1 heat_template_version: 2015-04-30
4 OpenStack controller node configured by Puppet.
9 description: The password for the keystone admin account, used for monitoring, querying neutron etc.
14 description: The keystone auth secret and db password.
19 description: The ceilometer backend type.
21 CeilometerMeteringSecret:
23 description: Secret shared by the ceilometer services.
28 description: The password for the ceilometer service and db account.
31 CinderEnableNfsBackend:
33 description: Whether to enable or not the NFS backend for Cinder
35 CinderEnableIscsiBackend:
37 description: Whether to enable or not the Iscsi backend for Cinder
39 CinderEnableRbdBackend:
41 description: Whether to enable or not the Rbd backend for Cinder
45 description: The iSCSI helper to use with cinder.
47 CinderLVMLoopDeviceSize:
49 description: The size of the loopback file used by the cinder LVM driver.
51 CinderNfsMountOptions:
54 Mount options for NFS mounts used by Cinder NFS backend. Effective
55 when CinderEnableNfsBackend is true.
60 NFS servers used by Cinder NFS backend. Effective when
61 CinderEnableNfsBackend is true.
62 type: comma_delimited_list
65 description: The password for the cinder service and db account, used by cinder-api.
70 description: Contains parameters to configure Cinder backends. Typically
71 set via parameter_defaults in the resource registry.
75 description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
77 ControllerExtraConfig:
80 Controller specific hiera configuration data to inject into the cluster.
82 ControlVirtualInterface:
84 description: Interface where virtual ip will be assigned.
88 description: Set to True to enable debugging on all services.
92 description: Whether to enable fencing in Pacemaker or not.
96 description: Whether to use Galera instead of regular MariaDB.
100 description: Whether to deploy Ceph Storage (OSD) on the Controller
104 description: Whether to enable Swift Storage on the Controller
109 Additional hieradata to inject into the cluster, note that
110 ControllerExtraConfig takes precedence over ExtraConfig.
115 Pacemaker fencing configuration. The JSON should have
116 the following structure:
120 "agent": "AGENT_NAME",
121 "host_mac": "HOST_MAC_ADDRESS",
122 "params": {"PARAM_NAME": "PARAM_VALUE"}
130 "agent": "fence_xvm",
131 "host_mac": "52:54:00:aa:bb:cc",
133 "multicast_address": "225.0.0.12",
134 "port": "baremetal_0",
136 "manage_key_file": true,
137 "key_file": "/etc/fence_xvm.key",
138 "key_file_password": "abcdef"
145 description: Flavor for control nodes to request when deploying.
148 - custom_constraint: nova.flavor
149 GlanceNotifierStrategy:
150 description: Strategy to use for Glance notification queue
154 description: The filepath of the file to use for logging messages from Glance.
159 description: The password for the glance service and db account, used by the glance services.
164 description: Glance port.
168 description: Protocol to use when connecting to glance, set to https for SSL.
172 description: The short name of the Glance backend to use. Should be one
173 of swift, rbd, or file
176 - allowed_values: ['swift', 'file', 'rbd']
179 description: The password for the Heat service and db account, used by the Heat services.
182 HeatStackDomainAdminPassword:
183 description: Password for heat_domain_admin user.
187 HeatAuthEncryptionKey:
188 description: Auth encryption key for heat-engine
193 description: A list of IP/Hostname allowed to connect to horizon
194 type: comma_delimited_list
196 description: Secret key for Django
201 default: overcloud-control
203 - custom_constraint: glance.image
205 default: 'REBUILD_PRESERVE_EPHEMERAL'
206 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
210 description: Name of an existing EC2 KeyPair to enable SSH access to the instances
213 - custom_constraint: nova.keypair
214 KeystoneCACertificate:
216 description: Keystone self-signed certificate authority certificate.
218 KeystoneSigningCertificate:
220 description: Keystone certificate for verifying token validity.
224 description: Keystone key for signing tokens.
227 KeystoneSSLCertificate:
229 description: Keystone certificate for verifying token validity.
231 KeystoneSSLCertificateKey:
233 description: Keystone key for signing tokens.
