description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
- GlancePort:
- default: "9292"
- description: Glance port.
- type: string
- GlanceProtocol:
- default: http
- description: Protocol to use when connecting to glance, set to https for SSL.
- type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ ManageFirewall:
+ default: false
+ description: Whether to manage IPtables rules.
+ type: boolean
+ PurgeFirewallRules:
+ default: false
+ description: Whether IPtables rules should be purged before setting up the new ones.
+ type: boolean
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
default: 'True'
description: Allow automatic l3-agent failover
type: string
+ NeutronEnableIsolatedMetadata:
+ default: 'False'
+ description: If True, DHCP provide metadata route to VM.
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
+ NeutronEnableL2Pop:
+ type: string
+ description: >
+ Enable/disable the L2 population feature in the Neutron agents.
+ default: "False"
NeutronFlatNetworks:
type: string
default: 'datacentre'
description: Should MongoDb journaling be disabled
type: boolean
NtpServer:
- type: string
default: ''
+ description: Comma-separated list of ntp servers
+ type: comma_delimited_list
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
UpdateIdentifier:
default: ''
type: string
Hostname:
type: string
default: '' # Defaults to Heat created hostname
+ NetworkDeploymentActions:
+ type: comma_delimited_list
+ description: >
+ Heat action when to apply network configuration changes
+ default: ['CREATE']
resources:
properties:
config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
+ actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
+ neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
haproxy_log_address: {get_param: HAProxySyslogAddress}
heat.watch_server_url:
list_join:
- - 'http://'
- {get_param: HeatApiVirtualIP}
- ':8000/v1/waitcondition'
- heat_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8004/v1/%(tenant_id)s'
- heat_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: HeatApiVirtualIP}
- - ':8004/v1/%(tenant_id)s'
- heat_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: HeatApiVirtualIP}
- - ':8004/v1/%(tenant_id)s'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
- '@'
- {get_param: MysqlVirtualIP}
- '/cinder'
- cinder_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v1/%(tenant_id)s'
- cinder_public_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- cinder_internal_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- cinder_admin_url_v2:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CinderApiVirtualIP}
- - ':8776/v2/%(tenant_id)s'
- glance_port: {get_param: GlancePort}
+ glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance_password: {get_param: GlancePassword}
glance_backend: {get_param: GlanceBackend}
glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
- '@'
- {get_param: MysqlVirtualIP}
- '/heat'
- keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]}
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_signing_key: {get_param: KeystoneSigningKey}
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
- '@'
- {get_param: MysqlVirtualIP}
- '/keystone'
- keystone_identity_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357'
- keystone_auth_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/'
- keystone_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':5000'
- keystone_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000'
- keystone_ec2_uri:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystonePublicApiVirtualIP}
- - ':5000/v2.0/ec2tokens'
+ keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
+ keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
enable_ceph_storage: {get_param: EnableCephStorage}
enable_swift_storage: {get_param: EnableSwiftStorage}
+ manage_firewall: {get_param: ManageFirewall}
+ purge_firewall_rules: {get_param: PurgeFirewallRules}
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
mysql_max_connections: {get_param: MysqlMaxConnections}
mysql_root_password: {get_param: MysqlRootPassword}
- '@'
- {get_param: MysqlVirtualIP}
- '/ovs_neutron?charset=utf8'
- neutron_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':9696'
- neutron_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NeutronApiVirtualIP}
- - ':9696'
- neutron_admin_auth_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: KeystoneAdminApiVirtualIP}
- - ':35357/v2.0'
+ neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+ neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
+ neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+ neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] }
+ nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
- '@'
- {get_param: MysqlVirtualIP}
- '/ceilometer'
- ceilometer_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8777'
- ceilometer_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CeilometerApiVirtualIP}
- - ':8777'
- ceilometer_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: CeilometerApiVirtualIP}
- - ':8777'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_password: {get_param: NovaPassword}
- '@'
- {get_param: MysqlVirtualIP}
- '/nova'
- nova_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v2/%(tenant_id)s'
- nova_v3_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8774/v3'
- nova_v3_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v3'
- nova_v3_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8774/v3'
- nova_ec2_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8773/services/Cloud'
- nova_ec2_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8773/services/Cloud'
- nova_ec2_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: NovaApiVirtualIP}
- - ':8773/services/Admin'
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
rabbit_username: {get_param: RabbitUserName}
template: "'LIMIT'"
params:
LIMIT: {get_param: RabbitFDLimit}
- ntp_servers:
- str_replace:
- template: '["server"]'
- params:
- server: {get_param: NtpServer}
+ ntp_servers: {get_param: NtpServer}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
swift_replicas: {get_param: SwiftReplicas}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_mount_check: {get_param: SwiftMountCheck}
- swift_public_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8080/v1/AUTH_%(tenant_id)s'
- swift_internal_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080/v1/AUTH_%(tenant_id)s'
- swift_admin_url:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
- swift_public_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: PublicVirtualIP}
- - ':8080'
- swift_internal_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
- swift_admin_url_s3:
- list_join:
- - ''
- - - 'http://'
- - {get_param: SwiftProxyVirtualIP}
- - ':8080'
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- glance_api_servers:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
+ glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
glance_registry_host: {get_param: GlanceRegistryVirtualIP}
- glance_public_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: PublicVirtualIP}
- - ':'
- - {get_param: GlancePort}
- glance_internal_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
- glance_admin_url:
- list_join:
- - ''
- - - {get_param: GlanceProtocol}
- - '://'
- - {get_param: GlanceApiVirtualIP}
- - ':'
