Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Add $hostname.localdomain alias to /etc/hosts"
[apex-tripleo-heat-templates.git] / overcloud-without-mergepy.yaml
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index f61536c..79d95be 100644 (file)
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2014-10-16
+heat_template_version: 2015-04-30
 
 description: >
   Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
 
 description: >
   Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL
@@ -15,6 +15,10 @@ parameters:
     description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     type: string
     hidden: true
     description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     type: string
     hidden: true
+  CeilometerBackend:
+    default: 'mongodb'
+    description: The ceilometer backend type.
+    type: string
   CeilometerMeteringSecret:
     default: unset
     description: Secret shared by the ceilometer services.
   CeilometerMeteringSecret:
     default: unset
     description: Secret shared by the ceilometer services.
@@ -263,6 +267,14 @@ parameters:
     default: true
     description: Whether to use Galera instead of regular MariaDB.
     type: boolean
     default: true
     description: Whether to use Galera instead of regular MariaDB.
     type: boolean
+  ControllerEnableCephStorage:
+    default: false
+    description: Whether to deploy Ceph Storage (OSD) on the Controller
+    type: boolean
+  ControllerEnableSwiftStorage:
+    default: true
+    description: Whether to enable Swift Storage on the Controller
+    type: boolean
   ExtraConfig:
     default: {}
     description: |
   ExtraConfig:
     default: {}
     description: |
@@ -314,6 +326,13 @@ parameters:
     description: The password for the glance service account, used by the glance services.
     type: string
     hidden: true
     description: The password for the glance service account, used by the glance services.
     type: string
     hidden: true
+  GlanceBackend:
+    default: swift
+    description: The short name of the Glance backend to use. Should be one
+      of swift, rbd or file
+    type: string
+    constraints:
+    - allowed_values: ['swift', 'file', 'rbd']
   HeatPassword:
     default: unset
     description: The password for the Heat service account, used by the Heat services.
   HeatPassword:
     default: unset
     description: The password for the Heat service account, used by the Heat services.
@@ -375,6 +394,9 @@ parameters:
         Specifies the interface where the public-facing virtual ip will be assigned.
         This should be int_public when a VLAN is being used.
     type: string
         Specifies the interface where the public-facing virtual ip will be assigned.
         This should be int_public when a VLAN is being used.
     type: string
+  RedisVirtualIP:
+    type: string
+    default: ''  # Has to be here because of the ignored empty value bug
   SSLCertificate:
     default: ''
     description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
   SSLCertificate:
     default: ''
     description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
@@ -443,7 +465,7 @@ parameters:
       The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
       Neutron documentation for permitted values. Defaults to permitting any
       VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
       The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
       Neutron documentation for permitted values. Defaults to permitting any
       VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
-    type: string
+    type: comma_delimited_list
   NovaComputeDriver:
     type: string
     default: libvirt.LibvirtDriver
   NovaComputeDriver:
     type: string
     default: libvirt.LibvirtDriver
@@ -470,6 +492,34 @@ parameters:
     type: string
     constraints:
       - custom_constraint: nova.flavor
     type: string
     constraints:
       - custom_constraint: nova.flavor
+  ServiceNetMap:
+    default:
+      NeutronLocalIp: tenant
+      CeilometerApiNetwork: internal_api
+      MongoDbNetwork: internal_api
+      CinderApiNetwork: internal_api
+      CinderIscsiNetwork: storage
+      GlanceApiNetwork: storage
+      GlanceRegistryNetwork: internal_api
+      KeystoneAdminApiNetwork: internal_api
+      KeystonePublicApiNetwork: internal_api
+      NeutronApiNetwork: internal_api
+      HeatApiNetwork: internal_api
+      NovaApiNetwork: internal_api
+      NovaMetadataNetwork: internal_api
+      NovaVncProxyNetwork: internal_api
+      SwiftMgmtNetwork: storage_mgmt
+      SwiftProxyNetwork: storage
+      HorizonNetwork: internal_api
+      MemcachedNetwork: internal_api
+      RabbitMqNetwork: internal_api
+      RedisNetwork: internal_api
+      MysqlNetwork: internal_api
+      CephClusterNetwork: storage_mgmt
+      CephPublicNetwork: storage
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
 
 # Block storage specific parameters
   BlockStorageCount:
 
 # Block storage specific parameters
   BlockStorageCount:
@@ -511,18 +561,32 @@ parameters:
     constraints:
       - custom_constraint: nova.flavor
 
     constraints:
       - custom_constraint: nova.flavor
 
+# Identifiers to trigger tasks on nodes
+  UpdateIdentifier:
+    default: ''
+    type: string
+    description: >
+      Setting to a previously unused value during stack-update will trigger
+      package update on all nodes
+
 resources:
 
