1 {#- ## Some variables are set to enable rendering backwards compatible templates #}
2 {#- ## where a few parameter/resource names don't match the expected pattern #}
3 {#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
4 {%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
5 heat_template_version: pike
6 description: 'OpenStack {{role.name}} node configured by Puppet'
8 {%- set default_flavor_name = 'baremetal' %}
9 {%- if role.deprecated_param_flavor is defined %}
10 {{role.deprecated_param_flavor}}:
11 description: DEPRECATED Use Overcloud{{role.name}}Flavor instead.
12 default: {{default_flavor_name}}
15 Overcloud{{role.name}}Flavor:
16 description: Flavor for the {{role.name}} node.
17 default: {{default_flavor_name}}
19 {%- if role.disable_constraints is not defined %}
21 - custom_constraint: nova.flavor
23 {%- set default_image_name = 'overcloud-full' %}
24 {%- if role.deprecated_param_image is defined %}
25 {{role.deprecated_param_image}}:
27 default: {{default_image_name}}
28 description: DEPRECATED Use {{role.name}}Image instead
32 default: {{default_image_name}}
33 description: The disk image file to use for the role.
34 {%- if role.disable_constraints is not defined %}
36 - custom_constraint: glance.image
39 default: 'REBUILD_PRESERVE_EPHEMERAL'
40 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
43 description: Name of an existing Nova key pair to enable SSH access to the instances
46 {%- if role.disable_constraints is not defined %}
48 - custom_constraint: nova.keypair
50 NeutronPhysicalBridge:
52 description: An OVS bridge to create for accessing external networks.
54 NeutronPublicInterface:
56 description: Which interface to add to the NeutronPhysicalBridge.
60 description: Mapping of service_name -> network name. Typically set
61 via parameter_defaults in the resource registry.
65 description: Mapping of service endpoint -> protocol. Typically set
66 via parameter_defaults in the resource registry.
72 Setting to a previously unused value during stack-update will trigger
73 package update on all nodes
76 default: '' # Defaults to Heat created hostname
80 description: Optional mapping to override hostnames
84 Additional hiera configuration to inject into the cluster. Note
85 that {{role.name}}ExtraConfig takes precedence over ExtraConfig.
87 {{role.name}}ExtraConfig:
90 Role specific additional hiera configuration to inject into the cluster.
92 {%- if role.deprecated_param_extraconfig is defined %}
93 {{role.deprecated_param_extraconfig}}:
96 DEPRECATED use {{role.name}}ExtraConfig instead
102 {%- if role.deprecated_param_ips is defined %}
103 {{role.deprecated_param_ips}}:
105 description: DEPRECATED - use {{role.name}}IPs instead
108 {{role.name}}NetworkDeploymentActions:
109 type: comma_delimited_list
111 Heat action when to apply network configuration changes
113 NetworkDeploymentActions:
114 type: comma_delimited_list
116 Heat action when to apply network configuration changes
118 SoftwareConfigTransport:
119 default: POLL_SERVER_CFN
121 How the server should receive the metadata required for software configuration.
124 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
126 default: 'localdomain'
129 The DNS domain used for the hosts. This must match the
130 overcloud_domain_name configured on the undercloud.
131 {{role.name}}ServerMetadata:
134 Extra properties or metadata passed to Nova for the created nodes in
135 the overcloud. It's accessible via the Nova metadata API. This option is
136 role-specific and is merged with the values given to the ServerMetadata
139 {%- if role.deprecated_param_metadata is defined %}
140 {{role.deprecated_param_metadata}}:
142 description: DEPRECATED - use {{role.name}}ServerMetadata instead
148 Extra properties or metadata passed to Nova for the created nodes in
149 the overcloud. It's accessible via the Nova metadata API. This applies to
150 all roles and is merged with a role-specific metadata parameter.
152 {{role.name}}SchedulerHints:
154 description: Optional scheduler hints to pass to nova
159 ServiceConfigSettings:
163 type: comma_delimited_list
165 MonitoringSubscriptions:
166 type: comma_delimited_list
168 ServiceMetadataSettings:
173 description: Command which will be run whenever configuration data changes
174 default: os-refresh-config --timeout 14400
179 Maximum amount of time to possibly to delay configuation collection
180 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
181 the configuration collection to occur as soon as the collection process
182 starts. This setting is used to prevent the configuration collection
183 processes from polling all at the exact same time.
188 type: comma_delimited_list
193 Command or script snippet to run on all overcloud nodes to
194 initialize the upgrade process. E.g. a repository switch.
