1 {#- ## Some variables are set to enable rendering backwards compatible templates #}
2 {#- ## where a few parameter/resource names don't match the expected pattern #}
3 {#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
4 {%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
5 heat_template_version: pike
6 description: 'OpenStack {{role.name}} node configured by Puppet'
8 {%- set default_flavor_name = 'baremetal' %}
9 {%- if role.deprecated_param_flavor is defined %}
10 {{role.deprecated_param_flavor}}:
11 description: DEPRECATED Use Overcloud{{role.name}}Flavor instead.
12 default: {{default_flavor_name}}
15 Overcloud{{role.name}}Flavor:
16 description: Flavor for the {{role.name}} node.
17 default: {{default_flavor_name}}
19 {%- if role.disable_constraints is not defined %}
21 - custom_constraint: nova.flavor
23 {%- set default_image_name = 'overcloud-full' %}
24 {%- if role.deprecated_param_image is defined %}
25 {{role.deprecated_param_image}}:
27 default: {{default_image_name}}
28 description: DEPRECATED Use {{role.name}}Image instead
32 default: {{default_image_name}}
33 description: The disk image file to use for the role.
34 {%- if role.disable_constraints is not defined %}
36 - custom_constraint: glance.image
39 default: 'REBUILD_PRESERVE_EPHEMERAL'
40 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
43 description: Name of an existing Nova key pair to enable SSH access to the instances
46 {%- if role.disable_constraints is not defined %}
48 - custom_constraint: nova.keypair
50 NeutronPhysicalBridge:
52 description: An OVS bridge to create for accessing external networks.
54 NeutronPublicInterface:
56 description: Which interface to add to the NeutronPhysicalBridge.
60 description: Mapping of service_name -> network name. Typically set
61 via parameter_defaults in the resource registry.
65 description: Mapping of service endpoint -> protocol. Typically set
66 via parameter_defaults in the resource registry.
72 Setting to a previously unused value during stack-update will trigger
73 package update on all nodes
76 default: '' # Defaults to Heat created hostname
80 description: Optional mapping to override hostnames
84 Additional hiera configuration to inject into the cluster. Note
85 that {{role.name}}ExtraConfig takes precedence over ExtraConfig.
87 {{role.name}}ExtraConfig:
90 Role specific additional hiera configuration to inject into the cluster.
92 {%- if role.deprecated_param_extraconfig is defined %}
93 {{role.deprecated_param_extraconfig}}:
96 DEPRECATED use {{role.name}}ExtraConfig instead
102 {%- if role.deprecated_param_ips is defined %}
103 {{role.deprecated_param_ips}}:
105 description: DEPRECATED - use {{role.name}}IPs instead
108 NetworkDeploymentActions:
109 type: comma_delimited_list
111 Heat action when to apply network configuration changes
113 SoftwareConfigTransport:
114 default: POLL_SERVER_CFN
116 How the server should receive the metadata required for software configuration.
119 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
121 default: 'localdomain'
124 The DNS domain used for the hosts. This must match the
125 overcloud_domain_name configured on the undercloud.
126 {{role.name}}ServerMetadata:
129 Extra properties or metadata passed to Nova for the created nodes in
130 the overcloud. It's accessible via the Nova metadata API. This option is
131 role-specific and is merged with the values given to the ServerMetadata
134 {%- if role.deprecated_param_metadata is defined %}
135 {{role.deprecated_param_metadata}}:
137 description: DEPRECATED - use {{role.name}}ServerMetadata instead
143 Extra properties or metadata passed to Nova for the created nodes in
144 the overcloud. It's accessible via the Nova metadata API. This applies to
145 all roles and is merged with a role-specific metadata parameter.
147 {{role.name}}SchedulerHints:
149 description: Optional scheduler hints to pass to nova
151 {%- if role.deprecated_param_scheduler_hints is defined %}
152 {{role.deprecated_param_scheduler_hints}}:
154 description: DEPRECATED - use {{role.name}}SchedulerHints instead
160 ServiceConfigSettings:
164 type: comma_delimited_list
166 MonitoringSubscriptions:
167 type: comma_delimited_list
169 ServiceMetadataSettings:
174 description: Command which will be run whenever configuration data changes
175 default: os-refresh-config --timeout 14400
180 Maximum amount of time to possibly to delay configuation collection
181 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
182 the configuration collection to occur as soon as the collection process
183 starts. This setting is used to prevent the configuration collection
184 processes from polling all at the exact same time.
