1 {# ## Some variables are set to enable rendering backwards compatible templates #}
2 {# ## where a few parameter/resource names don't match the expected pattern #}
3 {# ## FIXME: we need some way to deprecate the old inconsistent parameters #}
4 {%- if role.name == 'Controller' -%}
5 {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%}
7 heat_template_version: pike
8 description: 'OpenStack {{role.name}} node configured by Puppet'
10 Overcloud{{role.name}}Flavor:
11 description: Flavor for the {{role.name}} node.
14 {% if role.disable_constraints is not defined %}
16 - custom_constraint: nova.flavor
20 default: overcloud-full
21 {% if role.disable_constraints is not defined %}
23 - custom_constraint: glance.image
26 default: 'REBUILD_PRESERVE_EPHEMERAL'
27 description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
30 description: Name of an existing Nova key pair to enable SSH access to the instances
33 {% if role.disable_constraints is not defined %}
35 - custom_constraint: nova.keypair
37 NeutronPhysicalBridge:
39 description: An OVS bridge to create for accessing tenant networks.
41 NeutronPublicInterface:
43 description: Which interface to add to the NeutronPhysicalBridge.
47 description: Mapping of service_name -> network name. Typically set
48 via parameter_defaults in the resource registry.
52 description: Mapping of service endpoint -> protocol. Typically set
53 via parameter_defaults in the resource registry.
59 Setting to a previously unused value during stack-update will trigger
60 package update on all nodes
63 default: '' # Defaults to Heat created hostname
67 description: Optional mapping to override hostnames
71 Additional hiera configuration to inject into the cluster. Note
72 that {{role.name}}ExtraConfig takes precedence over ExtraConfig.
74 {{role.name}}ExtraConfig:
77 Role specific additional hiera configuration to inject into the cluster.
79 {%- if deprecated_extraconfig_param is defined %}
80 {{deprecated_extraconfig_param}}:
83 DEPRECATED use {{role.name}}ExtraConfig instead
89 NetworkDeploymentActions:
90 type: comma_delimited_list
92 Heat action when to apply network configuration changes
94 SoftwareConfigTransport:
95 default: POLL_SERVER_CFN
97 How the server should receive the metadata required for software configuration.
100 - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
102 default: 'localdomain'
105 The DNS domain used for the hosts. This must match the
106 overcloud_domain_name configured on the undercloud.
107 {{role.name}}ServerMetadata:
110 Extra properties or metadata passed to Nova for the created nodes in
111 the overcloud. It's accessible via the Nova metadata API. This option is
112 role-specific and is merged with the values given to the ServerMetadata
118 Extra properties or metadata passed to Nova for the created nodes in
119 the overcloud. It's accessible via the Nova metadata API. This applies to
120 all roles and is merged with a role-specific metadata parameter.
122 {{role.name}}SchedulerHints:
124 description: Optional scheduler hints to pass to nova
129 ServiceConfigSettings:
133 type: comma_delimited_list
135 MonitoringSubscriptions:
136 type: comma_delimited_list
138 ServiceMetadataSettings:
143 description: Command which will be run whenever configuration data changes
144 default: os-refresh-config --timeout 14400
149 Maximum amount of time to possibly to delay configuation collection
150 polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
151 the configuration collection to occur as soon as the collection process
152 starts. This setting is used to prevent the configuration collection
153 processes from polling all at the exact same time.
158 type: comma_delimited_list
163 Command or script snippet to run on all overcloud nodes to
164 initialize the upgrade process. E.g. a repository switch.
166 UpgradeInitCommonCommand:
169 Common commands required by the upgrades process. This should not
170 normally be modified by the operator and is set and unset in the
171 major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
174 DeploymentServerBlacklistDict:
178 Map of server hostnames to blacklist from any triggered
179 deployments. If the value is 1, the server will be blacklisted. This
180 parameter is generated from the parent template.
