1 {#- ## Some variables are set to enable rendering backwards compatible templates #}
2 {#- ## where a few parameter/resource names don't match the expected pattern #}
3 {#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
4 {%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
5 heat_template_version: pike
6 description: 'OpenStack {{role.name}} node configured by Puppet'
8 {%- set default_flavor_name = 'baremetal' %}
9 {%- if role.deprecated_param_flavor is defined %}
10 {{role.deprecated_param_flavor}}:
11 description: DEPRECATED Use Overcloud{{role.name}}Flavor instead.
12 default: {{default_flavor_name}}
15 Overcloud{{role.name}}Flavor:
16 description: Flavor for the {{role.name}} node.
17 default: {{default_flavor_name}}
19 {%- if role.disable_constraints is not defined %}
21 - custom_constraint: nova.flavor
23 {%- set default_image_name = 'overcloud-full' %}
24 {%- if role.deprecated_param_image is defined %}
25 {{role.deprecated_param_image}}:
27 default: {{default_image_name}}
28 description: DEPRECATED Use {{role.name}}Image instead
32 default: {{default_image_name}}
33 description: The disk image file to use for the role.
34 {%- if role.disable_constraints is not defined %}
36 - custom_constraint: glance.image
39 default: 'REBUILD_PRESERVE_EPHEMERAL'
40 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
43 description: Name of an existing Nova key pair to enable SSH access to the instances
46 {%- if role.disable_constraints is not defined %}
48 - custom_constraint: nova.keypair
50 NeutronPhysicalBridge:
52 description: An OVS bridge to create for accessing external networks.
54 NeutronPublicInterface:
56 description: Which interface to add to the NeutronPhysicalBridge.
60 description: Mapping of service_name -> network name. Typically set
61 via parameter_defaults in the resource registry.
65 description: Mapping of service endpoint -> protocol. Typically set
66 via parameter_defaults in the resource registry.
72 Setting to a previously unused value during stack-update will trigger
73 package update on all nodes
76 default: '' # Defaults to Heat created hostname
80 description: Optional mapping to override hostnames
84 Additional hiera configuration to inject into the cluster. Note
85 that {{role.name}}ExtraConfig takes precedence over ExtraConfig.
87 {{role.name}}ExtraConfig:
90 Role specific additional hiera configuration to inject into the cluster.
92 {%- if role.deprecated_param_extraconfig is defined %}
93 {{role.deprecated_param_extraconfig}}:
96 DEPRECATED use {{role.name}}ExtraConfig instead
102 {%- if role.deprecated_param_ips is defined %}
103 {{role.deprecated_param_ips}}:
105 description: DEPRECATED - use {{role.name}}IPs instead
108 NetworkDeploymentActions:
109 type: comma_delimited_list
111 Heat action when to apply network configuration changes
113 SoftwareConfigTransport:
114 default: POLL_SERVER_CFN
116 How the server should receive the metadata required for software configuration.
119 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
121 default: 'localdomain'
124 The DNS domain used for the hosts. This must match the
125 overcloud_domain_name configured on the undercloud.
126 {{role.name}}ServerMetadata:
129 Extra properties or metadata passed to Nova for the created nodes in
130 the overcloud. It's accessible via the Nova metadata API. This option is
131 role-specific and is merged with the values given to the ServerMetadata
134 {%- if role.deprecated_param_metadata is defined %}
135 {{role.deprecated_param_metadata}}:
137 description: DEPRECATED - use {{role.name}}ServerMetadata instead
143 Extra properties or metadata passed to Nova for the created nodes in
144 the overcloud. It's accessible via the Nova metadata API. This applies to
145 all roles and is merged with a role-specific metadata parameter.
147 {{role.name}}SchedulerHints:
149 description: Optional scheduler hints to pass to nova
154 ServiceConfigSettings:
158 type: comma_delimited_list
160 MonitoringSubscriptions:
161 type: comma_delimited_list
163 ServiceMetadataSettings:
168 description: Command which will be run whenever configuration data changes
169 default: os-refresh-config --timeout 14400
174 Maximum amount of time to possibly to delay configuation collection
175 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
176 the configuration collection to occur as soon as the collection process
177 starts. This setting is used to prevent the configuration collection
178 processes from polling all at the exact same time.
183 type: comma_delimited_list
188 Command or script snippet to run on all overcloud nodes to
189 initialize the upgrade process. E.g. a repository switch.
