: {get_file: hieradata/controller.yaml}
1020 mapped_data: # data supplied directly to this deployment configuration, etc
1021 bootstack_nodeid: {get_input: bootstack_nodeid}
1024 enable_fencing: {get_input: enable_fencing}
1025 hacluster_pwd: {get_input: pcsd_password}
1026 tripleo::fencing::config: {get_input: fencing_config}
1029 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
1030 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
1031 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
1032 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
1033 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
1034 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1035 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1036 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1037 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1038 swift_mount_check: {get_input: swift_mount_check}
1040 # NOTE(dprince): build_ring support is currently not wired in.
1041 # See: https://review.openstack.org/#/c/109225/
1042 tripleo::ringbuilder::build_ring: True
1045 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1046 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1047 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1048 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1049 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1050 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1051 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1052 cinder::database_connection: {get_input: cinder_dsn}
1053 cinder::api::keystone_password: {get_input: cinder_password}
1054 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1055 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1056 cinder::api::bind_host: {get_input: cinder_api_network}
1057 cinder::rabbit_userid: {get_input: rabbit_username}
1058 cinder::rabbit_password: {get_input: rabbit_password}
1059 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1060 cinder::rabbit_port: {get_input: rabbit_client_port}
1061 cinder::debug: {get_input: debug}
1062 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1063 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1064 cinder_backend_config: {get_input: CinderBackendConfig}
1065 cinder::db::mysql::password: {get_input: cinder_password}
1068 glance::api::bind_port: {get_input: glance_port}
1069 glance::api::bind_host: {get_input: glance_api_network}
1070 glance::api::auth_uri: {get_input: keystone_auth_uri}
1071 glance::api::identity_uri: {get_input: keystone_identity_uri}
1072 glance::api::registry_host: {get_input: glance_registry_host}
1073 glance::api::keystone_password: {get_input: glance_password}
1074 glance::api::debug: {get_input: debug}
1075 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1076 glance_log_file: {get_input: glance_log_file}
1077 glance_log_file: {get_input: glance_log_file}
1078 glance::api::database_connection: {get_input: glance_dsn}
1079 glance::registry::keystone_password: {get_input: glance_password}
1080 glance::registry::database_connection: {get_input: glance_dsn}
1081 glance::registry::bind_host: {get_input: glance_registry_network}
1082 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1083 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1084 glance::registry::debug: {get_input: debug}
1085 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
1086 glance::backend::swift::swift_store_user: service:glance
1087 glance::backend::swift::swift_store_key: {get_input: glance_password}
1088 glance_backend: {get_input: glance_backend}
1089 glance::db::mysql::password: {get_input: glance_password}
1090 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
1091 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
1092 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
1093 glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
1096 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1097 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1098 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1099 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1100 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1101 heat::rabbit_userid: {get_input: rabbit_username}
1102 heat::rabbit_password: {get_input: rabbit_password}
1103 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1104 heat::rabbit_port: {get_input: rabbit_client_port}
1105 heat::auth_uri: {get_input: keystone_auth_uri}
1106 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1107 heat::identity_uri: {get_input: keystone_identity_uri}
1108 heat::keystone_password: {get_input: heat_password}
1109 heat::api::bind_host: {get_input: heat_api_network}
1110 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1111 heat::api_cfn::bind_host: {get_input: heat_api_network}
1112 heat::database_connection: {get_input: heat_dsn}
1113 heat::debug: {get_input: debug}
1114 heat::db::mysql::password: {get_input: heat_password}
1117 keystone::admin_token: {get_input: admin_token}
1118 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1119 keystone_signing_key: {get_input: keystone_signing_key}
1120 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1121 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1122 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1123 keystone::database_connection: {get_input: keystone_dsn}
1124 keystone::public_bind_host: {get_input: keystone_public_api_network}
1125 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1126 keystone::debug: {get_input: debug}
1127 keystone::db::mysql::password: {get_input: admin_token}
1128 keystone::rabbit_userid: {get_input: rabbit_username}
1129 keystone::rabbit_password: {get_input: rabbit_password}
1130 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1131 keystone::rabbit_port: {get_input: rabbit_client_port}
1132 keystone::notification_driver: {get_input: keystone_notification_driver}
1133 keystone::notification_format: {get_input: keystone_notification_format}
1134 keystone::roles::admin::email: {get_input: admin_email}
1135 keystone::roles::admin::password: {get_input: admin_password}
1136 keystone::endpoint::public_url: {get_input: keystone_public_url}
1137 keystone::endpoint::internal_url: {get_input: keystone_internal_url}
1138 keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
1139 keystone::endpoint::region: {get_input: keystone_region}
1141 mongodb::server::bind_ip: {get_input: mongo_db_network}
1142 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1144 admin_password: {get_input: admin_password}
1145 enable_galera: {get_input: enable_galera}
1146 enable_ceph_storage: {get_input: enable_ceph_storage}
1147 enable_swift_storage: {get_input: enable_swift_storage}
1148 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1149 mysql_max_connections: {get_input: mysql_max_connections}
1150 mysql::server::root_password: {get_input: mysql_root_password}
1151 mysql_cluster_name: {get_input: mysql_cluster_name}
1152 mysql_bind_host: {get_input: mysql_network}
1153 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1156 neutron::bind_host: {get_input: neutron_api_network}
1157 neutron::rabbit_password: {get_input: rabbit_password}
1158 neutron::rabbit_user: {get_input: rabbit_username}
1159 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1160 neutron::rabbit_port: {get_input: rabbit_client_port}
1161 neutron::debug: {get_input: debug}
1162 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1163 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1164 neutron::server::database_connection: {get_input: neutron_dsn}
1165 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1166 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1167 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1168 neutron_flat_networks: {get_input: neutron_flat_networks}
