1 {#- ## Some variables are set to enable rendering backwards compatible templates #}
2 {#- ## where a few parameter/resource names don't match the expected pattern #}
3 {#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
4 {%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
5 heat_template_version: pike
6 description: 'OpenStack {{role.name}} node configured by Puppet'
8 {%- set default_flavor_name = 'baremetal' %}
9 {%- if role.deprecated_param_flavor is defined %}
10 {{role.deprecated_param_flavor}}:
11 description: DEPRECATED Use Overcloud{{role.name}}Flavor instead.
12 default: {{default_flavor_name}}
15 Overcloud{{role.name}}Flavor:
16 description: Flavor for the {{role.name}} node.
17 default: {{default_flavor_name}}
19 {%- if role.disable_constraints is not defined %}
21 - custom_constraint: nova.flavor
23 {%- set default_image_name = 'overcloud-full' %}
24 {%- if role.deprecated_param_image is defined %}
25 {{role.deprecated_param_image}}:
27 default: {{default_image_name}}
28 description: DEPRECATED Use {{role.name}}Image instead
32 default: {{default_image_name}}
33 description: The disk image file to use for the role.
34 {%- if role.disable_constraints is not defined %}
36 - custom_constraint: glance.image
39 default: 'REBUILD_PRESERVE_EPHEMERAL'
40 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
43 description: Name of an existing Nova key pair to enable SSH access to the instances
46 {%- if role.disable_constraints is not defined %}
48 - custom_constraint: nova.keypair
50 NeutronPhysicalBridge:
52 description: An OVS bridge to create for accessing external networks.
54 NeutronPublicInterface:
56 description: Which interface to add to the NeutronPhysicalBridge.
60 description: Mapping of service_name -> network name. Typically set
61 via parameter_defaults in the resource registry.
65 description: Mapping of service endpoint -> protocol. Typically set
66 via parameter_defaults in the resource registry.
72 Setting to a previously unused value during stack-update will trigger
73 package update on all nodes
76 default: '' # Defaults to Heat created hostname
80 description: Optional mapping to override hostnames
84 Additional hiera configuration to inject into the cluster. Note
85 that {{role.name}}ExtraConfig takes precedence over ExtraConfig.
87 {{role.name}}ExtraConfig:
90 Role specific additional hiera configuration to inject into the cluster.
92 {%- if role.deprecated_param_extraconfig is defined %}
93 {{role.deprecated_param_extraconfig}}:
96 DEPRECATED use {{role.name}}ExtraConfig instead
102 {%- if role.deprecated_param_ips is defined %}
103 {{role.deprecated_param_ips}}:
105 description: DEPRECATED - use {{role.name}}IPs instead
108 {{role.name}}NetworkDeploymentActions:
109 type: comma_delimited_list
111 Heat action when to apply network configuration changes
113 NetworkDeploymentActions:
114 type: comma_delimited_list
116 Heat action when to apply network configuration changes
118 SoftwareConfigTransport:
119 default: POLL_SERVER_CFN
121 How the server should receive the metadata required for software configuration.
124 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
126 default: 'localdomain'
129 The DNS domain used for the hosts. This must match the
130 overcloud_domain_name configured on the undercloud.
131 {{role.name}}ServerMetadata:
134 Extra properties or metadata passed to Nova for the created nodes in
135 the overcloud. It's accessible via the Nova metadata API. This option is
136 role-specific and is merged with the values given to the ServerMetadata
139 {%- if role.deprecated_param_metadata is defined %}
140 {{role.deprecated_param_metadata}}:
142 description: DEPRECATED - use {{role.name}}ServerMetadata instead
148 Extra properties or metadata passed to Nova for the created nodes in
149 the overcloud. It's accessible via the Nova metadata API. This applies to
150 all roles and is merged with a role-specific metadata parameter.
152 {{role.name}}SchedulerHints:
154 description: Optional scheduler hints to pass to nova
159 ServiceConfigSettings:
163 type: comma_delimited_list
165 MonitoringSubscriptions:
166 type: comma_delimited_list
168 ServiceMetadataSettings:
173 description: Command which will be run whenever configuration data changes
174 default: os-refresh-config --timeout 14400
179 Maximum amount of time to possibly to delay configuation collection
180 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
181 the configuration collection to occur as soon as the collection process
182 starts. This setting is used to prevent the configuration collection
183 processes from polling all at the exact same time.
188 type: comma_delimited_list
193 Command or script snippet to run on all overcloud nodes to
194 initialize the upgrade process. E.g. a repository switch.
