1 {#- ## Some variables are set to enable rendering backwards compatible templates #}
2 {#- ## where a few parameter/resource names don't match the expected pattern #}
3 {#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
4 {%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
5 heat_template_version: pike
6 description: 'OpenStack {{role.name}} node configured by Puppet'
8 {%- set default_flavor_name = 'baremetal' %}
9 {%- if role.deprecated_param_flavor is defined %}
10 {{role.deprecated_param_flavor}}:
11 description: DEPRECATED Use Overcloud{{role.name}}Flavor instead.
12 default: {{default_flavor_name}}
15 Overcloud{{role.name}}Flavor:
16 description: Flavor for the {{role.name}} node.
17 default: {{default_flavor_name}}
19 {%- if role.disable_constraints is not defined %}
21 - custom_constraint: nova.flavor
23 {%- set default_image_name = 'overcloud-full' %}
24 {%- if role.deprecated_param_image is defined %}
25 {{role.deprecated_param_image}}:
27 default: {{default_image_name}}
28 description: DEPRECATED Use {{role.name}}Image instead
32 default: {{default_image_name}}
33 description: The disk image file to use for the role.
34 {%- if role.disable_constraints is not defined %}
36 - custom_constraint: glance.image
39 default: 'REBUILD_PRESERVE_EPHEMERAL'
40 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
43 description: Name of an existing Nova key pair to enable SSH access to the instances
46 {%- if role.disable_constraints is not defined %}
48 - custom_constraint: nova.keypair
50 NeutronPhysicalBridge:
52 description: An OVS bridge to create for accessing external networks.
54 NeutronPublicInterface:
56 description: Which interface to add to the NeutronPhysicalBridge.
60 description: Mapping of service_name -> network name. Typically set
61 via parameter_defaults in the resource registry.
65 description: Mapping of service endpoint -> protocol. Typically set
66 via parameter_defaults in the resource registry.
72 Setting to a previously unused value during stack-update will trigger
73 package update on all nodes
76 default: '' # Defaults to Heat created hostname
80 description: Optional mapping to override hostnames
84 Additional hiera configuration to inject into the cluster. Note
85 that {{role.name}}ExtraConfig takes precedence over ExtraConfig.
87 {{role.name}}ExtraConfig:
90 Role specific additional hiera configuration to inject into the cluster.
92 {%- if role.deprecated_param_extraconfig is defined %}
93 {{role.deprecated_param_extraconfig}}:
96 DEPRECATED use {{role.name}}ExtraConfig instead
102 {%- if role.deprecated_param_ips is defined %}
103 {{role.deprecated_param_ips}}:
105 description: DEPRECATED - use {{role.name}}IPs instead
108 {{role.name}}NetworkDeploymentActions:
109 type: comma_delimited_list
111 Heat action when to apply network configuration changes
113 NetworkDeploymentActions:
114 type: comma_delimited_list
116 Heat action when to apply network configuration changes
118 SoftwareConfigTransport:
119 default: POLL_SERVER_CFN
121 How the server should receive the metadata required for software configuration.
124 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
126 default: 'localdomain'
129 The DNS domain used for the hosts. This must match the
130 overcloud_domain_name configured on the undercloud.
131 {{role.name}}ServerMetadata:
134 Extra properties or metadata passed to Nova for the created nodes in
135 the overcloud. It's accessible via the Nova metadata API. This option is
136 role-specific and is merged with the values given to the ServerMetadata
139 {%- if role.deprecated_param_metadata is defined %}
140 {{role.deprecated_param_metadata}}:
142 description: DEPRECATED - use {{role.name}}ServerMetadata instead
148 Extra properties or metadata passed to Nova for the created nodes in
149 the overcloud. It's accessible via the Nova metadata API. This applies to
150 all roles and is merged with a role-specific metadata parameter.
152 {{role.name}}SchedulerHints:
154 description: Optional scheduler hints to pass to nova
159 ServiceConfigSettings:
163 type: comma_delimited_list
165 MonitoringSubscriptions:
166 type: comma_delimited_list
168 ServiceMetadataSettings:
173 description: Command which will be run whenever configuration data changes
174 default: os-refresh-config --timeout 14400
179 Maximum amount of time to possibly to delay configuation collection
180 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
181 the configuration collection to occur as soon as the collection process
182 starts. This setting is used to prevent the configuration collection
183 processes from polling all at the exact same time.
188 type: comma_delimited_list
193 Command or script snippet to run on all overcloud nodes to
194 initialize the upgrade process. E.g. a repository switch.
