1 heat_template_version: pike
2 description: 'OpenStack {{role.name}} node configured by Puppet'
4 Overcloud{{role.name}}Flavor:
5 description: Flavor for the {{role.name}} node.
8 {% if role.disable_constraints is not defined %}
10 - custom_constraint: nova.flavor
14 default: overcloud-full
15 {% if role.disable_constraints is not defined %}
17 - custom_constraint: glance.image
20 default: 'REBUILD_PRESERVE_EPHEMERAL'
21 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
24 description: Name of an existing Nova key pair to enable SSH access to the instances
27 {% if role.disable_constraints is not defined %}
29 - custom_constraint: nova.keypair
31 NeutronPhysicalBridge:
33 description: An OVS bridge to create for accessing tenant networks.
35 NeutronPublicInterface:
37 description: Which interface to add to the NeutronPhysicalBridge.
41 description: Mapping of service_name -> network name. Typically set
42 via parameter_defaults in the resource registry.
46 description: Mapping of service endpoint -> protocol. Typically set
47 via parameter_defaults in the resource registry.
53 Setting to a previously unused value during stack-update will trigger
54 package update on all nodes
57 default: '' # Defaults to Heat created hostname
61 description: Optional mapping to override hostnames
65 Additional hiera configuration to inject into the cluster. Note
66 that {{role.name}}ExtraConfig takes precedence over ExtraConfig.
68 {{role.name}}ExtraConfig:
71 Role specific additional hiera configuration to inject into the cluster.
76 NetworkDeploymentActions:
77 type: comma_delimited_list
79 Heat action when to apply network configuration changes
81 SoftwareConfigTransport:
82 default: POLL_SERVER_CFN
84 How the server should receive the metadata required for software configuration.
87 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
89 default: 'localdomain'
92 The DNS domain used for the hosts. This must match the
93 overcloud_domain_name configured on the undercloud.
94 {{role.name}}ServerMetadata:
97 Extra properties or metadata passed to Nova for the created nodes in
98 the overcloud. It's accessible via the Nova metadata API. This option is
99 role-specific and is merged with the values given to the ServerMetadata
105 Extra properties or metadata passed to Nova for the created nodes in
106 the overcloud. It's accessible via the Nova metadata API. This applies to
107 all roles and is merged with a role-specific metadata parameter.
109 {{role.name}}SchedulerHints:
111 description: Optional scheduler hints to pass to nova
116 ServiceConfigSettings:
120 type: comma_delimited_list
122 MonitoringSubscriptions:
123 type: comma_delimited_list
125 ServiceMetadataSettings:
130 description: Command which will be run whenever configuration data changes
131 default: os-refresh-config --timeout 14400
136 Maximum amount of time to possibly to delay configuation collection
137 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
138 the configuration collection to occur as soon as the collection process
139 starts. This setting is used to prevent the configuration collection
140 processes from polling all at the exact same time.
145 type: comma_delimited_list
150 Command or script snippet to run on all overcloud nodes to
151 initialize the upgrade process. E.g. a repository switch.
153 UpgradeInitCommonCommand:
156 Common commands required by the upgrades process. This should not
157 normally be modified by the operator and is set and unset in the
158 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
161 DeploymentServerBlacklistDict:
165 Map of server hostnames to blacklist from any triggered
166 deployments. If the value is 1, the server will be blacklisted. This
167 parameter is generated from the parent template.