191 UpgradeInitCommonCommand:
194 Common commands required by the upgrades process. This should not
195 normally be modified by the operator and is set and unset in the
196 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
199 DeploymentServerBlacklistDict:
203 Map of server hostnames to blacklist from any triggered
204 deployments. If the value is 1, the server will be blacklisted. This
205 parameter is generated from the parent template.
208 description: Parameters specific to the role
210 DeploymentSwiftDataMap:
213 Map of servers to Swift container and object for storing deployment data.
214 The keys are the Heat assigned hostnames, and the value is a map of the
215 container/object name in Swift. Example value:
216 overcloud-controller-0:
217 container: overcloud-controller
219 overcloud-controller-1:
220 container: overcloud-controller
222 overcloud-controller-2:
223 container: overcloud-controller
225 overcloud-novacompute-0:
226 container: overcloud-compute
230 {% if role.uses_deprecated_params is defined %}
233 description: Do not use deprecated params, they will be removed.
235 {%- for property in role %}
236 {%- if property.startswith('deprecated_param_') and not role[property].endswith('SchedulerHints') %}
243 server_not_blacklisted:
246 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
248 deployment_swift_data_map_unset:
251 - DeploymentSwiftDataMap
252 - {get_param: Hostname}
254 {%- if role.deprecated_param_image is defined %}
255 deprecated_param_image_set:
258 - {get_param: {{role.deprecated_param_image}}}
259 - {{default_image_name}}
261 {%- if role.deprecated_param_flavor is defined %}
262 deprecated_param_flavor_set:
265 - {get_param: {{role.deprecated_param_flavor}}}
266 - {{default_flavor_name}}
270 {{server_resource_name}}:
271 type: OS::TripleO::{{role.name}}Server
274 command: {get_param: ConfigCommand}
275 splay: {get_param: ConfigCollectSplay}
278 {%- if role.deprecated_param_image is defined %}
280 - deprecated_param_image_set
281 - {get_param: {{role.deprecated_param_image}}}
282 - {get_param: {{role.name}}Image}
284 get_param: {{role.name}}Image
286 image_update_policy: {get_param: ImageUpdatePolicy}
288 {%- if role.deprecated_param_flavor is defined %}
290 - deprecated_param_flavor_set
291 - {get_param: {{role.deprecated_param_flavor}}}
292 - {get_param: Overcloud{{role.name}}Flavor}
294 get_param: Overcloud{{role.name}}Flavor
296 key_name: {get_param: KeyName}
299 user_data_format: SOFTWARE_CONFIG
300 user_data: {get_resource: UserData}
303 template: {get_param: Hostname}
304 params: {get_param: HostnameMap}
305 software_config_transport: {get_param: SoftwareConfigTransport}
308 - {get_param: ServerMetadata}
309 {%- if role.deprecated_param_metadata is defined %}
310 - {get_param: {{role.deprecated_param_metadata}}}
312 - {get_param: {{role.name}}ServerMetadata}
313 - {get_param: ServiceMetadataSettings}
314 scheduler_hints: {get_param: {{role.name}}SchedulerHints}
315 deployment_swift_data:
317 - deployment_swift_data_map_unset
319 - {get_param: [DeploymentSwiftDataMap,
320 {get_param: Hostname}]}
322 # Combine the NodeAdminUserData and NodeUserData mime archives
324 type: OS::Heat::MultipartMime
327 - config: {get_resource: NodeAdminUserData}
329 - config: {get_resource: NodeUserData}
331 - config: {get_resource: RoleUserData}
334 # Creates the "heat-admin" user if configured via the environment
335 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
337 type: OS::TripleO::NodeAdminUserData
339 # For optional operator additional userdata
340 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
342 type: OS::TripleO::NodeUserData
344 # For optional operator role-specific userdata
345 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
347 type: OS::TripleO::{{role.name}}::NodeUserData
349 {%- for network in networks %}
350 {{network.name}}Port:
351 type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
353 ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
356 {%- if role.deprecated_param_ips is defined %}
357 - {get_param: {{role.deprecated_param_ips}}}
359 - {get_param: {{role.name}}IPs}
360 NodeIndex: {get_param: NodeIndex}
364 type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
366 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
367 {%- for network in networks %}
368 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
372 type: OS::TripleO::Network::Ports::NetIpMap
374 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
375 {%- for network in networks %}
376 {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
377 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
378 {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
382 type: OS::Heat::Value
390 - - {get_attr: [{{server_resource_name}}, name]}
392 - {get_param: CloudDomain}
396 - - {get_attr: [{{server_resource_name}}, name]}
402 - - {get_attr: [{{server_resource_name}}, name]}
404 - {get_param: CloudDomain}