   HeatAuthEncryptionKey:
     type: OS::Heat::RandomString
 
 resources:
 
   HeatAuthEncryptionKey:
     type: OS::Heat::RandomString
 
-  CorosyncAuthKey:
+  PcsdPassword:
     type: OS::Heat::RandomString
     properties:
     type: OS::Heat::RandomString
     properties:
-      length: 128
+      length: 16
+
+  HorizonSecret:
+    type: OS::Heat::RandomString
+    properties:
+      length: 10
 
   Controller:
     type: OS::Heat::ResourceGroup
 
   Controller:
     type: OS::Heat::ResourceGroup
+    depends_on: Networks
     properties:
       count: {get_param: ControllerCount}
       resource_def:
     properties:
       count: {get_param: ControllerCount}
       resource_def:
@@ -530,6 +594,7 @@ resources:
         properties:
           AdminPassword: {get_param: AdminPassword}
           AdminToken: {get_param: AdminToken}
         properties:
           AdminPassword: {get_param: AdminPassword}
           AdminToken: {get_param: AdminToken}
+          CeilometerBackend: {get_param: CeilometerBackend}
           CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
           CeilometerPassword: {get_param: CeilometerPassword}
           CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
           CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret}
           CeilometerPassword: {get_param: CeilometerPassword}
           CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
@@ -540,19 +605,22 @@ resources:
           CloudName: {get_param: CloudName}
           ControlVirtualInterface: {get_param: ControlVirtualInterface}
           ControllerExtraConfig: {get_param: controllerExtraConfig}
           CloudName: {get_param: CloudName}
           ControlVirtualInterface: {get_param: ControlVirtualInterface}
           ControllerExtraConfig: {get_param: controllerExtraConfig}
-          CorosyncAuthKey: {get_resource: CorosyncAuthKey}
           Debug: {get_param: Debug}
           EnableGalera: {get_param: EnableGalera}
           Debug: {get_param: Debug}
           EnableGalera: {get_param: EnableGalera}
+          EnableCephStorage: {get_param: ControllerEnableCephStorage}
+          EnableSwiftStorage: {get_param: ControllerEnableSwiftStorage}
           ExtraConfig: {get_param: ExtraConfig}
           Flavor: {get_param: OvercloudControlFlavor}
           GlancePort: {get_param: GlancePort}
           GlanceProtocol: {get_param: GlanceProtocol}
           GlancePassword: {get_param: GlancePassword}
           ExtraConfig: {get_param: ExtraConfig}
           Flavor: {get_param: OvercloudControlFlavor}
           GlancePort: {get_param: GlancePort}
           GlanceProtocol: {get_param: GlanceProtocol}
           GlancePassword: {get_param: GlancePassword}
+          GlanceBackend: {get_param: GlanceBackend}
           GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy}
           GlanceLogFile: {get_param: GlanceLogFile}
           HeatPassword: {get_param: HeatPassword}
           HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
           HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
           GlanceNotifierStrategy: {get_param: GlanceNotifierStrategy}
           GlanceLogFile: {get_param: GlanceLogFile}
           HeatPassword: {get_param: HeatPassword}
           HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
           HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
+          HorizonSecret: {get_resource: HorizonSecret}
           Image: {get_param: controllerImage}
           ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
           KeyName: {get_param: KeyName}
           Image: {get_param: controllerImage}
           ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
           KeyName: {get_param: KeyName}
@@ -567,6 +635,7 @@ resources:
           NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP}
           NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
           NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
           NeutronPublicInterfaceIP: {get_param: NeutronPublicInterfaceIP}
           NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
           NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
+          NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
           NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
           NeutronPublicInterface: {get_param: NeutronPublicInterface}
           NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute}
           NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
           NeutronPublicInterface: {get_param: NeutronPublicInterface}
           NeutronPublicInterfaceDefaultRoute: {get_param: NeutronPublicInterfaceDefaultRoute}
@@ -583,6 +652,7 @@ resources:
           NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
           NovaPassword: {get_param: NovaPassword}
           NtpServer: {get_param: NtpServer}
           NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
           NovaPassword: {get_param: NovaPassword}
           NtpServer: {get_param: NtpServer}
+          PcsdPassword: {get_resource: PcsdPassword}
           PublicVirtualInterface: {get_param: PublicVirtualInterface}
           RabbitPassword: {get_param: RabbitPassword}
           RabbitUserName: {get_param: RabbitUserName}
           PublicVirtualInterface: {get_param: PublicVirtualInterface}
           RabbitPassword: {get_param: RabbitPassword}
           RabbitUserName: {get_param: RabbitUserName}
@@ -591,6 +661,7 @@ resources:
           RabbitClientPort: {get_param: RabbitClientPort}
           SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
           SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
           RabbitClientPort: {get_param: RabbitClientPort}
           SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
           SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
+          RedisVirtualIP: {get_param: RedisVirtualIP}
           SSLCertificate: {get_param: SSLCertificate}
           SSLKey: {get_param: SSLKey}
           SSLCACertificate: {get_param: SSLCACertificate}
           SSLCertificate: {get_param: SSLCertificate}
           SSLKey: {get_param: SSLKey}
           SSLCACertificate: {get_param: SSLCACertificate}
@@ -600,11 +671,19 @@ resources:
           SwiftPartPower: {get_param: SwiftPartPower}
           SwiftPassword: {get_param: SwiftPassword}
           SwiftReplicas: { get_param: SwiftReplicas}
           SwiftPartPower: {get_param: SwiftPartPower}
           SwiftPassword: {get_param: SwiftPassword}
           SwiftReplicas: { get_param: SwiftReplicas}
-          VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
-          PublicVirtualIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
+          VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now.
+          PublicVirtualIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} # deprecated. Use per service VIP settings instead now.
+          ServiceNetMap: {get_param: ServiceNetMap}
+          HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
+          GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
+          MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
+          KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+          NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
+          UpdateIdentifier: {get_param: UpdateIdentifier}
 