236 KeystoneNotificationDriver:
237 description: Comma-separated list of Oslo notification drivers used by Keystone
238 default: ['messaging']
239 type: comma_delimited_list
240 KeystoneNotificationFormat:
241 description: The Keystone notification format
245 - allowed_values: [ 'basic', 'cadf' ]
246 MysqlClusterUniquePart:
247 description: A unique identifier of the MySQL cluster the controller is in.
249 default: 'unset' # Has to be here because of the ignored empty value bug
250 # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
252 # - length: {min: 4, max: 10}
253 MysqlInnodbBufferPoolSize:
255 Specifies the size of the buffer pool in megabytes. Setting to
256 zero should be interpreted as "no value" and will defer to the
261 description: Configures MySQL max_connections config setting
267 default: '' # Has to be here because of the ignored empty value bug
268 NeutronExternalNetworkBridge:
269 description: Name of bridge used for external network traffic.
272 NeutronBridgeMappings:
274 The OVS logical->physical bridge mappings to use. See the Neutron
275 documentation for details. Defaults to mapping br-ex - the external
276 bridge on hosts - to a physical name 'datacentre' which can be used
277 to create provider networks (and we use this for the default floating
278 network) - if changing this either use different post-install network
279 scripts or be sure to keep 'datacentre' as a mapping network name.
281 default: "datacentre:br-ex"
282 NeutronDnsmasqOptions:
283 default: 'dhcp-option-force=26,1400'
284 description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
288 description: Agent mode for the neutron-l3-agent on the controller hosts
292 description: Whether to enable l3-agent HA
294 NeutronDhcpAgentsPerNetwork:
297 description: The number of neutron dhcp agents to schedule per network
300 description: Whether to configure Neutron Distributed Virtual Routers
302 NeutronMetadataProxySharedSecret:
304 description: Shared secret to prevent spoofing
310 The core plugin for Neutron. The value should be the entrypoint to be loaded
311 from neutron.core_plugins namespace.
313 NeutronServicePlugins:
316 Comma-separated list of service plugin entrypoints to be loaded from the
317 neutron.service_plugins namespace.
318 type: comma_delimited_list
320 default: "vxlan,vlan,flat,gre"
322 Comma-separated list of network type driver entrypoints to be loaded.
323 type: comma_delimited_list
324 NeutronMechanismDrivers:
325 default: 'openvswitch'
327 The mechanism drivers for the Neutron tenant network. To specify multiple
328 values, use a comma separated string, like so: 'openvswitch,l2_population'
330 NeutronAllowL3AgentFailover:
332 description: Allow automatic l3-agent failover
334 NeutronEnableTunnelling:
339 default: 'datacentre'
340 description: If set, flat networks to configure in neutron plugins.
343 description: Whether to enable l3-agent HA
347 description: The tenant network type for Neutron, either gre or vxlan.
349 NeutronNetworkVLANRanges:
350 default: 'datacentre'
352 The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
353 Neutron documentation for permitted values. Defaults to permitting any
354 VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
355 type: comma_delimited_list
358 description: The password for the neutron service and db account, used by neutron agents.
361 NeutronPublicInterface:
363 description: What interface to bridge onto br-ex for network nodes.
365 NeutronPublicInterfaceTag:
368 VLAN tag for creating a public VLAN. The tag will be used to
369 create an access port on the exterior bridge for each control plane node,
370 and that port will be given the IP address returned by neutron from the
371 public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
372 overcloud.yaml to include the deployment of VLAN ports to the control
375 NeutronPublicInterfaceDefaultRoute:
377 description: A custom default route for the NeutronPublicInterface.
379 NeutronPublicInterfaceIP:
381 description: A custom IP address to put onto the NeutronPublicInterface.
383 NeutronPublicInterfaceRawDevice:
385 description: If set, the public interface is a vlan with this device as the raw device.
390 The tunnel types for the Neutron tenant network. To specify multiple
391 values, use a comma separated string, like so: 'gre,vxlan'
393 NeutronTunnelIdRanges:
395 Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
396 of GRE tunnel IDs that are available for tenant network allocation
397 default: ["1:1000", ]
398 type: comma_delimited_list
401 Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
402 of VXLAN VNI IDs that are available for tenant network allocation
403 default: ["1:1000", ]
404 type: comma_delimited_list
407 description: The password for the nova service and db account, used by nova-api.