196 UpgradeInitCommonCommand:
199 Common commands required by the upgrades process. This should not
200 normally be modified by the operator and is set and unset in the
201 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
204 DeploymentServerBlacklistDict:
208 Map of server hostnames to blacklist from any triggered
209 deployments. If the value is 1, the server will be blacklisted. This
210 parameter is generated from the parent template.
213 description: Parameters specific to the role
215 DeploymentSwiftDataMap:
218 Map of servers to Swift container and object for storing deployment data.
219 The keys are the Heat assigned hostnames, and the value is a map of the
220 container/object name in Swift. Example value:
221 overcloud-controller-0:
222 container: overcloud-controller
224 overcloud-controller-1:
225 container: overcloud-controller
227 overcloud-controller-2:
228 container: overcloud-controller
230 overcloud-novacompute-0:
231 container: overcloud-compute
235 {% if role.uses_deprecated_params is defined %}
238 description: Do not use deprecated params, they will be removed.
240 {%- for property in role %}
241 {%- if property.startswith('deprecated_param_') and not role[property].endswith('SchedulerHints') %}
248 server_not_blacklisted:
251 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
253 deployment_swift_data_map_unset:
256 - DeploymentSwiftDataMap
257 - {get_param: Hostname}
259 {%- if role.deprecated_param_image is defined %}
260 deprecated_param_image_set:
263 - {get_param: {{role.deprecated_param_image}}}
264 - {{default_image_name}}
266 {%- if role.deprecated_param_flavor is defined %}
267 deprecated_param_flavor_set:
270 - {get_param: {{role.deprecated_param_flavor}}}
271 - {{default_flavor_name}}
273 role_network_deployment_actions_exists:
276 - {get_param: {{role.name}}NetworkDeploymentActions}
280 {{server_resource_name}}:
281 type: OS::TripleO::{{role.name}}Server
284 command: {get_param: ConfigCommand}
285 splay: {get_param: ConfigCollectSplay}
288 {%- if role.deprecated_param_image is defined %}
290 - deprecated_param_image_set
291 - {get_param: {{role.deprecated_param_image}}}
292 - {get_param: {{role.name}}Image}
294 get_param: {{role.name}}Image
296 image_update_policy: {get_param: ImageUpdatePolicy}
298 {%- if role.deprecated_param_flavor is defined %}
300 - deprecated_param_flavor_set
301 - {get_param: {{role.deprecated_param_flavor}}}
302 - {get_param: Overcloud{{role.name}}Flavor}
304 get_param: Overcloud{{role.name}}Flavor
306 key_name: {get_param: KeyName}
309 user_data_format: SOFTWARE_CONFIG
310 user_data: {get_resource: UserData}
313 template: {get_param: Hostname}
314 params: {get_param: HostnameMap}
315 software_config_transport: {get_param: SoftwareConfigTransport}
318 - {get_param: ServerMetadata}
319 {%- if role.deprecated_param_metadata is defined %}
320 - {get_param: {{role.deprecated_param_metadata}}}
322 - {get_param: {{role.name}}ServerMetadata}
323 - {get_param: ServiceMetadataSettings}
324 scheduler_hints: {get_param: {{role.name}}SchedulerHints}
325 deployment_swift_data:
327 - deployment_swift_data_map_unset
329 - {get_param: [DeploymentSwiftDataMap,
330 {get_param: Hostname}]}
332 # Combine the NodeAdminUserData and NodeUserData mime archives
334 type: OS::Heat::MultipartMime
337 - config: {get_resource: NodeAdminUserData}
339 - config: {get_resource: NodeUserData}
341 - config: {get_resource: RoleUserData}
344 # Creates the "heat-admin" user if configured via the environment
345 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
347 type: OS::TripleO::NodeAdminUserData
349 # For optional operator additional userdata
350 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
352 type: OS::TripleO::NodeUserData
354 # For optional operator role-specific userdata
355 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
357 type: OS::TripleO::{{role.name}}::NodeUserData
359 {%- for network in networks %}
360 {{network.name}}Port:
361 type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
363 ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
366 {%- if role.deprecated_param_ips is defined %}
367 - {get_param: {{role.deprecated_param_ips}}}
369 - {get_param: {{role.name}}IPs}
370 NodeIndex: {get_param: NodeIndex}
374 type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
376 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
377 {%- for network in networks %}
378 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
382 type: OS::TripleO::Network::Ports::NetIpMap
384 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
385 {%- for network in networks %}
386 {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
387 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
388 {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
392 type: OS::Heat::Value
400 - - {get_attr: [{{server_resource_name}}, name]}
402 - {get_param: CloudDomain}
406 - - {get_attr: [{{server_resource_name}}, name]}
412 - - {get_attr: [{{server_resource_name}}, name]}