189 type: comma_delimited_list
194 Command or script snippet to run on all overcloud nodes to
195 initialize the upgrade process. E.g. a repository switch.
197 UpgradeInitCommonCommand:
200 Common commands required by the upgrades process. This should not
201 normally be modified by the operator and is set and unset in the
202 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
205 DeploymentServerBlacklistDict:
209 Map of server hostnames to blacklist from any triggered
210 deployments. If the value is 1, the server will be blacklisted. This
211 parameter is generated from the parent template.
214 description: Parameters specific to the role
216 DeploymentSwiftDataMap:
219 Map of servers to Swift container and object for storing deployment data.
220 The keys are the Heat assigned hostnames, and the value is a map of the
221 container/object name in Swift. Example value:
222 overcloud-controller-0:
223 container: overcloud-controller
225 overcloud-controller-1:
226 container: overcloud-controller
228 overcloud-controller-2:
229 container: overcloud-controller
231 overcloud-novacompute-0:
232 container: overcloud-compute
236 {% if role.uses_deprecated_params is defined %}
239 description: Do not use deprecated params, they will be removed.
241 {%- for property in role %}
242 {%- if property.startswith('deprecated_param_') %}
249 server_not_blacklisted:
252 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
254 deployment_swift_data_map_unset:
257 - DeploymentSwiftDataMap
258 - {get_param: Hostname}
260 {%- if role.deprecated_param_image is defined %}
261 deprecated_param_image_set:
264 - {get_param: {{role.deprecated_param_image}}}
265 - {{default_image_name}}
267 {%- if role.deprecated_param_flavor is defined %}
268 deprecated_param_flavor_set:
271 - {get_param: {{role.deprecated_param_flavor}}}
272 - {{default_flavor_name}}
276 {{server_resource_name}}:
277 type: OS::TripleO::{{role.name}}Server
280 command: {get_param: ConfigCommand}
281 splay: {get_param: ConfigCollectSplay}
284 {%- if role.deprecated_param_image is defined %}
286 - deprecated_param_image_set
287 - {get_param: {{role.deprecated_param_image}}}
288 - {get_param: {{role.name}}Image}
290 get_param: {{role.name}}Image
292 image_update_policy: {get_param: ImageUpdatePolicy}
294 {%- if role.deprecated_param_flavor is defined %}
296 - deprecated_param_flavor_set
297 - {get_param: {{role.deprecated_param_flavor}}}
298 - {get_param: Overcloud{{role.name}}Flavor}
300 get_param: Overcloud{{role.name}}Flavor
302 key_name: {get_param: KeyName}
305 user_data_format: SOFTWARE_CONFIG
306 user_data: {get_resource: UserData}
309 template: {get_param: Hostname}
310 params: {get_param: HostnameMap}
311 software_config_transport: {get_param: SoftwareConfigTransport}
314 - {get_param: ServerMetadata}
315 {%- if role.deprecated_param_metadata is defined %}
316 - {get_param: {{role.deprecated_param_metadata}}}
318 - {get_param: {{role.name}}ServerMetadata}
319 - {get_param: ServiceMetadataSettings}
322 {%- if role.deprecated_param_scheduler_hints is defined %}
323 - {get_param: {{role.deprecated_param_scheduler_hints}}}
325 - {get_param: {{role.name}}SchedulerHints}
326 deployment_swift_data:
328 - deployment_swift_data_map_unset
330 - {get_param: [DeploymentSwiftDataMap,
331 {get_param: Hostname}]}
333 # Combine the NodeAdminUserData and NodeUserData mime archives
335 type: OS::Heat::MultipartMime
338 - config: {get_resource: NodeAdminUserData}
340 - config: {get_resource: NodeUserData}
342 - config: {get_resource: RoleUserData}
345 # Creates the "heat-admin" user if configured via the environment
346 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
348 type: OS::TripleO::NodeAdminUserData
350 # For optional operator additional userdata
351 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
353 type: OS::TripleO::NodeUserData
355 # For optional operator role-specific userdata
356 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
358 type: OS::TripleO::{{role.name}}::NodeUserData
360 {%- for network in networks %}
361 {{network.name}}Port:
362 type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
364 ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
367 {%- if role.deprecated_param_ips is defined %}
368 - {get_param: {{role.deprecated_param_ips}}}
370 - {get_param: {{role.name}}IPs}
371 NodeIndex: {get_param: NodeIndex}
375 type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
377 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
378 {%- for network in networks %}
379 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
383 type: OS::TripleO::Network::Ports::NetIpMap
385 ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
386 {%- for network in networks %}
387 {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
388 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
389 {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
393 type: OS::Heat::Value
401 - - {get_attr: [{{server_resource_name}}, name]}
403 - {get_param: CloudDomain}