196 UpgradeInitCommonCommand:
199 Common commands required by the upgrades process. This should not
200 normally be modified by the operator and is set and unset in the
201 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
204 DeploymentServerBlacklistDict:
208 Map of server hostnames to blacklist from any triggered
209 deployments. If the value is 1, the server will be blacklisted. This
210 parameter is generated from the parent template.
213 description: Parameters specific to the role
215 DeploymentSwiftDataMap:
218 Map of servers to Swift container and object for storing deployment data.
219 The keys are the Heat assigned hostnames, and the value is a map of the
220 container/object name in Swift. Example value:
221 overcloud-controller-0:
222 container: overcloud-controller
224 overcloud-controller-1:
225 container: overcloud-controller
227 overcloud-controller-2:
228 container: overcloud-controller
230 overcloud-novacompute-0:
231 container: overcloud-compute
235 {% if role.uses_deprecated_params is defined %}
238 description: Do not use deprecated params, they will be removed.
240 {%- for property in role %}
241 {%- if property.startswith('deprecated_param_') and not role[property].endswith('SchedulerHints') %}
248 server_not_blacklisted:
251 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
253 deployment_swift_data_map_unset:
256 - DeploymentSwiftDataMap
257 - {get_param: Hostname}
259 {%- if role.deprecated_param_image is defined %}
260 deprecated_param_image_set:
263 - {get_param: {{role.deprecated_param_image}}}
264 - {{default_image_name}}
266 {%- if role.deprecated_param_flavor is defined %}
267 deprecated_param_flavor_set:
270 - {get_param: {{role.deprecated_param_flavor}}}
271 - {{default_flavor_name}}
273 role_network_deployment_actions_exists:
276 - {get_param: {{role.name}}NetworkDeploymentActions}
280 {{server_resource_name}}:
281 type: OS::TripleO::{{role.name}}Server
284 command: {get_param: ConfigCommand}
285 splay: {get_param: ConfigCollectSplay}
288 {%- if role.deprecated_param_image is defined %}
290 - deprecated_param_image_set
291 - {get_param: {{role.deprecated_param_image}}}
292 - {get_param: {{role.name}}Image}
294 get_param: {{role.name}}Image
296 image_update_policy: {get_param: ImageUpdatePolicy}
298 {%- if role.deprecated_param_flavor is defined %}
300 - deprecated_param_flavor_set
301 - {get_param: {{role.deprecated_param_flavor}}}
302 - {get_param: Overcloud{{role.name}}Flavor}
304 get_param: Overcloud{{role.name}}Flavor
306 key_name: {get_param: KeyName}
309 user_data_format: SOFTWARE_CONFIG
310 user_data: {get_resource: UserData}
313 template: {get_param: Hostname}
314 params: {get_param: HostnameMap}
315 software_config_transport: {get_param: SoftwareConfigTransport}
318 - {get_param: ServerMetadata}
319 {%- if role.deprecated_param_metadata is defined %}
320 - {get_param: {{role.deprecated_param_metadata}}}
322 - {get_param: {{role.name}}ServerMetadata}
323 - {get_param: ServiceMetadataSettings}
324 scheduler_hints: {get_param: {{role.name}}SchedulerHints}
325 deployment_swift_data:
327 - deployment_swift_data_map_unset
329 - {get_param: [DeploymentSwiftDataMap,
330 {get_param: Hostname}]}
332 # Combine the NodeAdminUserData and NodeUserData mime archives
334 type: OS::Heat::MultipartMime
337 - config: {get_resource: NodeAdminUserData}
339 - config: {get_resource: NodeUserData}
341 - config: {get_resource: RoleUserData}
344 # Creates the "heat-admin" user if configured via the environment
345 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
347 type: OS::TripleO::NodeAdminUserData
349 # For optional operator additional userdata
350 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
352 type: OS::TripleO::NodeUserData
354 # For optional operator role-specific userdata
355 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
357 type: OS::TripleO::{{role.name}}::NodeUserData
359 {%- for network in networks %}
360 {{network.name}}Port:
361 type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
363 ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
366 {%- if role.deprecated_param_ips is defined %}
367 - {get_param: {{role.deprecated_param_ips}}}
369 - {get_param: {{role.name}}IPs}
370 NodeIndex: {get_param: NodeIndex}
374 type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
376 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
377 {%- for network in networks %}
378 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
382 type: OS::TripleO::Network::Ports::NetIpMap
384 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
385 {%- for network in networks %}
386 {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
387 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
388 {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
392 type: OS::Heat::Value
400 - - {get_attr: [{{server_resource_name}}, name]}
402 - {get_param: CloudDomain}
406 - - {get_attr: [{{server_resource_name}}, name]}
412 - - {get_attr: [{{server_resource_name}}, name]}