412 description: Should MongoDb journaling be disabled
419 description: The password for the 'pcsd' user.
421 PublicVirtualInterface:
424 Specifies the interface where the public-facing virtual ip will be assigned.
425 This should be int_public when a VLAN is being used.
427 PublicVirtualIP: # DEPRECATED: use per service settings instead
429 default: '' # Has to be here because of the ignored empty value bug
432 default: '' # Has to be here because of the ignored empty value bug
436 description: The password for RabbitMQ
441 description: The username for RabbitMQ
446 Rabbit client subscriber parameter to specify
447 an SSL connection to the RabbitMQ host.
451 description: Set rabbit subscriber port, change this if using SSL
455 default: '' # Has to be here because of the ignored empty value bug
456 SnmpdReadonlyUserName:
457 default: ro_snmp_user
458 description: The user name for SNMPd with readonly rights running on all Overcloud nodes
460 SnmpdReadonlyUserPassword:
462 description: The user password for SNMPd with readonly rights running on all Overcloud nodes
467 description: If set, the contents of an SSL certificate authority file.
471 description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
476 description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
481 description: A random string to be used as a salt when hashing to determine mappings
487 description: Value of mount_check in Swift account/container/object -server.conf
492 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
495 description: Partition Power to use when building Swift rings
499 description: The password for the swift service account, used by the swift proxy
506 description: How many replicas to use in the swift rings.
507 VirtualIP: # DEPRECATED: use per service settings instead
509 default: '' # Has to be here because of the ignored empty value bug
516 GlanceRegistryVirtualIP:
522 KeystoneAdminApiVirtualIP:
525 KeystonePublicApiVirtualIP:
531 EnablePackageInstall:
533 description: Set to true to enable package installation via Puppet
537 description: Mapping of service_name -> network name. Typically set
538 via parameter_defaults in the resource registry.
544 Setting to a previously unused value during stack-update will trigger
545 package update on all nodes
548 default: '' # Defaults to Heat created hostname
553 type: OS::Nova::Server
555 image: {get_param: Image}
556 image_update_policy: {get_param: ImageUpdatePolicy}
557 flavor: {get_param: Flavor}
558 key_name: {get_param: KeyName}
561 user_data_format: SOFTWARE_CONFIG
562 user_data: {get_resource: UserData}
563 name: {get_param: Hostname}
565 # Combine the NodeAdminUserData and NodeUserData mime archives
567 type: OS::Heat::MultipartMime
570 - config: {get_resource: NodeAdminUserData}
572 - config: {get_resource: NodeUserData}
575 # Creates the "heat-admin" user if configured via the environment
576 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
578 type: OS::TripleO::NodeAdminUserData
580 # For optional operator additional userdata
581 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
583 type: OS::TripleO::NodeUserData
586 type: OS::TripleO::Controller::Ports::ExternalPort
588 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
591 type: OS::TripleO::Controller::Ports::InternalApiPort
593 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
596 type: OS::TripleO::Controller::Ports::StoragePort
598 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
601 type: OS::TripleO::Controller::Ports::StorageMgmtPort
603 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
606 type: OS::TripleO::Controller::Ports::TenantPort
608 ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
611 type: OS::TripleO::Network::Ports::NetIpMap
613 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
614 ExternalIp: {get_attr: [ExternalPort, ip_address]}
615 InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
616 StorageIp: {get_attr: [StoragePort, ip_address]}
617 StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
618 TenantIp: {get_attr: [TenantPort, ip_address]}
621 type: OS::TripleO::Network::Ports::NetIpSubnetMap
623 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
624 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
625 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
626 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
627 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
628 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
631 type: OS::TripleO::Controller::Net::SoftwareConfig
633 ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
634 ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
635 InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
636 StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
637 StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
638 TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
641 type: OS::TripleO::SoftwareDeployment
643 config: {get_resource: NetworkConfig}
644 server: {get_resource: Controller}
647 interface_name: {get_param: NeutronPublicInterface}
649 ControllerDeployment:
650 type: OS::TripleO::SoftwareDeployment
651 depends_on: NetworkDeployment