408 - - {get_attr: [{{server_resource_name}}, name]}
414 - - {get_attr: [{{server_resource_name}}, name]}
416 - {get_param: CloudDomain}
420 - - {get_attr: [{{server_resource_name}}, name]}
426 - - {get_attr: [{{server_resource_name}}, name]}
428 - {get_param: CloudDomain}
432 - - {get_attr: [{{server_resource_name}}, name]}
438 - - {get_attr: [{{server_resource_name}}, name]}
440 - {get_param: CloudDomain}
444 - - {get_attr: [{{server_resource_name}}, name]}
450 - - {get_attr: [{{server_resource_name}}, name]}
452 - {get_param: CloudDomain}
456 - - {get_attr: [{{server_resource_name}}, name]}
462 - - {get_attr: [{{server_resource_name}}, name]}
464 - {get_param: CloudDomain}
468 - - {get_attr: [{{server_resource_name}}, name]}
472 type: OS::TripleO::{{role.name}}::PreNetworkConfig
474 server: {get_resource: {{server_resource_name}}}
475 RoleParameters: {get_param: RoleParameters}
476 ServiceNames: {get_param: ServiceNames}
477 deployment_actions: {get_attr: [DeploymentActions, value]}
480 type: OS::TripleO::SoftwareDeployment
481 depends_on: PreNetworkConfig
483 name: NetworkDeployment
484 config: {get_resource: NetworkConfig}
485 server: {get_resource: {{server_resource_name}}}
486 actions: {get_param: NetworkDeploymentActions}
488 bridge_name: {get_param: NeutronPhysicalBridge}
489 interface_name: {get_param: NeutronPublicInterface}
492 - server_not_blacklisted
493 - {get_param: NetworkDeploymentActions}
496 {{server_resource_name}}UpgradeInitConfig:
497 type: OS::Heat::SoftwareConfig
503 - - "#!/bin/bash\n\n"
504 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
505 - get_param: UpgradeInitCommand
506 - get_param: UpgradeInitCommonCommand
508 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
509 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
510 {{server_resource_name}}UpgradeInitDeployment:
511 type: OS::Heat::SoftwareDeployment
512 depends_on: NetworkDeployment
514 name: {{server_resource_name}}UpgradeInitDeployment
515 server: {get_resource: {{server_resource_name}}}
516 config: {get_resource: {{server_resource_name}}UpgradeInitConfig}
519 - server_not_blacklisted
520 - ['CREATE', 'UPDATE']
523 {{server_resource_name}}Deployment:
524 type: OS::Heat::StructuredDeployment
525 depends_on: {{server_resource_name}}UpgradeInitDeployment
527 name: {{server_resource_name}}Deployment
528 config: {get_resource: {{server_resource_name}}Config}
529 server: {get_resource: {{server_resource_name}}}
531 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
534 - server_not_blacklisted
535 - ['CREATE', 'UPDATE']
538 {{server_resource_name}}Config:
539 type: OS::Heat::StructuredConfig
545 - heat_config_%{::deploy_config_name}
547 - {{role.name.lower()}}_extraconfig
551 - {{role.name.lower()}}
552 - bootstrap_node # provided by allNodesConfig
553 - all_nodes # provided by allNodesConfig
554 - vip_data # provided by allNodesConfig
556 # The following are required for compatibility with the Controller role
557 # where some vendor integrations added hieradata via ExtraConfigPre
558 - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre
559 - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre
560 - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre
561 - midonet_data #Optionally provided by AllNodesExtraConfig
562 - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre
563 merge_behavior: deeper
566 service_names: {get_param: ServiceNames}
567 sensu::subscriptions: {get_param: MonitoringSubscriptions}
570 - {get_param: ServiceConfigSettings}
571 - values: {get_attr: [NetIpMap, net_ip_map]}
572 {{role.name.lower()}}_extraconfig:
574 {%- if role.deprecated_param_extraconfig is defined %}
575 - {get_param: {{role.deprecated_param_extraconfig}}}
577 - {get_param: {{server_resource_name}}ExtraConfig}
578 extraconfig: {get_param: ExtraConfig}
579 {{role.name.lower()}}:
580 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
581 tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
582 tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
583 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
584 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
585 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
586 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
587 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
588 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
589 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
591 # Resource for site-specific injection of root certificate
593 depends_on: NetworkDeployment
594 type: OS::TripleO::NodeTLSCAData
596 server: {get_resource: {{server_resource_name}}}
598 {%- if 'primary' in role.tags and 'controller' in role.tags %}
599 # Resource for site-specific passing of private keys/certificates
601 depends_on: NodeTLSCAData
602 type: OS::TripleO::NodeTLSData
604 server: {get_resource: {{server_resource_name}}}
605 NodeIndex: {get_param: NodeIndex}