414 - {get_param: CloudDomain}
418 - - {get_attr: [{{server_resource_name}}, name]}
424 - - {get_attr: [{{server_resource_name}}, name]}
426 - {get_param: CloudDomain}
430 - - {get_attr: [{{server_resource_name}}, name]}
436 - - {get_attr: [{{server_resource_name}}, name]}
438 - {get_param: CloudDomain}
442 - - {get_attr: [{{server_resource_name}}, name]}
448 - - {get_attr: [{{server_resource_name}}, name]}
450 - {get_param: CloudDomain}
454 - - {get_attr: [{{server_resource_name}}, name]}
460 - - {get_attr: [{{server_resource_name}}, name]}
462 - {get_param: CloudDomain}
466 - - {get_attr: [{{server_resource_name}}, name]}
472 - - {get_attr: [{{server_resource_name}}, name]}
474 - {get_param: CloudDomain}
478 - - {get_attr: [{{server_resource_name}}, name]}
482 type: OS::TripleO::{{role.name}}::PreNetworkConfig
484 server: {get_resource: {{server_resource_name}}}
485 RoleParameters: {get_param: RoleParameters}
486 ServiceNames: {get_param: ServiceNames}
487 deployment_actions: {get_attr: [DeploymentActions, value]}
490 type: OS::TripleO::SoftwareDeployment
491 depends_on: PreNetworkConfig
493 name: NetworkDeployment
494 config: {get_resource: NetworkConfig}
495 server: {get_resource: {{server_resource_name}}}
496 actions: {get_param: NetworkDeploymentActions}
498 bridge_name: {get_param: NeutronPhysicalBridge}
499 interface_name: {get_param: NeutronPublicInterface}
502 - server_not_blacklisted
504 - role_network_deployment_actions_exists
505 - {get_param: {{role.name}}NetworkDeploymentActions}
506 - {get_param: NetworkDeploymentActions}
509 {{server_resource_name}}UpgradeInitConfig:
510 type: OS::Heat::SoftwareConfig
516 - - "#!/bin/bash\n\n"
517 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
518 - get_param: UpgradeInitCommand
519 - get_param: UpgradeInitCommonCommand
521 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
522 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
523 {{server_resource_name}}UpgradeInitDeployment:
524 type: OS::Heat::SoftwareDeployment
525 depends_on: NetworkDeployment
527 name: {{server_resource_name}}UpgradeInitDeployment
528 server: {get_resource: {{server_resource_name}}}
529 config: {get_resource: {{server_resource_name}}UpgradeInitConfig}
532 - server_not_blacklisted
533 - ['CREATE', 'UPDATE']
536 {{server_resource_name}}Deployment:
537 type: OS::Heat::StructuredDeployment
538 depends_on: {{server_resource_name}}UpgradeInitDeployment
540 name: {{server_resource_name}}Deployment
541 config: {get_resource: {{server_resource_name}}Config}
542 server: {get_resource: {{server_resource_name}}}
544 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
547 - server_not_blacklisted
548 - ['CREATE', 'UPDATE']
551 {{server_resource_name}}Config:
552 type: OS::Heat::StructuredConfig
558 - heat_config_%{::deploy_config_name}
560 - {{role.name.lower()}}_extraconfig
564 - {{role.name.lower()}}
565 - bootstrap_node # provided by allNodesConfig
566 - all_nodes # provided by allNodesConfig
567 - vip_data # provided by allNodesConfig
569 # The following are required for compatibility with the Controller role
570 # where some vendor integrations added hieradata via ExtraConfigPre
571 - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre
572 - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre
573 - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre
574 - midonet_data #Optionally provided by AllNodesExtraConfig
575 - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre
576 merge_behavior: deeper
579 service_names: {get_param: ServiceNames}
580 sensu::subscriptions: {get_param: MonitoringSubscriptions}
583 - {get_param: ServiceConfigSettings}
584 - values: {get_attr: [NetIpMap, net_ip_map]}
585 {{role.name.lower()}}_extraconfig:
587 {%- if role.deprecated_param_extraconfig is defined %}
588 - {get_param: {{role.deprecated_param_extraconfig}}}
590 - {get_param: {{server_resource_name}}ExtraConfig}
591 extraconfig: {get_param: ExtraConfig}
592 {{role.name.lower()}}:
593 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
594 tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
595 tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
596 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
597 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
598 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
599 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
600 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
601 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
602 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
604 # Resource for site-specific injection of root certificate
606 depends_on: NetworkDeployment
607 type: OS::TripleO::NodeTLSCAData
609 server: {get_resource: {{server_resource_name}}}
611 {%- if 'primary' in role.tags and 'controller' in role.tags %}
612 # Resource for site-specific passing of private keys/certificates
614 depends_on: NodeTLSCAData
615 type: OS::TripleO::NodeTLSData
617 server: {get_resource: {{server_resource_name}}}