   Compute:
     type: OS::Heat::ResourceGroup
 
   Compute:
     type: OS::Heat::ResourceGroup
+    depends_on: Networks
     properties:
       count: {get_param: ComputeCount}
       resource_def:
     properties:
       count: {get_param: ComputeCount}
       resource_def:
@@ -617,17 +696,17 @@ resources:
           Debug: {get_param: Debug}
           ExtraConfig: {get_param: ExtraConfig}
           Flavor: {get_param: OvercloudComputeFlavor}
           Debug: {get_param: Debug}
           ExtraConfig: {get_param: ExtraConfig}
           Flavor: {get_param: OvercloudComputeFlavor}
-          GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+          GlanceHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
           GlancePort: {get_param: GlancePort}
           GlanceProtocol: {get_param: GlanceProtocol}
           Image: {get_param: NovaImage}
           ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
           KeyName: {get_param: KeyName}
           GlancePort: {get_param: GlancePort}
           GlanceProtocol: {get_param: GlanceProtocol}
           Image: {get_param: NovaImage}
           ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
           KeyName: {get_param: KeyName}
-          KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+          KeystoneHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
           NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
           NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
           NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
           NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
           NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
           NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
-          NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+          NeutronHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
           NeutronNetworkType: {get_param: NeutronNetworkType}
           NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
           NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
           NeutronNetworkType: {get_param: NeutronNetworkType}
           NeutronTunnelTypes: {get_param: NeutronTunnelTypes}
           NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges}
@@ -642,7 +721,7 @@ resources:
           # L3 HA and Failover is not relevant for Computes, should be removed
           NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
           NeutronL3HA: {get_param: NeutronL3HA}
           # L3 HA and Failover is not relevant for Computes, should be removed
           NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover}
           NeutronL3HA: {get_param: NeutronL3HA}
-          NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+          NovaApiHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
           NovaComputeDriver: {get_param: NovaComputeDriver}
           NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig}
           NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType}
           NovaComputeDriver: {get_param: NovaComputeDriver}
           NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig}
           NovaComputeLibvirtType: {get_param: NovaComputeLibvirtType}
@@ -650,16 +729,19 @@ resources:
           NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
           NovaPassword: {get_param: NovaPassword}
           NtpServer: {get_param: NtpServer}
           NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
           NovaPassword: {get_param: NovaPassword}
           NtpServer: {get_param: NtpServer}
-          RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+          RabbitHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
           RabbitPassword: {get_param: RabbitPassword}
           RabbitUserName: {get_param: RabbitUserName}
           RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
           RabbitClientPort: {get_param: RabbitClientPort}
           SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
           SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
           RabbitPassword: {get_param: RabbitPassword}
           RabbitUserName: {get_param: RabbitUserName}
           RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
           RabbitClientPort: {get_param: RabbitClientPort}
           SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
           SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
+          ServiceNetMap: {get_param: ServiceNetMap}
+          UpdateIdentifier: {get_param: UpdateIdentifier}
 