170 description: Role Specific Parameters
172 DeploymentSwiftDataMap:
175 Map of servers to Swift container and object for storing deployment data.
176 The keys are the Heat assigned hostnames, and the value is a map of the
177 container/object name in Swift. Example value:
178 overcloud-controller-0:
179 container: overcloud-controller
181 overcloud-controller-1:
182 container: overcloud-controller
184 overcloud-controller-2:
185 container: overcloud-controller
187 overcloud-novacompute-0:
188 container: overcloud-compute
193 server_not_blacklisted:
196 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
198 deployment_swift_data_map_unset:
201 - DeploymentSwiftDataMap
202 - {get_param: Hostname}
207 type: OS::TripleO::{{role.name}}Server
210 command: {get_param: ConfigCommand}
211 splay: {get_param: ConfigCollectSplay}
213 image: {get_param: {{role.name}}Image}
214 image_update_policy: {get_param: ImageUpdatePolicy}
215 flavor: {get_param: Overcloud{{role.name}}Flavor}
216 key_name: {get_param: KeyName}
219 user_data_format: SOFTWARE_CONFIG
220 user_data: {get_resource: UserData}
223 template: {get_param: Hostname}
224 params: {get_param: HostnameMap}
225 software_config_transport: {get_param: SoftwareConfigTransport}
228 - {get_param: ServerMetadata}
229 - {get_param: {{role.name}}ServerMetadata}
230 - {get_param: ServiceMetadataSettings}
231 scheduler_hints: {get_param: {{role.name}}SchedulerHints}
232 deployment_swift_data:
234 - deployment_swift_data_map_unset
236 - {get_param: [DeploymentSwiftDataMap,
237 {get_param: Hostname}]}
239 # Combine the NodeAdminUserData and NodeUserData mime archives
241 type: OS::Heat::MultipartMime
244 - config: {get_resource: NodeAdminUserData}
246 - config: {get_resource: NodeUserData}
248 - config: {get_resource: RoleUserData}
251 # Creates the "heat-admin" user if configured via the environment
252 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
254 type: OS::TripleO::NodeAdminUserData
256 # For optional operator additional userdata
257 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
259 type: OS::TripleO::NodeUserData
261 # For optional operator role-specific userdata
262 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
264 type: OS::TripleO::{{role.name}}::NodeUserData
266 {%- for network in networks %}
267 {{network.name}}Port:
268 type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
270 ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
271 IPPool: {get_param: {{role.name}}IPs}
272 NodeIndex: {get_param: NodeIndex}
276 type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
278 ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
279 {%- for network in networks %}
280 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
284 type: OS::TripleO::Network::Ports::NetIpMap
286 ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
287 {%- for network in networks %}
288 {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
289 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
290 {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
294 type: OS::Heat::Value
302 - - {get_attr: [{{role.name}}, name]}
304 - {get_param: CloudDomain}
308 - - {get_attr: [{{role.name}}, name]}
314 - - {get_attr: [{{role.name}}, name]}
316 - {get_param: CloudDomain}
320 - - {get_attr: [{{role.name}}, name]}
326 - - {get_attr: [{{role.name}}, name]}
328 - {get_param: CloudDomain}
332 - - {get_attr: [{{role.name}}, name]}
338 - - {get_attr: [{{role.name}}, name]}
340 - {get_param: CloudDomain}
344 - - {get_attr: [{{role.name}}, name]}
350 - - {get_attr: [{{role.name}}, name]}
352 - {get_param: CloudDomain}
356 - - {get_attr: [{{role.name}}, name]}
362 - - {get_attr: [{{role.name}}, name]}
364 - {get_param: CloudDomain}
368 - - {get_attr: [{{role.name}}, name]}
374 - - {get_attr: [{{role.name}}, name]}
376 - {get_param: CloudDomain}
380 - - {get_attr: [{{role.name}}, name]}
384 type: OS::TripleO::{{role.name}}::PreNetworkConfig
386 server: {get_resource: {{role.name}}}
387 RoleParameters: {get_param: RoleParameters}
388 ServiceNames: {get_param: ServiceNames}
389 deployment_actions: {get_attr: [DeploymentActions, value]}
392 type: OS::TripleO::SoftwareDeployment
393 depends_on: PreNetworkConfig
395 name: NetworkDeployment
396 config: {get_resource: NetworkConfig}
397 server: {get_resource: {{role.name}}}
398 actions: {get_param: NetworkDeploymentActions}
400 bridge_name: {get_param: NeutronPhysicalBridge}
401 interface_name: {get_param: NeutronPublicInterface}
404 - server_not_blacklisted
405 - {get_param: NetworkDeploymentActions}
408 {{role.name}}UpgradeInitConfig:
409 type: OS::Heat::SoftwareConfig
415 - - "#!/bin/bash\n\n"
416 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
417 - get_param: UpgradeInitCommand
418 - get_param: UpgradeInitCommonCommand
420 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
421 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
422 {{role.name}}UpgradeInitDeployment:
423 type: OS::Heat::SoftwareDeployment
424 depends_on: NetworkDeployment
426 name: {{role.name}}UpgradeInitDeployment
427 server: {get_resource: {{role.name}}}
428 config: {get_resource: {{role.name}}UpgradeInitConfig}
431 - server_not_blacklisted
432 - ['CREATE', 'UPDATE']
435 {{role.name}}Deployment:
436 type: OS::Heat::StructuredDeployment
437 depends_on: {{role.name}}UpgradeInitDeployment
439 name: {{role.name}}Deployment
440 config: {get_resource: {{role.name}}Config}
441 server: {get_resource: {{role.name}}}
443 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
446 - server_not_blacklisted
447 - ['CREATE', 'UPDATE']
451 type: OS::Heat::StructuredConfig
457 - heat_config_%{::deploy_config_name}
459 - {{role.name.lower()}}_extraconfig
463 - {{role.name.lower()}}