407 - - {get_attr: [{{server_resource_name}}, name]}
413 - - {get_attr: [{{server_resource_name}}, name]}
415 - {get_param: CloudDomain}
419 - - {get_attr: [{{server_resource_name}}, name]}
425 - - {get_attr: [{{server_resource_name}}, name]}
427 - {get_param: CloudDomain}
431 - - {get_attr: [{{server_resource_name}}, name]}
437 - - {get_attr: [{{server_resource_name}}, name]}
439 - {get_param: CloudDomain}
443 - - {get_attr: [{{server_resource_name}}, name]}
449 - - {get_attr: [{{server_resource_name}}, name]}
451 - {get_param: CloudDomain}
455 - - {get_attr: [{{server_resource_name}}, name]}
461 - - {get_attr: [{{server_resource_name}}, name]}
463 - {get_param: CloudDomain}
467 - - {get_attr: [{{server_resource_name}}, name]}
473 - - {get_attr: [{{server_resource_name}}, name]}
475 - {get_param: CloudDomain}
479 - - {get_attr: [{{server_resource_name}}, name]}
483 type: OS::TripleO::{{role.name}}::PreNetworkConfig
485 server: {get_resource: {{server_resource_name}}}
486 RoleParameters: {get_param: RoleParameters}
487 ServiceNames: {get_param: ServiceNames}
488 deployment_actions: {get_attr: [DeploymentActions, value]}
491 type: OS::TripleO::SoftwareDeployment
492 depends_on: PreNetworkConfig
494 name: NetworkDeployment
495 config: {get_resource: NetworkConfig}
496 server: {get_resource: {{server_resource_name}}}
497 actions: {get_param: NetworkDeploymentActions}
499 bridge_name: {get_param: NeutronPhysicalBridge}
500 interface_name: {get_param: NeutronPublicInterface}
503 - server_not_blacklisted
504 - {get_param: NetworkDeploymentActions}
507 {{server_resource_name}}UpgradeInitConfig:
508 type: OS::Heat::SoftwareConfig
514 - - "#!/bin/bash\n\n"
515 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
516 - get_param: UpgradeInitCommand
517 - get_param: UpgradeInitCommonCommand
519 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
520 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
521 {{server_resource_name}}UpgradeInitDeployment:
522 type: OS::Heat::SoftwareDeployment
523 depends_on: NetworkDeployment
525 name: {{server_resource_name}}UpgradeInitDeployment
526 server: {get_resource: {{server_resource_name}}}
527 config: {get_resource: {{server_resource_name}}UpgradeInitConfig}
530 - server_not_blacklisted
531 - ['CREATE', 'UPDATE']
534 {{server_resource_name}}Deployment:
535 type: OS::Heat::StructuredDeployment
536 depends_on: {{server_resource_name}}UpgradeInitDeployment
538 name: {{server_resource_name}}Deployment
539 config: {get_resource: {{server_resource_name}}Config}
540 server: {get_resource: {{server_resource_name}}}
542 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
545 - server_not_blacklisted
546 - ['CREATE', 'UPDATE']
549 {{server_resource_name}}Config:
550 type: OS::Heat::StructuredConfig
556 - heat_config_%{::deploy_config_name}
558 - {{role.name.lower()}}_extraconfig
562 - {{role.name.lower()}}
563 - bootstrap_node # provided by allNodesConfig
564 - all_nodes # provided by allNodesConfig
565 - vip_data # provided by allNodesConfig
567 # The following are required for compatibility with the Controller role
568 # where some vendor integrations added hieradata via ExtraConfigPre
569 - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre
570 - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre
571 - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre
572 - midonet_data #Optionally provided by AllNodesExtraConfig
573 - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre
574 merge_behavior: deeper
577 service_names: {get_param: ServiceNames}
578 sensu::subscriptions: {get_param: MonitoringSubscriptions}
581 - {get_param: ServiceConfigSettings}
582 - values: {get_attr: [NetIpMap, net_ip_map]}
583 {{role.name.lower()}}_extraconfig:
585 {%- if role.deprecated_param_extraconfig is defined %}
586 - {get_param: {{role.deprecated_param_extraconfig}}}
588 - {get_param: {{server_resource_name}}ExtraConfig}
589 extraconfig: {get_param: ExtraConfig}
590 {{role.name.lower()}}:
591 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
592 tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
593 tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
594 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
595 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
596 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
597 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
598 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
599 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
600 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
602 # Resource for site-specific injection of root certificate
604 depends_on: NetworkDeployment
605 type: OS::TripleO::NodeTLSCAData
607 server: {get_resource: {{server_resource_name}}}
609 {%- if 'primary' in role.tags and 'controller' in role.tags %}
610 # Resource for site-specific passing of private keys/certificates
612 depends_on: NodeTLSCAData
613 type: OS::TripleO::NodeTLSData
615 server: {get_resource: {{server_resource_name}}}