- - {get_param: GlancePort}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
tripleo::ringbuilder::replicas: {get_input: swift_replicas}
tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
swift_mount_check: {get_input: swift_mount_check}
- swift::keystone::auth::public_url: {get_input: swift_public_url }
- swift::keystone::auth::internal_url: {get_input: swift_internal_url }
- swift::keystone::auth::admin_url: {get_input: swift_admin_url }
- swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 }
- swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 }
- swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 }
- swift::keystone::auth::password: {get_input: swift_password }
- swift::keystone::auth::region: {get_input: keystone_region}
# NOTE(dprince): build_ring support is currently not wired in.
# See: https://review.openstack.org/#/c/109225/
cinder::glance::glance_api_servers: {get_input: glance_api_servers}
cinder_backend_config: {get_input: CinderBackendConfig}
cinder::db::mysql::password: {get_input: cinder_password}
- cinder::keystone::auth::public_url: {get_input: cinder_public_url }
- cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
- cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
- cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
- cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
- cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
- cinder::keystone::auth::password: {get_input: cinder_password }
- cinder::keystone::auth::region: {get_input: keystone_region}
# Glance
glance::api::bind_port: {get_input: glance_port}
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address}
+ glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_input: glance_password}
glance_backend: {get_input: glance_backend}
glance::db::mysql::password: {get_input: glance_password}
- glance::keystone::auth::public_url: {get_input: glance_public_url }
- glance::keystone::auth::internal_url: {get_input: glance_internal_url }
- glance::keystone::auth::admin_url: {get_input: glance_admin_url }
- glance::keystone::auth::password: {get_input: glance_password }
- glance::keystone::auth::region: {get_input: keystone_region}
glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
heat::database_connection: {get_input: heat_dsn}
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
- heat::keystone::auth::public_url: {get_input: heat_public_url }
- heat::keystone::auth::internal_url: {get_input: heat_internal_url }
- heat::keystone::auth::admin_url: {get_input: heat_admin_url }
- heat::keystone::auth::password: {get_input: heat_password }
- heat::keystone::auth::region: {get_input: keystone_region}
# Keystone
keystone::admin_token: {get_input: admin_token}
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_user}
+ neutron::rabbit_user: {get_input: rabbit_username}
neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
neutron::rabbit_port: {get_input: rabbit_client_port}
neutron::debug: {get_input: debug}
neutron::server::database_connection: {get_input: neutron_dsn}
neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
+ neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
+ neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron_flat_networks: {get_input: neutron_flat_networks}
neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
neutron::keystone::auth::password: {get_input: neutron_password }
neutron::keystone::auth::region: {get_input: keystone_region}
+ neutron::server::notifications::nova_url: {get_input: nova_internal_url}
+ neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url}
+ neutron::server::notifications::tenant_name: 'service'
+ neutron::server::notifications::password: {get_input: nova_password}
# Ceilometer
ceilometer_backend: {get_input: ceilometer_backend}
ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
+ ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
- ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
- ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
- ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
- ceilometer::keystone::auth::password: {get_input: ceilometer_password }
- ceilometer::keystone::auth::region: {get_input: keystone_region}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
- nova::keystone::auth::public_url: {get_input: nova_public_url}
- nova::keystone::auth::internal_url: {get_input: nova_internal_url}
- nova::keystone::auth::admin_url: {get_input: nova_admin_url}
- nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url}
- nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url}
- nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url}
- nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url}
- nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url}
- nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url}
- nova::keystone::auth::password: {get_input: nova_password }
- nova::keystone::auth::region: {get_input: keystone_region}
# Horizon
apache::ip: {get_input: horizon_network}
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
rabbitmq::file_limit: {get_input: rabbit_fd_limit}
+ rabbitmq::default_user: {get_input: rabbit_username}
+ rabbitmq::default_pass: {get_input: rabbit_password}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
+ # Firewall
+ tripleo::firewall::manage_firewall: {get_input: manage_firewall}
+ tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
memcached::listen_ip: {get_input: memcached_network}
neutron_public_interface_ip: {get_input: neutron_public_interface_ip}