618 NodeIndex: {get_param: NodeIndex}
621 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
622 {{role.name}}ExtraConfigPre:
623 depends_on: {{server_resource_name}}Deployment
624 type: OS::TripleO::{{role.name}}ExtraConfigPre
625 # We have to use conditions here so that we don't break backwards
626 # compatibility with templates everywhere
627 condition: server_not_blacklisted
629 server: {get_resource: {{server_resource_name}}}
631 # Hook for site-specific additional pre-deployment config,
632 # applying to all nodes, e.g node registration/unregistration
635 - {{role.name}}ExtraConfigPre
636 {%- if 'primary' in role.tags and 'controller' in role.tags %}
641 type: OS::TripleO::NodeExtraConfig
642 # We have to use conditions here so that we don't break backwards
643 # compatibility with templates everywhere
644 condition: server_not_blacklisted
646 server: {get_resource: {{server_resource_name}}}
649 type: OS::TripleO::Tasks::PackageUpdate
652 type: OS::Heat::SoftwareDeployment
653 depends_on: NetworkDeployment
655 name: UpdateDeployment
656 config: {get_resource: UpdateConfig}
657 server: {get_resource: {{server_resource_name}}}
660 get_param: UpdateIdentifier
663 - server_not_blacklisted
664 - ['CREATE', 'UPDATE']
668 type: OS::Heat::Value
672 - server_not_blacklisted
673 - ['CREATE', 'UPDATE']
677 type: OS::TripleO::Ssh::HostPubKey
678 depends_on: {{server_resource_name}}Deployment
680 server: {get_resource: {{server_resource_name}}}
681 deployment_actions: {get_attr: [DeploymentActions, value]}
685 description: IP address of the server in the ctlplane network
686 value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
688 description: Hostname of the server
689 value: {get_attr: [{{server_resource_name}}, name]}
691 description: Mapping of network names to hostnames
693 {%- for network in networks %}
694 {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
696 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
701 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
702 {%- for network in networks %}
703 {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
705 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
707 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
708 DOMAIN: {get_param: CloudDomain}
709 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
710 {%- for network in networks %}
711 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
712 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
714 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
715 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
717 description: Entry for ssh known hosts
720 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
721 {%- for network in networks %}
722 {{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\
724 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
726 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
727 DOMAIN: {get_param: CloudDomain}
728 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
729 {%- for network in networks %}
730 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
731 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
733 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
734 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
735 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
736 nova_server_resource:
737 description: Heat resource handle for {{role.name}} server
739 {get_resource: {{server_resource_name}}}
740 condition: server_not_blacklisted
741 deployed_server_port_map:
743 Map of Heat created hostname of the server to ip address. This is the
744 hostname before it has been mapped with the HostnameMap parameter, and
745 the IP address from the ctlplane network. This map can be used to construct
746 the DeployedServerPortMap parameter when using split-stack.
751 - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
756 - - {get_param: Hostname}
758 deployed_server_deployment_swift_data_map:
760 Map of Heat created hostname of the server to the Swift container and object
761 used to created the temporary url for metadata polling with
769 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
776 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
779 - keys: {hostname: {get_param: Hostname}}
780 {%- if 'primary' in role.tags and 'controller' in role.tags %}
782 description: MD5 checksum of the TLS Key Modulus
783 value: {get_attr: [NodeTLSData, key_modulus_md5]}
784 tls_cert_modulus_md5:
785 description: MD5 checksum of the TLS Certificate Modulus
786 value: {get_attr: [NodeTLSData, cert_modulus_md5]}
789 description: The os-collect-config configuration associated with this server resource
790 value: {get_attr: [{{server_resource_name}}, os_collect_config]}
791 {%- for network in networks %}
792 {{network.name_lower|default(network.name.lower())}}_ip_address:
793 description: IP address of the server in the {{network.name}} network
794 value: {get_attr: [{{network.name}}Port, ip_address]}