414 - {get_param: CloudDomain}
418 - - {get_attr: [{{server_resource_name}}, name]}
424 - - {get_attr: [{{server_resource_name}}, name]}
426 - {get_param: CloudDomain}
430 - - {get_attr: [{{server_resource_name}}, name]}
436 - - {get_attr: [{{server_resource_name}}, name]}
438 - {get_param: CloudDomain}
442 - - {get_attr: [{{server_resource_name}}, name]}
448 - - {get_attr: [{{server_resource_name}}, name]}
450 - {get_param: CloudDomain}
454 - - {get_attr: [{{server_resource_name}}, name]}
460 - - {get_attr: [{{server_resource_name}}, name]}
462 - {get_param: CloudDomain}
466 - - {get_attr: [{{server_resource_name}}, name]}
472 - - {get_attr: [{{server_resource_name}}, name]}
474 - {get_param: CloudDomain}
478 - - {get_attr: [{{server_resource_name}}, name]}
482 type: OS::TripleO::{{role.name}}::PreNetworkConfig
484 server: {get_resource: {{server_resource_name}}}
485 RoleParameters: {get_param: RoleParameters}
486 ServiceNames: {get_param: ServiceNames}
487 deployment_actions: {get_attr: [DeploymentActions, value]}
490 type: OS::TripleO::SoftwareDeployment
491 depends_on: PreNetworkConfig
493 name: NetworkDeployment
494 config: {get_resource: NetworkConfig}
495 server: {get_resource: {{server_resource_name}}}
496 actions: {get_param: NetworkDeploymentActions}
498 bridge_name: {get_param: NeutronPhysicalBridge}
499 interface_name: {get_param: NeutronPublicInterface}
502 - server_not_blacklisted
504 - role_network_deployment_actions_exists
505 - {get_param: {{role.name}}NetworkDeploymentActions}
506 - {get_param: NetworkDeploymentActions}
509 {{server_resource_name}}UpgradeInitConfig:
510 type: OS::Heat::SoftwareConfig
516 - - "#!/bin/bash\n\n"
517 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
518 - get_param: UpgradeInitCommand
519 - get_param: UpgradeInitCommonCommand
521 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
522 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
523 {{server_resource_name}}UpgradeInitDeployment:
524 type: OS::Heat::SoftwareDeployment
525 depends_on: NetworkDeployment
527 name: {{server_resource_name}}UpgradeInitDeployment
528 server: {get_resource: {{server_resource_name}}}
529 config: {get_resource: {{server_resource_name}}UpgradeInitConfig}
532 - server_not_blacklisted
533 - ['CREATE', 'UPDATE']
536 {{server_resource_name}}Deployment:
537 type: OS::Heat::StructuredDeployment
538 depends_on: {{server_resource_name}}UpgradeInitDeployment
540 name: {{server_resource_name}}Deployment
541 config: {get_resource: {{server_resource_name}}Config}
542 server: {get_resource: {{server_resource_name}}}
544 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
547 - server_not_blacklisted
548 - ['CREATE', 'UPDATE']
551 {{server_resource_name}}Config:
552 type: OS::Heat::StructuredConfig
558 - heat_config_%{::deploy_config_name}
560 - {{role.name.lower()}}_extraconfig
564 - {{role.name.lower()}}
565 - bootstrap_node # provided by allNodesConfig
566 - all_nodes # provided by allNodesConfig
567 - vip_data # provided by allNodesConfig
570 # The following are required for compatibility with the Controller role
571 # where some vendor integrations added hieradata via ExtraConfigPre
572 - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre
573 - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre
574 - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre
575 - midonet_data #Optionally provided by AllNodesExtraConfig
576 - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre
577 merge_behavior: deeper
580 service_names: {get_param: ServiceNames}
581 sensu::subscriptions: {get_param: MonitoringSubscriptions}
582 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
585 - {get_param: ServiceConfigSettings}
586 - values: {get_attr: [NetIpMap, net_ip_map]}
587 {{role.name.lower()}}_extraconfig:
589 {%- if role.deprecated_param_extraconfig is defined %}
590 - {get_param: {{role.deprecated_param_extraconfig}}}
592 - {get_param: {{server_resource_name}}ExtraConfig}
593 extraconfig: {get_param: ExtraConfig}
594 {{role.name.lower()}}:
595 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
596 tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
597 tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
598 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
599 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
600 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
601 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
602 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
603 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
604 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
606 # Resource for site-specific injection of root certificate
608 depends_on: NetworkDeployment
609 type: OS::TripleO::NodeTLSCAData
611 server: {get_resource: {{server_resource_name}}}
613 {%- if 'primary' in role.tags and 'controller' in role.tags %}
614 # Resource for site-specific passing of private keys/certificates
616 depends_on: NodeTLSCAData
617 type: OS::TripleO::NodeTLSData