653 config: {get_resource: ControllerConfig}
654 server: {get_resource: Controller}
656 bootstack_nodeid: {get_attr: [Controller, name]}
657 neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
658 heat.watch_server_url:
662 - {get_param: HeatApiVirtualIP}
664 heat.metadata_server_url:
668 - {get_param: HeatApiVirtualIP}
670 heat.waitcondition_server_url:
674 - {get_param: HeatApiVirtualIP}
675 - ':8000/v1/waitcondition'
676 heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
677 horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
678 horizon_secret: {get_param: HorizonSecret}
679 admin_password: {get_param: AdminPassword}
680 admin_token: {get_param: AdminToken}
681 neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
682 debug: {get_param: Debug}
683 cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
684 cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
685 cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
688 template: "['SERVERS']"
693 - {get_param: CinderNfsServers}
694 cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
695 cinder_password: {get_param: CinderPassword}
696 cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
697 cinder_iscsi_helper: {get_param: CinderISCSIHelper}
698 cinder_backend_config: {get_param: CinderBackendConfig}
702 - - 'mysql://cinder:'
703 - {get_param: CinderPassword}
705 - {get_param: MysqlVirtualIP}
707 glance_port: {get_param: GlancePort}
708 glance_password: {get_param: GlancePassword}
709 glance_backend: {get_param: GlanceBackend}
710 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
711 glance_log_file: {get_param: GlanceLogFile}
715 - - 'mysql://glance:'
716 - {get_param: GlancePassword}
718 - {get_param: MysqlVirtualIP}
720 heat_password: {get_param: HeatPassword}
721 heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
726 - {get_param: HeatPassword}
728 - {get_param: MysqlVirtualIP}
730 keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
731 keystone_ca_certificate: {get_param: KeystoneCACertificate}
732 keystone_signing_key: {get_param: KeystoneSigningKey}
733 keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
734 keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
735 keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
736 keystone_notification_driver: {get_param: KeystoneNotificationDriver}
737 keystone_notification_format: {get_param: KeystoneNotificationFormat}
741 - - 'mysql://keystone:'
742 - {get_param: AdminToken}
744 - {get_param: MysqlVirtualIP}
746 keystone_identity_uri:
750 - {get_param: KeystoneAdminApiVirtualIP}
756 - {get_param: KeystonePublicApiVirtualIP}
762 - {get_param: KeystonePublicApiVirtualIP}
763 - ':5000/v2.0/ec2tokens'
764 enable_fencing: {get_param: EnableFencing}
765 enable_galera: {get_param: EnableGalera}
766 enable_ceph_storage: {get_param: EnableCephStorage}
767 enable_swift_storage: {get_param: EnableSwiftStorage}
768 mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
769 mysql_max_connections: {get_param: MysqlMaxConnections}
770 mysql_root_password: {get_param: MysqlRootPassword}
773 template: tripleo-CLUSTER
775 CLUSTER: {get_param: MysqlClusterUniquePart}
776 neutron_flat_networks: {get_param: NeutronFlatNetworks}
777 neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
778 neutron_agent_mode: {get_param: NeutronAgentMode}
779 neutron_router_distributed: {get_param: NeutronDVR}
780 neutron_core_plugin: {get_param: NeutronCorePlugin}
781 neutron_service_plugins:
783 template: "['PLUGINS']"
788 - {get_param: NeutronServicePlugins}
789 neutron_type_drivers:
791 template: "['DRIVERS']"
796 - {get_param: NeutronTypeDrivers}
797 neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
798 neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
799 neutron_l3_ha: {get_param: NeutronL3HA}
800 neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
801 neutron_network_vlan_ranges:
803 template: "['RANGES']"
808 - {get_param: NeutronNetworkVLANRanges}
809 neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
810 neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
811 neutron_public_interface: {get_param: NeutronPublicInterface}
812 neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
813 neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
814 neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
815 neutron_tenant_network_type: {get_param: NeutronNetworkType}
816 neutron_tunnel_types: {get_param: NeutronTunnelTypes}
817 neutron_tunnel_id_ranges:
819 template: "['RANGES']"
824 - {get_param: NeutronTunnelIdRanges}
827 template: "['RANGES']"
832 - {get_param: NeutronVniRanges}
833 neutron_password: {get_param: NeutronPassword}
834 neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
838 - - 'mysql://neutron:'
839 - {get_param: NeutronPassword}
841 - {get_param: MysqlVirtualIP}
842 - '/ovs_neutron?charset=utf8'
847 - {get_param: NeutronApiVirtualIP}
849 neutron_admin_auth_url:
853 - {get_param: KeystoneAdminApiVirtualIP}
855 ceilometer_backend: {get_param: CeilometerBackend}
856 ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
857 ceilometer_password: {get_param: CeilometerPassword}
858 ceilometer_coordination_url:
862 - {get_param: RedisVirtualIP}
867 - - 'mysql://ceilometer:unset@'
868 - {get_param: MysqlVirtualIP}
870 snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
871 snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
872 nova_password: {get_param: NovaPassword}
877 - {get_param: NovaPassword}
879 - {get_param: MysqlVirtualIP}
881 fencing_config: {get_param: FencingConfig}
882 pcsd_password: {get_param: PcsdPassword}
883 rabbit_username: {get_param: RabbitUserName}
884 rabbit_password: {get_param: RabbitPassword}
885 rabbit_cookie: {get_param: RabbitCookie}
886 rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
887 rabbit_client_port: {get_param: RabbitClientPort}
888 mongodb_no_journal: {get_param: MongoDbNoJournal}
891 template: '["server"]'
893 server: {get_param: NtpServer}
894 control_virtual_interface: {get_param: ControlVirtualInterface}
895 public_virtual_interface: {get_param: PublicVirtualInterface}
896 swift_hash_suffix: {get_param: SwiftHashSuffix}
897 swift_password: {get_param: SwiftPassword}
898 swift_part_power: {get_param: SwiftPartPower}
899 swift_replicas: {get_param: SwiftReplicas}
900 swift_min_part_hours: {get_param: SwiftMinPartHours}
901 swift_mount_check: {get_param: SwiftMountCheck}
902 enable_package_install: {get_param: EnablePackageInstall}
903 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
904 swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
905 swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
906 cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
907 cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
908 glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
909 glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
913 - - {get_param: GlanceProtocol}
915 - {get_param: GlanceApiVirtualIP}
917 - {get_param: GlancePort}
918 glance_registry_host: {get_param: GlanceRegistryVirtualIP}
919 heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
920 keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
921 keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
922 mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
923 neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
924 neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
925 ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
926 nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
927 nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
928 horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
929 rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
930 redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
931 redis_vip: {get_param: RedisVirtualIP}
932 memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
933 mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
934 mysql_virtual_ip: {get_param: MysqlVirtualIP}
935 ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
936 ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
937 ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
939 # Map heat metadata into hiera datafiles
941 type: OS::Heat::StructuredConfig
943 group: os-apply-config
948 - heat_config_%{::deploy_config_name}
949 - controller_extraconfig
954 - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
955 - ceph_cluster # provided by CephClusterConfig
957 - bootstrap_node # provided by BootstrapNodeConfig
958 - all_nodes # provided by allNodesConfig
959 - vip_data # provided by vip-config
962 - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
963 - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
964 - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
965 - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
967 controller_extraconfig:
968 mapped_data: {get_param: ControllerExtraConfig}
970 mapped_data: {get_param: ExtraConfig}
972 raw_data: {get_file: hieradata/common.yaml}
974 raw_data: {get_file: hieradata/ceph.yaml}
976 ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
977 ceph::profile::params::public_network: {get_input: ceph_public_network}
978 ceph::mon::public_addr: {get_input: ceph_public_ip}
980 raw_data: {get_file: hieradata/database.yaml}
982 raw_data: {get_file: hieradata/object.yaml}
984 raw_data: {get_file: hieradata/controller.yaml}
985 mapped_data: # data supplied directly to this deployment configuration, etc
986 bootstack_nodeid: {get_input: bootstack_nodeid}
989 enable_fencing: {get_input: enable_fencing}
990 hacluster_pwd: {get_input: pcsd_password}
991 tripleo::fencing::config: {get_input: fencing_config}
994 swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
995 swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
996 swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
997 swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
998 swift::swift_hash_suffix: {get_input: swift_hash_suffix}
999 swift::proxy::authtoken::admin_password: {get_input: swift_password}
1000 tripleo::ringbuilder::part_power: {get_input: swift_part_power}
1001 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
1002 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
1003 swift_mount_check: {get_input: swift_mount_check}
1005 # NOTE(dprince): build_ring support is currently not wired in.