196 UpgradeInitCommonCommand:
199 Common commands required by the upgrades process. This should not
200 normally be modified by the operator and is set and unset in the
201 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
204 DeploymentServerBlacklistDict:
208 Map of server hostnames to blacklist from any triggered
209 deployments. If the value is 1, the server will be blacklisted. This
210 parameter is generated from the parent template.
213 description: Parameters specific to the role
215 DeploymentSwiftDataMap:
218 Map of servers to Swift container and object for storing deployment data.
219 The keys are the Heat assigned hostnames, and the value is a map of the
220 container/object name in Swift. Example value:
221 overcloud-controller-0:
222 container: overcloud-controller
224 overcloud-controller-1:
225 container: overcloud-controller
227 overcloud-controller-2:
228 container: overcloud-controller
230 overcloud-novacompute-0:
231 container: overcloud-compute
235 {% if role.uses_deprecated_params is defined %}
238 description: Do not use deprecated params, they will be removed.
240 {%- for property in role %}
241 {%- if property.startswith('deprecated_param_') and not role[property].endswith('SchedulerHints') %}
248 server_not_blacklisted:
251 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
253 deployment_swift_data_map_unset:
256 - DeploymentSwiftDataMap
257 - {get_param: Hostname}
259 {%- if role.deprecated_param_image is defined %}
260 deprecated_param_image_set:
263 - {get_param: {{role.deprecated_param_image}}}
264 - {{default_image_name}}
266 {%- if role.deprecated_param_flavor is defined %}
267 deprecated_param_flavor_set:
270 - {get_param: {{role.deprecated_param_flavor}}}
271 - {{default_flavor_name}}
273 role_network_deployment_actions_exists:
276 - {get_param: {{role.name}}NetworkDeploymentActions}
280 {{server_resource_name}}:
281 type: OS::TripleO::{{role.name}}Server
284 command: {get_param: ConfigCommand}
285 splay: {get_param: ConfigCollectSplay}
288 {%- if role.deprecated_param_image is defined %}
290 - deprecated_param_image_set
291 - {get_param: {{role.deprecated_param_image}}}
292 - {get_param: {{role.name}}Image}
294 get_param: {{role.name}}Image
296 image_update_policy: {get_param: ImageUpdatePolicy}
298 {%- if role.deprecated_param_flavor is defined %}
300 - deprecated_param_flavor_set
301 - {get_param: {{role.deprecated_param_flavor}}}
302 - {get_param: Overcloud{{role.name}}Flavor}
304 get_param: Overcloud{{role.name}}Flavor
306 key_name: {get_param: KeyName}
309 user_data_format: SOFTWARE_CONFIG
310 user_data: {get_resource: UserData}
313 template: {get_param: Hostname}
314 params: {get_param: HostnameMap}
315 software_config_transport: {get_param: SoftwareConfigTransport}
318 - {get_param: ServerMetadata}
319 {%- if role.deprecated_param_metadata is defined %}
320 - {get_param: {{role.deprecated_param_metadata}}}
322 - {get_param: {{role.name}}ServerMetadata}
323 - {get_param: ServiceMetadataSettings}
324 scheduler_hints: {get_param: {{role.name}}SchedulerHints}
325 deployment_swift_data:
327 - deployment_swift_data_map_unset
329 - {get_param: [DeploymentSwiftDataMap,
330 {get_param: Hostname}]}
332 # Combine the NodeAdminUserData and NodeUserData mime archives
334 type: OS::Heat::MultipartMime
337 - config: {get_resource: NodeAdminUserData}
339 - config: {get_resource: NodeUserData}
341 - config: {get_resource: RoleUserData}
344 # Creates the "heat-admin" user if configured via the environment
345 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
347 type: OS::TripleO::NodeAdminUserData
349 # For optional operator additional userdata
350 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
352 type: OS::TripleO::NodeUserData
354 # For optional operator role-specific userdata
355 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
357 type: OS::TripleO::{{role.name}}::NodeUserData
359 {%- for network in networks %}
360 {{network.name}}Port:
361 type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
363 ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
366 {%- if role.deprecated_param_ips is defined %}
367 - {get_param: {{role.deprecated_param_ips}}}
369 - {get_param: {{role.name}}IPs}
370 NodeIndex: {get_param: NodeIndex}
374 type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
376 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
377 {%- for network in networks %}
378 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
382 type: OS::TripleO::Network::Ports::NetIpMap
384 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
385 {%- for network in networks %}
386 {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
387 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
388 {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
392 type: OS::Heat::Value
400 - - {get_attr: [{{server_resource_name}}, name]}
402 - {get_param: CloudDomain}
406 - - {get_attr: [{{server_resource_name}}, name]}
412 - - {get_attr: [{{server_resource_name}}, name]}
414 - {get_param: CloudDomain}
418 - - {get_attr: [{{server_resource_name}}, name]}
424 - - {get_attr: [{{server_resource_name}}, name]}