619 server: {get_resource: {{server_resource_name}}}
620 NodeIndex: {get_param: NodeIndex}
623 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
624 {{role.name}}ExtraConfigPre:
625 depends_on: {{server_resource_name}}Deployment
626 type: OS::TripleO::{{role.name}}ExtraConfigPre
627 # We have to use conditions here so that we don't break backwards
628 # compatibility with templates everywhere
629 condition: server_not_blacklisted
631 server: {get_resource: {{server_resource_name}}}
633 # Hook for site-specific additional pre-deployment config,
634 # applying to all nodes, e.g node registration/unregistration
637 - {{role.name}}ExtraConfigPre
638 {%- if 'primary' in role.tags and 'controller' in role.tags %}
643 type: OS::TripleO::NodeExtraConfig
644 # We have to use conditions here so that we don't break backwards
645 # compatibility with templates everywhere
646 condition: server_not_blacklisted
648 server: {get_resource: {{server_resource_name}}}
651 type: OS::TripleO::Tasks::PackageUpdate
654 type: OS::Heat::SoftwareDeployment
655 depends_on: NetworkDeployment
657 name: UpdateDeployment
658 config: {get_resource: UpdateConfig}
659 server: {get_resource: {{server_resource_name}}}
662 get_param: UpdateIdentifier
665 - server_not_blacklisted
666 - ['CREATE', 'UPDATE']
670 type: OS::Heat::Value
674 - server_not_blacklisted
675 - ['CREATE', 'UPDATE']
679 type: OS::TripleO::Ssh::HostPubKey
680 depends_on: {{server_resource_name}}Deployment
682 server: {get_resource: {{server_resource_name}}}
683 deployment_actions: {get_attr: [DeploymentActions, value]}
687 description: IP address of the server in the ctlplane network
688 value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
690 description: Hostname of the server
691 value: {get_attr: [{{server_resource_name}}, name]}
693 description: Mapping of network names to hostnames
695 {%- for network in networks %}
696 {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
698 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
703 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
704 {%- for network in networks %}
705 {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
707 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
709 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
710 DOMAIN: {get_param: CloudDomain}
711 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
712 {%- for network in networks %}
713 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
714 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
716 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
717 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
719 description: Entry for ssh known hosts
722 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
723 {%- for network in networks %}
724 {{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\
726 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
728 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
729 DOMAIN: {get_param: CloudDomain}
730 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
731 {%- for network in networks %}
732 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
733 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
735 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
736 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
737 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
738 nova_server_resource:
739 description: Heat resource handle for {{role.name}} server
741 {get_resource: {{server_resource_name}}}
742 condition: server_not_blacklisted
743 deployed_server_port_map:
745 Map of Heat created hostname of the server to ip address. This is the
746 hostname before it has been mapped with the HostnameMap parameter, and
747 the IP address from the ctlplane network. This map can be used to construct
748 the DeployedServerPortMap parameter when using split-stack.
753 - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
758 - - {get_param: Hostname}
760 deployed_server_deployment_swift_data_map:
762 Map of Heat created hostname of the server to the Swift container and object
763 used to created the temporary url for metadata polling with
771 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
778 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
781 - keys: {hostname: {get_param: Hostname}}
782 {%- if 'primary' in role.tags and 'controller' in role.tags %}
784 description: MD5 checksum of the TLS Key Modulus
785 value: {get_attr: [NodeTLSData, key_modulus_md5]}
786 tls_cert_modulus_md5:
787 description: MD5 checksum of the TLS Certificate Modulus
788 value: {get_attr: [NodeTLSData, cert_modulus_md5]}
791 description: The os-collect-config configuration associated with this server resource
792 value: {get_attr: [{{server_resource_name}}, os_collect_config]}
793 {%- for network in networks %}
794 {{network.name_lower|default(network.name.lower())}}_ip_address:
795 description: IP address of the server in the {{network.name}} network
796 value: {get_attr: [{{network.name}}Port, ip_address]}