1006 # See: https://review.openstack.org/#/c/109225/
1007 tripleo::ringbuilder::build_ring: True
1010 cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
1011 cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
1012 cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options}
1013 cinder_nfs_servers: {get_input: cinder_nfs_servers}
1014 cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
1015 cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
1016 cinder_iscsi_ip_address: {get_input: cinder_iscsi_network}
1017 cinder::database_connection: {get_input: cinder_dsn}
1018 cinder::api::keystone_password: {get_input: cinder_password}
1019 cinder::api::auth_uri: {get_input: keystone_auth_uri}
1020 cinder::api::identity_uri: {get_input: keystone_identity_uri}
1021 cinder::api::bind_host: {get_input: cinder_api_network}
1022 cinder::rabbit_userid: {get_input: rabbit_username}
1023 cinder::rabbit_password: {get_input: rabbit_password}
1024 cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1025 cinder::rabbit_port: {get_input: rabbit_client_port}
1026 cinder::debug: {get_input: debug}
1027 cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
1028 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
1029 cinder_backend_config: {get_input: CinderBackendConfig}
1030 cinder::db::mysql::password: {get_input: cinder_password}
1033 glance::api::bind_port: {get_input: glance_port}
1034 glance::api::bind_host: {get_input: glance_api_network}
1035 glance::api::auth_uri: {get_input: keystone_auth_uri}
1036 glance::api::identity_uri: {get_input: keystone_identity_uri}
1037 glance::api::registry_host: {get_input: glance_registry_host}
1038 glance::api::keystone_password: {get_input: glance_password}
1039 glance::api::debug: {get_input: debug}
1040 glance_notifier_strategy: {get_input: glance_notifier_strategy}
1041 glance_log_file: {get_input: glance_log_file}
1042 glance_log_file: {get_input: glance_log_file}
1043 glance::api::database_connection: {get_input: glance_dsn}
1044 glance::registry::keystone_password: {get_input: glance_password}
1045 glance::registry::database_connection: {get_input: glance_dsn}
1046 glance::registry::bind_host: {get_input: glance_registry_network}
1047 glance::registry::auth_uri: {get_input: keystone_auth_uri}
1048 glance::registry::identity_uri: {get_input: keystone_identity_uri}
1049 glance::registry::debug: {get_input: debug}
1050 glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
1051 glance::backend::swift::swift_store_user: service:glance
1052 glance::backend::swift::swift_store_key: {get_input: glance_password}
1053 glance_backend: {get_input: glance_backend}
1054 glance::db::mysql::password: {get_input: glance_password}
1057 heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
1058 heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
1059 heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
1060 heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
1061 heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
1062 heat::rabbit_userid: {get_input: rabbit_username}
1063 heat::rabbit_password: {get_input: rabbit_password}
1064 heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1065 heat::rabbit_port: {get_input: rabbit_client_port}
1066 heat::auth_uri: {get_input: keystone_auth_uri}
1067 heat::keystone_ec2_uri: {get_input: keystone_ec2_uri}
1068 heat::identity_uri: {get_input: keystone_identity_uri}
1069 heat::keystone_password: {get_input: heat_password}
1070 heat::api::bind_host: {get_input: heat_api_network}
1071 heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
1072 heat::api_cfn::bind_host: {get_input: heat_api_network}
1073 heat::database_connection: {get_input: heat_dsn}
1074 heat::debug: {get_input: debug}
1075 heat::db::mysql::password: {get_input: heat_password}
1078 keystone::admin_token: {get_input: admin_token}
1079 keystone_ca_certificate: {get_input: keystone_ca_certificate}
1080 keystone_signing_key: {get_input: keystone_signing_key}
1081 keystone_signing_certificate: {get_input: keystone_signing_certificate}
1082 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
1083 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
1084 keystone::database_connection: {get_input: keystone_dsn}
1085 keystone::public_bind_host: {get_input: keystone_public_api_network}
1086 keystone::admin_bind_host: {get_input: keystone_admin_api_network}
1087 keystone::debug: {get_input: debug}
1088 keystone::db::mysql::password: {get_input: admin_token}
1089 keystone::rabbit_userid: {get_input: rabbit_username}
1090 keystone::rabbit_password: {get_input: rabbit_password}