1169 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1170 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1171 neutron_agent_mode: {get_input: neutron_agent_mode}
1172 neutron_router_distributed: {get_input: neutron_router_distributed}
1173 neutron::core_plugin: {get_input: neutron_core_plugin}
1174 neutron::service_plugins: {get_input: neutron_service_plugins}
1175 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1176 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1177 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1178 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1179 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1180 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1181 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1182 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1183 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1184 neutron_public_interface: {get_input: neutron_public_interface}
1185 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1186 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1187 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1188 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1189 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1190 neutron::server::auth_password: {get_input: neutron_password}
1191 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1192 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1193 neutron_dsn: {get_input: neutron_dsn}
1194 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1195 neutron::db::mysql::password: {get_input: neutron_password}
1198 ceilometer_backend: {get_input: ceilometer_backend}
1199 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1200 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1201 ceilometer::rabbit_userid: {get_input: rabbit_username}
1202 ceilometer::rabbit_password: {get_input: rabbit_password}
1203 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1204 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1205 ceilometer::debug: {get_input: debug}
1206 ceilometer::api::host: {get_input: ceilometer_api_network}
1207 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1208 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1209 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1210 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1211 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
1212 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1213 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1214 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1215 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1218 nova::rabbit_userid: {get_input: rabbit_username}
1219 nova::rabbit_password: {get_input: rabbit_password}
1220 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1221 nova::rabbit_port: {get_input: rabbit_client_port}
1222 nova::debug: {get_input: debug}
1223 nova::api::auth_uri: {get_input: keystone_auth_uri}
1224 nova::api::identity_uri: {get_input: keystone_identity_uri}
1225 nova::api::api_bind_address: {get_input: nova_api_network}
1226 nova::api::metadata_listen: {get_input: nova_metadata_network}
1227 nova::api::admin_password: {get_input: nova_password}
1228 nova::database_connection: {get_input: nova_dsn}
1229 nova::glance_api_servers: {get_input: glance_api_servers}
1230 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1231 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1232 nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
1233 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1234 nova::vncproxy::host: {get_input: nova_api_network}
1235 nova::db::mysql::password: {get_input: nova_password}
1238 apache::ip: {get_input: horizon_network}
1239 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1240 horizon::django_debug: {get_input: debug}
1241 horizon::secret_key: {get_input: horizon_secret}
1242 horizon::bind_address: {get_input: horizon_network}
1243 horizon::keystone_url: {get_input: keystone_auth_uri}
1246 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1247 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1248 rabbitmq::file_limit: {get_input: rabbit_fd_limit}
1249 rabbitmq::default_user: {get_input: rabbit_username}
1250 rabbitmq::default_pass: {get_input: rabbit_password}
1252 redis::bind: {get_input: redis_network}
1253 redis_vip: {get_input: redis_vip}
1255 memcached::listen_ip: {get_input: memcached_network}
1256 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1257 ntp::servers: {get_input: ntp_servers}
1258 control_virtual_interface: {get_input: control_virtual_interface}
1259 public_virtual_interface: {get_input: public_virtual_interface}
1260 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1261 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1262 tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
1263 tripleo::packages::enable_install: {get_input: enable_package_install}
1264 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1266 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1267 ControllerExtraConfigPre:
1268 depends_on: ControllerDeployment
1269 type: OS::TripleO::ControllerExtraConfigPre
1271 server: {get_resource: Controller}
1273 # Hook for site-specific additional pre-deployment config,
1274 # applying to all nodes, e.g node registration/unregistration
1276 depends_on: ControllerExtraConfigPre
1277 type: OS::TripleO::NodeExtraConfig
1279 server: {get_resource: Controller}
1282 type: OS::TripleO::Tasks::PackageUpdate
1285 type: OS::Heat::SoftwareDeployment
1287 config: {get_resource: UpdateConfig}
1288 server: {get_resource: Controller}
1291 get_param: UpdateIdentifier
1295 description: IP address of the server in the ctlplane network
1296 value: {get_attr: [Controller, networks, ctlplane, 0]}
1297 external_ip_address:
1298 description: IP address of the server in the external network
1299 value: {get_attr: [ExternalPort, ip_address]}
1300 internal_api_ip_address:
1301 description: IP address of the server in the internal_api network
1302 value: {get_attr: [InternalApiPort, ip_address]}
1304 description: IP address of the server in the storage network
1305 value: {get_attr: [StoragePort, ip_address]}
1306 storage_mgmt_ip_address:
1307 description: IP address of the server in the storage_mgmt network
1308 value: {get_attr: [StorageMgmtPort, ip_address]}
1310 description: IP address of the server in the tenant network
1311 value: {get_attr: [TenantPort, ip_address]}
1313 description: Hostname of the server
1314 value: {get_attr: [Controller, name]}
1317 Node object in the format {ip: ..., name: ...} format that the corosync
1320 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1321 name: {get_attr: [Controller, name]}
1324 Server's IP address and hostname in the /etc/hosts format
1327 template: IP HOST.localdomain HOST CLOUDNAME
1329 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1330 HOST: {get_attr: [Controller, name]}
1331 CLOUDNAME: {get_param: CloudName}
1332 nova_server_resource:
1333 description: Heat resource handle for the Nova compute server
1335 {get_resource: Controller}
1337 description: Swift device formatted for swift-ring-builder
1340 template: 'r1z1-IP:%PORT%/d1'
1342 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1343 swift_proxy_memcache:
1344 description: Swift proxy-memcache value
1347 template: "IP:11211"
1349 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1351 description: identifier which changes if the controller configuration may need re-applying
1355 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1356 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1357 - {get_param: UpdateIdentifier}