616 NodeIndex: {get_param: NodeIndex}
619 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
620 {{role.name}}ExtraConfigPre:
621 depends_on: {{server_resource_name}}Deployment
622 type: OS::TripleO::{{role.name}}ExtraConfigPre
623 # We have to use conditions here so that we don't break backwards
624 # compatibility with templates everywhere
625 condition: server_not_blacklisted
627 server: {get_resource: {{server_resource_name}}}
629 # Hook for site-specific additional pre-deployment config,
630 # applying to all nodes, e.g node registration/unregistration
633 - {{role.name}}ExtraConfigPre
634 {%- if 'primary' in role.tags and 'controller' in role.tags %}
639 type: OS::TripleO::NodeExtraConfig
640 # We have to use conditions here so that we don't break backwards
641 # compatibility with templates everywhere
642 condition: server_not_blacklisted
644 server: {get_resource: {{server_resource_name}}}
647 type: OS::TripleO::Tasks::PackageUpdate
650 type: OS::Heat::SoftwareDeployment
651 depends_on: NetworkDeployment
653 name: UpdateDeployment
654 config: {get_resource: UpdateConfig}
655 server: {get_resource: {{server_resource_name}}}
658 get_param: UpdateIdentifier
661 - server_not_blacklisted
662 - ['CREATE', 'UPDATE']
666 type: OS::Heat::Value
670 - server_not_blacklisted
671 - ['CREATE', 'UPDATE']
675 type: OS::TripleO::Ssh::HostPubKey
676 depends_on: {{server_resource_name}}Deployment
678 server: {get_resource: {{server_resource_name}}}
679 deployment_actions: {get_attr: [DeploymentActions, value]}
683 description: IP address of the server in the ctlplane network
684 value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
686 description: Hostname of the server
687 value: {get_attr: [{{server_resource_name}}, name]}
689 description: Mapping of network names to hostnames
691 {%- for network in networks %}
692 {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
694 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
699 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
700 {%- for network in networks %}
701 {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
703 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
705 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
706 DOMAIN: {get_param: CloudDomain}
707 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
708 {%- for network in networks %}
709 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
710 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
712 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
713 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
715 description: Entry for ssh known hosts
718 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
719 {%- for network in networks %}
720 {{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\
722 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
724 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
725 DOMAIN: {get_param: CloudDomain}
726 PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
727 {%- for network in networks %}
728 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
729 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
731 CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
732 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
733 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
734 nova_server_resource:
735 description: Heat resource handle for {{role.name}} server
737 {get_resource: {{server_resource_name}}}
738 condition: server_not_blacklisted
739 deployed_server_port_map:
741 Map of Heat created hostname of the server to ip address. This is the
742 hostname before it has been mapped with the HostnameMap parameter, and
743 the IP address from the ctlplane network. This map can be used to construct
744 the DeployedServerPortMap parameter when using split-stack.
749 - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
754 - - {get_param: Hostname}
756 deployed_server_deployment_swift_data_map:
758 Map of Heat created hostname of the server to the Swift container and object
759 used to created the temporary url for metadata polling with
767 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
774 - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
777 - keys: {hostname: {get_param: Hostname}}
778 {%- if 'primary' in role.tags and 'controller' in role.tags %}
780 description: MD5 checksum of the TLS Key Modulus
781 value: {get_attr: [NodeTLSData, key_modulus_md5]}
782 tls_cert_modulus_md5:
783 description: MD5 checksum of the TLS Certificate Modulus
784 value: {get_attr: [NodeTLSData, cert_modulus_md5]}
787 description: The os-collect-config configuration associated with this server resource
788 value: {get_attr: [{{server_resource_name}}, os_collect_config]}
789 {%- for network in networks %}
790 {{network.name_lower|default(network.name.lower())}}_ip_address:
791 description: IP address of the server in the {{network.name}} network
792 value: {get_attr: [{{network.name}}Port, ip_address]}