1091 keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1092 keystone::rabbit_port: {get_input: rabbit_client_port}
1093 keystone::notification_driver: {get_input: keystone_notification_driver}
1094 keystone::notification_format: {get_input: keystone_notification_format}
1096 mongodb::server::bind_ip: {get_input: mongo_db_network}
1097 mongodb::server::nojournal: {get_input: mongodb_no_journal}
1099 admin_password: {get_input: admin_password}
1100 enable_galera: {get_input: enable_galera}
1101 enable_ceph_storage: {get_input: enable_ceph_storage}
1102 enable_swift_storage: {get_input: enable_swift_storage}
1103 mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
1104 mysql_max_connections: {get_input: mysql_max_connections}
1105 mysql::server::root_password: {get_input: mysql_root_password}
1106 mysql_cluster_name: {get_input: mysql_cluster_name}
1107 mysql_bind_host: {get_input: mysql_network}
1108 mysql_virtual_ip: {get_input: mysql_virtual_ip}
1111 neutron::bind_host: {get_input: neutron_api_network}
1112 neutron::rabbit_password: {get_input: rabbit_password}
1113 neutron::rabbit_user: {get_input: rabbit_user}
1114 neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1115 neutron::rabbit_port: {get_input: rabbit_client_port}
1116 neutron::debug: {get_input: debug}
1117 neutron::server::auth_uri: {get_input: keystone_auth_uri}
1118 neutron::server::identity_uri: {get_input: keystone_identity_uri}
1119 neutron::server::database_connection: {get_input: neutron_dsn}
1120 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
1121 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
1122 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
1123 neutron_flat_networks: {get_input: neutron_flat_networks}
1124 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1125 neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
1126 neutron_agent_mode: {get_input: neutron_agent_mode}
1127 neutron_router_distributed: {get_input: neutron_router_distributed}
1128 neutron::core_plugin: {get_input: neutron_core_plugin}
1129 neutron::service_plugins: {get_input: neutron_service_plugins}
1130 neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
1131 neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
1132 neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
1133 neutron::server::l3_ha: {get_input: neutron_l3_ha}
1134 neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
1135 neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
1136 neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
1137 neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
1138 neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
1139 neutron_public_interface: {get_input: neutron_public_interface}
1140 neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
1141 neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
1142 neutron_public_interface_tag: {get_input: neutron_public_interface_tag}
1143 neutron_tenant_network_type: {get_input: neutron_tenant_network_type}
1144 neutron_tunnel_types: {get_input: neutron_tunnel_types}
1145 neutron::server::auth_password: {get_input: neutron_password}
1146 neutron::agents::metadata::auth_password: {get_input: neutron_password}
1147 neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
1148 neutron_dsn: {get_input: neutron_dsn}
1149 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
1150 neutron::db::mysql::password: {get_input: neutron_password}
1153 ceilometer_backend: {get_input: ceilometer_backend}
1154 ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
1155 ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
1156 ceilometer::rabbit_userid: {get_input: rabbit_username}
1157 ceilometer::rabbit_password: {get_input: rabbit_password}
1158 ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1159 ceilometer::rabbit_port: {get_input: rabbit_client_port}
1160 ceilometer::debug: {get_input: debug}
1161 ceilometer::api::host: {get_input: ceilometer_api_network}
1162 ceilometer::api::keystone_password: {get_input: ceilometer_password}
1163 ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
1164 ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
1165 ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
1166 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
1167 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
1168 ceilometer::db::mysql::password: {get_input: ceilometer_password}
1169 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
1170 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
1173 nova::rabbit_userid: {get_input: rabbit_username}
1174 nova::rabbit_password: {get_input: rabbit_password}
1175 nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