464 - bootstrap_node # provided by allNodesConfig
465 - all_nodes # provided by allNodesConfig
466 - vip_data # provided by allNodesConfig
468 merge_behavior: deeper
471 service_names: {get_param: ServiceNames}
472 sensu::subscriptions: {get_param: MonitoringSubscriptions}
475 - {get_param: ServiceConfigSettings}
476 - values: {get_attr: [NetIpMap, net_ip_map]}
477 {{role.name.lower()}}_extraconfig: {get_param: {{role.name}}ExtraConfig}
478 extraconfig: {get_param: ExtraConfig}
479 {{role.name.lower()}}:
480 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
481 tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
482 tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
483 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
484 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
485 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
486 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
487 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
488 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
489 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
491 # Resource for site-specific injection of root certificate
493 depends_on: {{role.name}}Deployment
494 type: OS::TripleO::NodeTLSCAData
496 server: {get_resource: {{role.name}}}
498 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
499 {{role.name}}ExtraConfigPre:
500 depends_on: {{role.name}}Deployment
501 type: OS::TripleO::{{role.name}}ExtraConfigPre
502 # We have to use conditions here so that we don't break backwards
503 # compatibility with templates everywhere
504 condition: server_not_blacklisted
506 server: {get_resource: {{role.name}}}
508 # Hook for site-specific additional pre-deployment config,
509 # applying to all nodes, e.g node registration/unregistration
511 depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData]
512 type: OS::TripleO::NodeExtraConfig
513 # We have to use conditions here so that we don't break backwards
514 # compatibility with templates everywhere
515 condition: server_not_blacklisted
517 server: {get_resource: {{role.name}}}
520 type: OS::TripleO::Tasks::PackageUpdate
523 type: OS::Heat::SoftwareDeployment
524 depends_on: NetworkDeployment
526 name: UpdateDeployment
527 config: {get_resource: UpdateConfig}
528 server: {get_resource: {{role.name}}}
531 get_param: UpdateIdentifier
534 - server_not_blacklisted
535 - ['CREATE', 'UPDATE']
539 type: OS::Heat::Value
543 - server_not_blacklisted
544 - ['CREATE', 'UPDATE']
548 type: OS::TripleO::Ssh::HostPubKey
549 depends_on: {{role.name}}Deployment
551 server: {get_resource: {{role.name}}}
552 deployment_actions: {get_attr: [DeploymentActions, value]}
556 description: IP address of the server in the ctlplane network
557 value: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
559 description: Hostname of the server
560 value: {get_attr: [{{role.name}}, name]}
562 description: Mapping of network names to hostnames
564 {%- for network in networks %}
565 {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
567 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
572 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
573 {%- for network in networks %}
574 {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
576 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
578 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
579 DOMAIN: {get_param: CloudDomain}
580 PRIMARYHOST: {get_attr: [{{role.name}}, name]}
581 {%- for network in networks %}
582 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
583 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
585 CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
586 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
588 description: Entry for ssh known hosts
591 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
592 {%- for network in networks %}
593 {{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\
595 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
597 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
598 DOMAIN: {get_param: CloudDomain}
599 PRIMARYHOST: {get_attr: [{{role.name}}, name]}
600 {%- for network in networks %}
601 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
602 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
604 CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
605 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
606 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
607 nova_server_resource:
608 description: Heat resource handle for {{role.name}} server
610 {get_resource: {{role.name}}}
611 condition: server_not_blacklisted
612 deployed_server_port_map:
614 Map of Heat created hostname of the server to ip address. This is the
615 hostname before it has been mapped with the HostnameMap parameter, and
616 the IP address from the ctlplane network. This map can be used to construct
617 the DeployedServerPortMap parameter when using split-stack.
622 - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
627 - - {get_param: Hostname}
629 deployed_server_deployment_swift_data_map:
631 Map of Heat created hostname of the server to the Swift container and object
632 used to created the temporary url for metadata polling with
640 - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
647 - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
650 - keys: {hostname: {get_param: Hostname}}
652 description: The os-collect-config configuration associated with this server resource
653 value: {get_attr: [{{role.name}}, os_collect_config]}
654 {%- for network in networks %}
655 {{network.name_lower|default(network.name.lower())}}_ip_address:
656 description: IP address of the server in the {{network.name}} network
657 value: {get_attr: [{{network.name}}Port, ip_address]}