183 description: Role Specific Parameters
185 DeploymentSwiftDataMap:
188 Map of servers to Swift container and object for storing deployment data.
189 The keys are the Heat assigned hostnames, and the value is a map of the
190 container/object name in Swift. Example value:
191 overcloud-controller-0:
192 container: overcloud-controller
194 overcloud-controller-1:
195 container: overcloud-controller
197 overcloud-controller-2:
198 container: overcloud-controller
200 overcloud-novacompute-0:
201 container: overcloud-compute
205 {% if deprecated_extraconfig_param is defined %}
208 description: Do not use deprecated params, they will be removed.
210 - {{deprecated_extraconfig_param}}
214 server_not_blacklisted:
217 - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
219 deployment_swift_data_map_unset:
222 - DeploymentSwiftDataMap
223 - {get_param: Hostname}
228 type: OS::TripleO::{{role.name}}Server
231 command: {get_param: ConfigCommand}
232 splay: {get_param: ConfigCollectSplay}
234 image: {get_param: {{role.name}}Image}
235 image_update_policy: {get_param: ImageUpdatePolicy}
236 flavor: {get_param: Overcloud{{role.name}}Flavor}
237 key_name: {get_param: KeyName}
240 user_data_format: SOFTWARE_CONFIG
241 user_data: {get_resource: UserData}
244 template: {get_param: Hostname}
245 params: {get_param: HostnameMap}
246 software_config_transport: {get_param: SoftwareConfigTransport}
249 - {get_param: ServerMetadata}
250 - {get_param: {{role.name}}ServerMetadata}
251 - {get_param: ServiceMetadataSettings}
252 scheduler_hints: {get_param: {{role.name}}SchedulerHints}
253 deployment_swift_data:
255 - deployment_swift_data_map_unset
257 - {get_param: [DeploymentSwiftDataMap,
258 {get_param: Hostname}]}
260 # Combine the NodeAdminUserData and NodeUserData mime archives
262 type: OS::Heat::MultipartMime
265 - config: {get_resource: NodeAdminUserData}
267 - config: {get_resource: NodeUserData}
269 - config: {get_resource: RoleUserData}
272 # Creates the "heat-admin" user if configured via the environment
273 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
275 type: OS::TripleO::NodeAdminUserData
277 # For optional operator additional userdata
278 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
280 type: OS::TripleO::NodeUserData
282 # For optional operator role-specific userdata
283 # Should return a OS::Heat::MultipartMime reference via OS::stack_id
285 type: OS::TripleO::{{role.name}}::NodeUserData
287 {%- for network in networks %}
288 {{network.name}}Port:
289 type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
291 ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
292 IPPool: {get_param: {{role.name}}IPs}
293 NodeIndex: {get_param: NodeIndex}
297 type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
299 ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
300 {%- for network in networks %}
301 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
305 type: OS::TripleO::Network::Ports::NetIpMap
307 ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
308 {%- for network in networks %}
309 {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
310 {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
311 {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
315 type: OS::Heat::Value
323 - - {get_attr: [{{role.name}}, name]}
325 - {get_param: CloudDomain}
329 - - {get_attr: [{{role.name}}, name]}
335 - - {get_attr: [{{role.name}}, name]}
337 - {get_param: CloudDomain}
341 - - {get_attr: [{{role.name}}, name]}
347 - - {get_attr: [{{role.name}}, name]}
349 - {get_param: CloudDomain}
353 - - {get_attr: [{{role.name}}, name]}
359 - - {get_attr: [{{role.name}}, name]}
361 - {get_param: CloudDomain}
365 - - {get_attr: [{{role.name}}, name]}
371 - - {get_attr: [{{role.name}}, name]}
373 - {get_param: CloudDomain}
377 - - {get_attr: [{{role.name}}, name]}
383 - - {get_attr: [{{role.name}}, name]}
385 - {get_param: CloudDomain}
389 - - {get_attr: [{{role.name}}, name]}
395 - - {get_attr: [{{role.name}}, name]}
397 - {get_param: CloudDomain}
401 - - {get_attr: [{{role.name}}, name]}
405 type: OS::TripleO::{{role.name}}::PreNetworkConfig
407 server: {get_resource: {{role.name}}}