   BlockStorage:
     type: OS::Heat::ResourceGroup
 
   BlockStorage:
     type: OS::Heat::ResourceGroup
+    depends_on: Networks
     properties:
       count: {get_param: BlockStorageCount}
       resource_def:
     properties:
       count: {get_param: BlockStorageCount}
       resource_def:
@@ -671,6 +753,7 @@ resources:
           CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
           # Purpose of the dedicated BlockStorage nodes should be to use their local LVM
           CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend}
           CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
           # Purpose of the dedicated BlockStorage nodes should be to use their local LVM
           CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend}
+          CinderPassword: {get_param: CinderPassword}
           VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
           KeyName: {get_param: KeyName}
           Flavor: {get_param: OvercloudBlockStorageFlavor}
           VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
           KeyName: {get_param: KeyName}
           Flavor: {get_param: OvercloudBlockStorageFlavor}
@@ -679,9 +762,11 @@ resources:
           RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
           RabbitClientPort: {get_param: RabbitClientPort}
           NtpServer: {get_param: NtpServer}
           RabbitClientUseSSL: {get_param: RabbitClientUseSSL}
           RabbitClientPort: {get_param: RabbitClientPort}
           NtpServer: {get_param: NtpServer}
+          UpdateIdentifier: {get_param: UpdateIdentifier}
 
   ObjectStorage:
     type: OS::Heat::ResourceGroup
 
   ObjectStorage:
     type: OS::Heat::ResourceGroup
+    depends_on: Networks
     properties:
       count: {get_param: ObjectStorageCount}
       resource_def:
     properties:
       count: {get_param: ObjectStorageCount}
       resource_def:
@@ -696,9 +781,12 @@ resources:
           Image: {get_param: SwiftStorageImage}
           Replicas: { get_param: SwiftReplicas}
           NtpServer: {get_param: NtpServer}
           Image: {get_param: SwiftStorageImage}
           Replicas: { get_param: SwiftReplicas}
           NtpServer: {get_param: NtpServer}
+          UpdateIdentifier: {get_param: UpdateIdentifier}
+          ServiceNetMap: {get_param: ServiceNetMap}
 
   CephStorage:
     type: OS::Heat::ResourceGroup
 
   CephStorage:
     type: OS::Heat::ResourceGroup
+    depends_on: Networks
     properties:
       count: {get_param: CephStorageCount}
       resource_def:
     properties:
       count: {get_param: CephStorageCount}
       resource_def:
@@ -708,6 +796,17 @@ resources:
           KeyName: {get_param: KeyName}
           Flavor: {get_param: OvercloudCephStorageFlavor}
           NtpServer: {get_param: NtpServer}
           KeyName: {get_param: KeyName}
           Flavor: {get_param: OvercloudCephStorageFlavor}
           NtpServer: {get_param: NtpServer}
+          ServiceNetMap: {get_param: ServiceNetMap}
+          UpdateIdentifier: {get_param: UpdateIdentifier}
+
+  ControllerIpListMap:
+    type: OS::TripleO::Network::Ports::NetIpListMap
+    properties:
+      ExternalIpList: {get_attr: [Controller, external_ip_address]}
+      InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]}
+      StorageIpList: {get_attr: [Controller, storage_ip_address]}
+      StorageMgmtIpList: {get_attr: [Controller, storage_mgmt_ip_address]}
+      TenantIpList: {get_attr: [Controller, tenant_ip_address]}
 
   allNodesConfig:
     type: OS::TripleO::AllNodes::SoftwareConfig
 
   allNodesConfig:
     type: OS::TripleO::AllNodes::SoftwareConfig
@@ -719,6 +818,23 @@ resources:
       object_storage_hosts: {get_attr: [ObjectStorage, hosts_entry]}
       ceph_storage_hosts: {get_attr: [CephStorage, hosts_entry]}
       controller_names: {get_attr: [Controller, hostname]}
       object_storage_hosts: {get_attr: [ObjectStorage, hosts_entry]}
       ceph_storage_hosts: {get_attr: [CephStorage, hosts_entry]}
       controller_names: {get_attr: [Controller, hostname]}
+      rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
+      mongo_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
+      redis_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+      memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
+      mysql_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
+      horizon_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
+      heat_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
+      swift_proxy_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
+      ceilometer_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
+      nova_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
+      nova_metadata_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
+      glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
+      glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
+      cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
+      neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
+      keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+      keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
 