426 - {get_param: CloudDomain}
430 - - {get_attr: [{{server_resource_name}}, name]}
436 - - {get_attr: [{{server_resource_name}}, name]}
438 - {get_param: CloudDomain}
442 - - {get_attr: [{{server_resource_name}}, name]}
448 - - {get_attr: [{{server_resource_name}}, name]}
450 - {get_param: CloudDomain}
454 - - {get_attr: [{{server_resource_name}}, name]}
460 - - {get_attr: [{{server_resource_name}}, name]}
462 - {get_param: CloudDomain}
466 - - {get_attr: [{{server_resource_name}}, name]}
472 - - {get_attr: [{{server_resource_name}}, name]}
474 - {get_param: CloudDomain}
478 - - {get_attr: [{{server_resource_name}}, name]}
484 - - {get_attr: [{{server_resource_name}}, name]}
485 - {get_param: CloudDomain}
487 - {get_attr: [{{server_resource_name}}, name]}
490 type: OS::TripleO::{{role.name}}::PreNetworkConfig
492 server: {get_resource: {{server_resource_name}}}
493 RoleParameters: {get_param: RoleParameters}
494 ServiceNames: {get_param: ServiceNames}
495 deployment_actions: {get_attr: [DeploymentActions, value]}
498 type: OS::TripleO::SoftwareDeployment
499 depends_on: PreNetworkConfig
501 name: NetworkDeployment
502 config: {get_resource: NetworkConfig}
503 server: {get_resource: {{server_resource_name}}}
504 actions: {get_param: NetworkDeploymentActions}
506 bridge_name: {get_param: NeutronPhysicalBridge}
507 interface_name: {get_param: NeutronPublicInterface}
510 - server_not_blacklisted
512 - role_network_deployment_actions_exists
513 - {get_param: {{role.name}}NetworkDeploymentActions}
514 - {get_param: NetworkDeploymentActions}
517 {{server_resource_name}}UpgradeInitConfig:
518 type: OS::Heat::SoftwareConfig
524 - - "#!/bin/bash\n\n"
525 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
526 - get_param: UpgradeInitCommand
527 - get_param: UpgradeInitCommonCommand
529 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
530 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
531 {{server_resource_name}}UpgradeInitDeployment:
532 type: OS::Heat::SoftwareDeployment
533 depends_on: NetworkDeployment
535 name: {{server_resource_name}}UpgradeInitDeployment
536 server: {get_resource: {{server_resource_name}}}
537 config: {get_resource: {{server_resource_name}}UpgradeInitConfig}
540 - server_not_blacklisted
541 - ['CREATE', 'UPDATE']
544 {{server_resource_name}}Deployment:
545 type: OS::Heat::StructuredDeployment
546 depends_on: {{server_resource_name}}UpgradeInitDeployment
548 name: {{server_resource_name}}Deployment
549 config: {get_resource: {{server_resource_name}}Config}
550 server: {get_resource: {{server_resource_name}}}
552 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
555 - server_not_blacklisted
556 - ['CREATE', 'UPDATE']
559 {{server_resource_name}}Config:
560 type: OS::Heat::StructuredConfig
566 - heat_config_%{::deploy_config_name}
568 - {{role.name.lower()}}_extraconfig
572 - {{role.name.lower()}}
573 - bootstrap_node # provided by allNodesConfig
574 - all_nodes # provided by allNodesConfig
575 - vip_data # provided by allNodesConfig
578 # The following are required for compatibility with the Controller role
579 # where some vendor integrations added hieradata via ExtraConfigPre
580 - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre
581 - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre
582 - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre
583 - midonet_data #Optionally provided by AllNodesExtraConfig
584 - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre
585 - common # Optionally provided by os-net-config
586 merge_behavior: deeper
589 service_names: {get_param: ServiceNames}
590 sensu::subscriptions: {get_param: MonitoringSubscriptions}
591 net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
594 - {get_param: ServiceConfigSettings}
595 - values: {get_attr: [NetIpMap, net_ip_map]}
596 {{role.name.lower()}}_extraconfig:
598 {%- if role.deprecated_param_extraconfig is defined %}
599 - {get_param: {{role.deprecated_param_extraconfig}}}
601 - {get_param: {{server_resource_name}}ExtraConfig}
602 extraconfig: {get_param: ExtraConfig}
603 {{role.name.lower()}}:
604 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
605 tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
606 tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
607 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
608 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
609 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
610 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
611 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
612 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
613 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
614 fqdn_canonical: {get_attr: [NetHostMap, value, canonical, fqdn]}
616 # Resource for site-specific injection of root certificate
618 depends_on: NetworkDeployment
619 type: OS::TripleO::NodeTLSCAData
621 server: {get_resource: {{server_resource_name}}}
623 {%- if 'primary' in role.tags and 'controller' in role.tags %}
624 # Resource for site-specific passing of private keys/certificates
626 depends_on: NodeTLSCAData