608 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
609 {{role.name}}ExtraConfigPre:
610 depends_on: {{server_resource_name}}Deployment
611 type: OS::TripleO::{{role.name}}ExtraConfigPre
612 # We have to use conditions here so that we don't break backwards
613 # compatibility with templates everywhere
614 condition: server_not_blacklisted
616 server: {get_resource: {{server_resource_name}}}
618 # Hook for site-specific additional pre-deployment config,
619 # applying to all nodes, e.g node registration/unregistration
622 - {{role.name}}ExtraConfigPre
623 {%- if 'primary' in role.tags and 'controller' in role.tags %}
628 type: OS::TripleO::NodeExtraConfig
629 # We have to use conditions here so that we don't break backwards
630 # compatibility with templates everywhere
631 condition: server_not_blacklisted
633 server: {get_resource: {{server_resource_name}}}
636 type: OS::TripleO::Tasks::PackageUpdate
639 type: OS::Heat::SoftwareDeployment
640 depends_on: NetworkDeployment
642 name: UpdateDeployment
643 config: {get_resource: UpdateConfig}
644 server: {get_resource: {{server_resource_name}}}
647 get_param: UpdateIdentifier
650 - server_not_blacklisted
651 - ['CREATE', 'UPDATE']
655 type: OS::Heat::Value
659 - server_not_blacklisted
660 - ['CREATE', 'UPDATE']
664 type: OS::TripleO::Ssh::HostPubKey
665 depends_on: {{server_resource_name}}Deployment
667 server: {get_resource: {{server_resource_name}}}
668 deployment_actions: {get_attr: [DeploymentActions, value]}
672 description: IP address of the server in the ctlplane network
673 value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
675 description: Hostname of the server
676 value: {get_attr: [{{server_resource_name}}, name]}
678 description: Mapping of network names to hostnames
680 {%- for network in networks %}
681 {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
683 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
688 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
689 {%- for network in networks %}
690 {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
692 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
694 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
695 DOMAIN: {get_param: CloudDomain}
696 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
697 {%- for network in networks %}
698 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
699 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
701 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
702 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
704 description: Entry for ssh known hosts
707 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
708 {%- for network in networks %}
709 {{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\
711 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
713 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
714 DOMAIN: {get_param: CloudDomain}
715 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
716 {%- for network in networks %}
717 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
718 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
720 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
721 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
722 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
723 nova_server_resource:
724 description: Heat resource handle for {{role.name}} server
726 {get_resource: {{server_resource_name}}}
727 condition: server_not_blacklisted
728 deployed_server_port_map:
730 Map of Heat created hostname of the server to ip address. This is the
731 hostname before it has been mapped with the HostnameMap parameter, and
732 the IP address from the ctlplane network. This map can be used to construct
733 the DeployedServerPortMap parameter when using split-stack.
738 - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
743 - - {get_param: Hostname}
745 deployed_server_deployment_swift_data_map:
747 Map of Heat created hostname of the server to the Swift container and object
748 used to created the temporary url for metadata polling with
756 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
763 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
766 - keys: {hostname: {get_param: Hostname}}
767 {%- if 'primary' in role.tags and 'controller' in role.tags %}
769 description: MD5 checksum of the TLS Key Modulus
770 value: {get_attr: [NodeTLSData, key_modulus_md5]}
771 tls_cert_modulus_md5:
772 description: MD5 checksum of the TLS Certificate Modulus
773 value: {get_attr: [NodeTLSData, cert_modulus_md5]}
776 description: The os-collect-config configuration associated with this server resource
777 value: {get_attr: [{{server_resource_name}}, os_collect_config]}
778 {%- for network in networks %}
779 {{network.name_lower|default(network.name.lower())}}_ip_address:
780 description: IP address of the server in the {{network.name}} network
781 value: {get_attr: [{{network.name}}Port, ip_address]}