   MysqlRootPassword:
     type: OS::Heat::RandomString
 
   MysqlRootPassword:
     type: OS::Heat::RandomString
@@ -736,22 +852,91 @@ resources:
       length: 20
       salt: {get_param: RabbitCookieSalt}
 
       length: 20
       salt: {get_param: RabbitCookieSalt}
 
+  # creates the network architecture
+  Networks:
+    type: OS::TripleO::Network
+
   ControlVirtualIP:
     type: OS::Neutron::Port
   ControlVirtualIP:
     type: OS::Neutron::Port
+    depends_on: Networks
     properties:
       name: control_virtual_ip
       network_id: {get_param: NeutronControlPlaneID}
       fixed_ips: {get_param: ControlFixedIPs}
       replacement_policy: AUTO
 
     properties:
       name: control_virtual_ip
       network_id: {get_param: NeutronControlPlaneID}
       fixed_ips: {get_param: ControlFixedIPs}
       replacement_policy: AUTO
 
+  # same as external
   PublicVirtualIP:
     type: OS::Neutron::Port
   PublicVirtualIP:
     type: OS::Neutron::Port
+    depends_on: Networks
     properties:
       name: public_virtual_ip
       network: {get_param: PublicVirtualNetwork}
       fixed_ips: {get_param: PublicVirtualFixedIPs}
       replacement_policy: AUTO
 
     properties:
       name: public_virtual_ip
       network: {get_param: PublicVirtualNetwork}
       fixed_ips: {get_param: PublicVirtualFixedIPs}
       replacement_policy: AUTO
 
+  InternalApiVirtualIP:
+    depends_on: Networks
+    type: OS::TripleO::Controller::Ports::InternalApiPort
+    properties:
+      ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+      PortName: internal_api_virtual_ip
+
+  StorageVirtualIP:
+    depends_on: Networks
+    type: OS::TripleO::Controller::Ports::StoragePort
+    properties:
+      ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+      PortName: storage_virtual_ip
+
+  StorageMgmtVirtualIP:
+    depends_on: Networks
+    type: OS::TripleO::Controller::Ports::StorageMgmtPort
+    properties:
+      ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+      PortName: storage_management_virtual_ip
+
+  VipMap:
+    type: OS::TripleO::Network::Ports::NetIpMap
+    properties:
+      ExternalIp: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
+      InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]}
+      StorageIp: {get_attr: [StorageVirtualIP, ip_address]}
+      StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]}
+      # No tenant VIP required
+
+  VipConfig:
+    type: OS::TripleO::VipConfig
+
+  VipDeployment:
+    type: OS::Heat::StructuredDeployments
+    properties:
+      config: {get_resource: VipConfig}
+      servers: {get_attr: [Controller, attributes, nova_server_resource]}
+      input_values:
+        # service VIP mappings
+        keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
+        keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+        neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
+        cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
+        glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
+        glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
+        swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
+        nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
+        nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
+        ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
+        heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
+        horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
+        redis_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+        mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
+        rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
+        # direct configuration of Virtual IPs for each network
+        control_virtual_ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+        public_virtual_ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
+        internal_api_virtual_ip: {get_attr: [InternalApiVirtualIP, ip_address]}
+        storage_virtual_ip: {get_attr: [StorageVirtualIP, ip_address]}
+        storage_mgmt_virtual_ip: {get_attr: [StorageMgmtVirtualIP, ip_address]}
+
   ControllerBootstrapNodeConfig:
     type: OS::TripleO::BootstrapNode::SoftwareConfig
     properties:
   ControllerBootstrapNodeConfig:
     type: OS::TripleO::BootstrapNode::SoftwareConfig
     properties:
@@ -811,7 +996,7 @@ resources:
       ceph_mon_key: {get_param: CephMonKey}
       ceph_admin_key: {get_param: CephAdminKey}
       ceph_mon_names: {get_attr: [Controller, hostname]}
       ceph_mon_key: {get_param: CephMonKey}
       ceph_admin_key: {get_param: CephAdminKey}
       ceph_mon_names: {get_attr: [Controller, hostname]}
-      ceph_mon_ips: {get_attr: [Controller, ip_address]}
+      ceph_mon_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
 
   ControllerClusterConfig:
     type: OS::Heat::StructuredConfig
 
   ControllerClusterConfig:
     type: OS::Heat::StructuredConfig
@@ -903,5 +1088,5 @@ outputs:
       list_join:
       - ''
       - - http://
       list_join:
       - ''
       - - http://
-        - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+        - {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
         - :5000/v2.0/
         - :5000/v2.0/