627 type: OS::TripleO::NodeTLSData
629 server: {get_resource: {{server_resource_name}}}
630 NodeIndex: {get_param: NodeIndex}
633 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
634 {{role.name}}ExtraConfigPre:
635 depends_on: {{server_resource_name}}Deployment
636 type: OS::TripleO::{{role.name}}ExtraConfigPre
637 # We have to use conditions here so that we don't break backwards
638 # compatibility with templates everywhere
639 condition: server_not_blacklisted
641 server: {get_resource: {{server_resource_name}}}
643 # Hook for site-specific additional pre-deployment config,
644 # applying to all nodes, e.g node registration/unregistration
647 - {{role.name}}ExtraConfigPre
648 {%- if 'primary' in role.tags and 'controller' in role.tags %}
653 type: OS::TripleO::NodeExtraConfig
654 # We have to use conditions here so that we don't break backwards
655 # compatibility with templates everywhere
656 condition: server_not_blacklisted
658 server: {get_resource: {{server_resource_name}}}
661 type: OS::TripleO::Tasks::PackageUpdate
664 type: OS::Heat::SoftwareDeployment
665 depends_on: NetworkDeployment
667 name: UpdateDeployment
668 config: {get_resource: UpdateConfig}
669 server: {get_resource: {{server_resource_name}}}
672 get_param: UpdateIdentifier
675 - server_not_blacklisted
676 - ['CREATE', 'UPDATE']
680 type: OS::Heat::Value
684 - server_not_blacklisted
685 - ['CREATE', 'UPDATE']
689 type: OS::TripleO::Ssh::HostPubKey
690 depends_on: {{server_resource_name}}Deployment
692 server: {get_resource: {{server_resource_name}}}
693 deployment_actions: {get_attr: [DeploymentActions, value]}
697 description: IP address of the server in the ctlplane network
698 value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
700 description: Hostname of the server
701 value: {get_attr: [{{server_resource_name}}, name]}
703 description: Mapping of network names to hostnames
705 {%- for network in networks %}
706 {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
708 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
709 canonical: {get_attr: [NetHostMap, value, canonical, fqdn]}
714 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
715 {%- for network in networks %}
716 {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
718 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
720 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
721 DOMAIN: {get_param: CloudDomain}
722 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
723 {%- for network in networks %}
724 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
725 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
727 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
728 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
730 description: Entry for ssh known hosts
733 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
734 {%- for network in networks %}
735 {{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\
737 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
739 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
740 DOMAIN: {get_param: CloudDomain}
741 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
742 {%- for network in networks %}
743 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
744 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
746 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
747 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
748 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
749 nova_server_resource:
750 description: Heat resource handle for {{role.name}} server
752 {get_resource: {{server_resource_name}}}
753 condition: server_not_blacklisted
754 deployed_server_port_map:
756 Map of Heat created hostname of the server to ip address. This is the
757 hostname before it has been mapped with the HostnameMap parameter, and
758 the IP address from the ctlplane network. This map can be used to construct
759 the DeployedServerPortMap parameter when using split-stack.
764 - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
769 - - {get_param: Hostname}
771 deployed_server_deployment_swift_data_map:
773 Map of Heat created hostname of the server to the Swift container and object
774 used to created the temporary url for metadata polling with
782 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
789 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
792 - keys: {hostname: {get_param: Hostname}}
793 {%- if 'primary' in role.tags and 'controller' in role.tags %}
795 description: MD5 checksum of the TLS Key Modulus
796 value: {get_attr: [NodeTLSData, key_modulus_md5]}
797 tls_cert_modulus_md5:
798 description: MD5 checksum of the TLS Certificate Modulus
799 value: {get_attr: [NodeTLSData, cert_modulus_md5]}
802 description: The os-collect-config configuration associated with this server resource
803 value: {get_attr: [{{server_resource_name}}, os_collect_config]}
804 {%- for network in networks %}
805 {{network.name_lower|default(network.name.lower())}}_ip_address:
806 description: IP address of the server in the {{network.name}} network
807 value: {get_attr: [{{network.name}}Port, ip_address]}