408 RoleParameters: {get_param: RoleParameters}
409 ServiceNames: {get_param: ServiceNames}
410 deployment_actions: {get_attr: [DeploymentActions, value]}
413 type: OS::TripleO::SoftwareDeployment
414 depends_on: PreNetworkConfig
416 name: NetworkDeployment
417 config: {get_resource: NetworkConfig}
418 server: {get_resource: {{role.name}}}
419 actions: {get_param: NetworkDeploymentActions}
421 bridge_name: {get_param: NeutronPhysicalBridge}
422 interface_name: {get_param: NeutronPublicInterface}
425 - server_not_blacklisted
426 - {get_param: NetworkDeploymentActions}
429 {{role.name}}UpgradeInitConfig:
430 type: OS::Heat::SoftwareConfig
436 - - "#!/bin/bash\n\n"
437 - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
438 - get_param: UpgradeInitCommand
439 - get_param: UpgradeInitCommonCommand
441 # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
442 # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
443 {{role.name}}UpgradeInitDeployment:
444 type: OS::Heat::SoftwareDeployment
445 depends_on: NetworkDeployment
447 name: {{role.name}}UpgradeInitDeployment
448 server: {get_resource: {{role.name}}}
449 config: {get_resource: {{role.name}}UpgradeInitConfig}
452 - server_not_blacklisted
453 - ['CREATE', 'UPDATE']
456 {{role.name}}Deployment:
457 type: OS::Heat::StructuredDeployment
458 depends_on: {{role.name}}UpgradeInitDeployment
460 name: {{role.name}}Deployment
461 config: {get_resource: {{role.name}}Config}
462 server: {get_resource: {{role.name}}}
464 enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
467 - server_not_blacklisted
468 - ['CREATE', 'UPDATE']
472 type: OS::Heat::StructuredConfig
478 - heat_config_%{::deploy_config_name}
480 - {{role.name.lower()}}_extraconfig
484 - {{role.name.lower()}}
485 - bootstrap_node # provided by allNodesConfig
486 - all_nodes # provided by allNodesConfig
487 - vip_data # provided by allNodesConfig
489 merge_behavior: deeper
492 service_names: {get_param: ServiceNames}
493 sensu::subscriptions: {get_param: MonitoringSubscriptions}
496 - {get_param: ServiceConfigSettings}
497 - values: {get_attr: [NetIpMap, net_ip_map]}
498 {{role.name.lower()}}_extraconfig:
500 {%- if deprecated_extraconfig_param is defined %}
501 - {get_param: {{deprecated_extraconfig_param}}}
503 - {get_param: {{role.name}}ExtraConfig}
504 extraconfig: {get_param: ExtraConfig}
505 {{role.name.lower()}}:
506 tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
507 tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
508 tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
509 fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
510 fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
511 fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
512 fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
513 fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
514 fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
515 fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
516 {%- if 'primary' in role.tags and 'controller' in role.tags %}
517 tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
520 # Resource for site-specific injection of root certificate
522 depends_on: NetworkDeployment
523 type: OS::TripleO::NodeTLSCAData
525 server: {get_resource: {{role.name}}}
527 {%- if 'primary' in role.tags and 'controller' in role.tags %}
528 # Resource for site-specific passing of private keys/certificates
530 depends_on: NodeTLSCAData
531 type: OS::TripleO::NodeTLSData
533 server: {get_resource: {{role.name}}}
534 NodeIndex: {get_param: NodeIndex}
537 # Hook for site-specific additional pre-deployment config, e.g extra hieradata
538 {{role.name}}ExtraConfigPre:
539 depends_on: {{role.name}}Deployment
540 type: OS::TripleO::{{role.name}}ExtraConfigPre
541 # We have to use conditions here so that we don't break backwards
542 # compatibility with templates everywhere
543 condition: server_not_blacklisted
545 server: {get_resource: {{role.name}}}
547 # Hook for site-specific additional pre-deployment config,
548 # applying to all nodes, e.g node registration/unregistration
551 - {{role.name}}ExtraConfigPre
552 {%- if 'primary' in role.tags and 'controller' in role.tags %}
557 type: OS::TripleO::NodeExtraConfig