1176 nova::rabbit_port: {get_input: rabbit_client_port}
1177 nova::debug: {get_input: debug}
1178 nova::api::auth_uri: {get_input: keystone_auth_uri}
1179 nova::api::identity_uri: {get_input: keystone_identity_uri}
1180 nova::api::api_bind_address: {get_input: nova_api_network}
1181 nova::api::metadata_listen: {get_input: nova_metadata_network}
1182 nova::api::admin_password: {get_input: nova_password}
1183 nova::database_connection: {get_input: nova_dsn}
1184 nova::glance_api_servers: {get_input: glance_api_servers}
1185 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
1186 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
1187 nova::network::neutron::neutron_url: {get_input: neutron_url}
1188 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
1189 nova::vncproxy::host: {get_input: nova_api_network}
1190 nova::db::mysql::password: {get_input: nova_password}
1193 apache::ip: {get_input: horizon_network}
1194 horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
1195 horizon::django_debug: {get_input: debug}
1196 horizon::secret_key: {get_input: horizon_secret}
1197 horizon::bind_address: {get_input: horizon_network}
1198 horizon::keystone_url: {get_input: keystone_auth_uri}
1201 rabbitmq::node_ip_address: {get_input: rabbitmq_network}
1202 rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
1204 redis::bind: {get_input: redis_network}
1205 redis_vip: {get_input: redis_vip}
1207 memcached::listen_ip: {get_input: memcached_network}
1208 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
1209 ntp::servers: {get_input: ntp_servers}
1210 control_virtual_interface: {get_input: control_virtual_interface}
1211 public_virtual_interface: {get_input: public_virtual_interface}
1212 tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
1213 tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
1214 tripleo::packages::enable_install: {get_input: enable_package_install}
1215 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
1217 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
1218 ControllerExtraConfigPre:
1219 depends_on: ControllerDeployment
1220 type: OS::TripleO::ControllerExtraConfigPre
1222 server: {get_resource: Controller}
1224 # Hook for site-specific additional pre-deployment config,
1225 # applying to all nodes, e.g node registration/unregistration
1227 depends_on: ControllerExtraConfigPre
1228 type: OS::TripleO::NodeExtraConfig
1230 server: {get_resource: Controller}
1233 type: OS::TripleO::Tasks::PackageUpdate
1236 type: OS::Heat::SoftwareDeployment
1238 config: {get_resource: UpdateConfig}
1239 server: {get_resource: Controller}
1242 get_param: UpdateIdentifier
1246 description: IP address of the server in the ctlplane network
1247 value: {get_attr: [Controller, networks, ctlplane, 0]}
1248 external_ip_address:
1249 description: IP address of the server in the external network
1250 value: {get_attr: [ExternalPort, ip_address]}
1251 internal_api_ip_address:
1252 description: IP address of the server in the internal_api network
1253 value: {get_attr: [InternalApiPort, ip_address]}
1255 description: IP address of the server in the storage network
1256 value: {get_attr: [StoragePort, ip_address]}
1257 storage_mgmt_ip_address:
1258 description: IP address of the server in the storage_mgmt network
1259 value: {get_attr: [StorageMgmtPort, ip_address]}
1261 description: IP address of the server in the tenant network
1262 value: {get_attr: [TenantPort, ip_address]}
1264 description: Hostname of the server
1265 value: {get_attr: [Controller, name]}
1268 Node object in the format {ip: ..., name: ...} format that the corosync
1271 ip: {get_attr: [Controller, networks, ctlplane, 0]}
1272 name: {get_attr: [Controller, name]}
1275 Server's IP address and hostname in the /etc/hosts format
1278 template: IP HOST.localdomain HOST CLOUDNAME
1280 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
1281 HOST: {get_attr: [Controller, name]}
1282 CLOUDNAME: {get_param: CloudName}
1283 nova_server_resource:
1284 description: Heat resource handle for the Nova compute server
1286 {get_resource: Controller}
1288 description: Swift device formatted for swift-ring-builder
1291 template: 'r1z1-IP:%PORT%/d1'
1293 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
1294 swift_proxy_memcache:
1295 description: Swift proxy-memcache value
1298 template: "IP:11211"
1300 IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
1302 description: identifier which changes if the controller configuration may need re-applying
1306 - - {get_attr: [ControllerDeployment, deploy_stdout]}
1307 - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
1308 - {get_param: UpdateIdentifier}