558 # We have to use conditions here so that we don't break backwards
559 # compatibility with templates everywhere
560 condition: server_not_blacklisted
562 server: {get_resource: {{role.name}}}
565 type: OS::TripleO::Tasks::PackageUpdate
568 type: OS::Heat::SoftwareDeployment
569 depends_on: NetworkDeployment
571 name: UpdateDeployment
572 config: {get_resource: UpdateConfig}
573 server: {get_resource: {{role.name}}}
576 get_param: UpdateIdentifier
579 - server_not_blacklisted
580 - ['CREATE', 'UPDATE']
584 type: OS::Heat::Value
588 - server_not_blacklisted
589 - ['CREATE', 'UPDATE']
593 type: OS::TripleO::Ssh::HostPubKey
594 depends_on: {{role.name}}Deployment
596 server: {get_resource: {{role.name}}}
597 deployment_actions: {get_attr: [DeploymentActions, value]}
601 description: IP address of the server in the ctlplane network
602 value: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
604 description: Hostname of the server
605 value: {get_attr: [{{role.name}}, name]}
607 description: Mapping of network names to hostnames
609 {%- for network in networks %}
610 {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
612 ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
617 PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
618 {%- for network in networks %}
619 {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
621 CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
623 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
624 DOMAIN: {get_param: CloudDomain}
625 PRIMARYHOST: {get_attr: [{{role.name}}, name]}
626 {%- for network in networks %}
627 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
628 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
630 CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
631 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
633 description: Entry for ssh known hosts
636 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
637 {%- for network in networks %}
638 {{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\
640 CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
642 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
643 DOMAIN: {get_param: CloudDomain}
644 PRIMARYHOST: {get_attr: [{{role.name}}, name]}
645 {%- for network in networks %}
646 {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
647 {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
649 CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
650 CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
651 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
652 nova_server_resource:
653 description: Heat resource handle for {{role.name}} server
655 {get_resource: {{role.name}}}
656 condition: server_not_blacklisted
657 deployed_server_port_map:
659 Map of Heat created hostname of the server to ip address. This is the
660 hostname before it has been mapped with the HostnameMap parameter, and
661 the IP address from the ctlplane network. This map can be used to construct
662 the DeployedServerPortMap parameter when using split-stack.
667 - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
672 - - {get_param: Hostname}
674 deployed_server_deployment_swift_data_map:
676 Map of Heat created hostname of the server to the Swift container and object
677 used to created the temporary url for metadata polling with
685 - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
692 - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
695 - keys: {hostname: {get_param: Hostname}}
696 {%- if 'primary' in role.tags and 'controller' in role.tags %}
698 description: MD5 checksum of the TLS Key Modulus
699 value: {get_attr: [NodeTLSData, key_modulus_md5]}
700 tls_cert_modulus_md5:
701 description: MD5 checksum of the TLS Certificate Modulus
702 value: {get_attr: [NodeTLSData, cert_modulus_md5]}
705 description: The os-collect-config configuration associated with this server resource
706 value: {get_attr: [{{role.name}}, os_collect_config]}
707 {%- for network in networks %}
708 {{network.name_lower|default(network.name.lower())}}_ip_address:
709 description: IP address of the server in the {{network.name}} network
710 value: {get_attr: [{{network.name}}Port, ip_address]}