-heat_template_version: 2014-10-16
+heat_template_version: 2015-04-30
description: >
OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
hidden: true
AdminToken:
default: unset
- description: The keystone auth secret.
+ description: The keystone auth secret and db password.
type: string
hidden: true
+ CeilometerBackend:
+ default: 'mongodb'
+ description: The ceilometer backend type.
+ type: string
CeilometerMeteringSecret:
default: unset
description: Secret shared by the ceilometer services.
hidden: true
CeilometerPassword:
default: unset
- description: The password for the ceilometer service account.
+ description: The password for the ceilometer service and db account.
type: string
hidden: true
+ CinderEnableIscsiBackend:
+ default: true
+ description: Whether to enable or not the Iscsi backend for Cinder
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
CinderISCSIHelper:
default: tgtadm
description: The iSCSI helper to use with cinder.
type: number
CinderPassword:
default: unset
- description: The password for the cinder service account, used by cinder-api.
+ description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
CloudName:
default: ''
description: Set to True to enable debugging on all services.
type: string
+ EnableGalera:
+ default: true
+ description: Whether to use Galera instead of regular MariaDB.
+ type: boolean
+ EnablePacemaker:
+ default: false
+ description: If enabled services will be monitored by Pacemaker; it
+ will manage VIPs as well, in place of Keepalived.
+ type: boolean
+ EnableCephStorage:
+ default: false
+ description: Whether to deploy Ceph Storage (OSD) on the Controller
+ type: boolean
+ EnableSwiftStorage:
+ default: true
+ description: Whether to enable Swift Storage on the Controller
+ type: boolean
ExtraConfig:
default: {}
description: |
default: ''
GlancePassword:
default: unset
- description: The password for the glance service account, used by the glance services.
+ description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlancePort:
default: http
description: Protocol to use when connecting to glance, set to https for SSL.
type: string
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
HeatPassword:
default: unset
- description: The password for the Heat service account, used by the Heat services.
+ description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
type: string
default: ''
hidden: true
+ HeatAuthEncryptionKey:
+ description: Auth encryption key for heat-engine
+ type: string
+ HorizonSecret:
+ description: Secret key for Django
+ type: string
Image:
type: string
default: overcloud-control
network) - if changing this either use different post-install network
scripts or be sure to keep 'datacentre' as a mapping network name.
type: string
- default: ""
+ default: "datacentre:br-ex"
NeutronDnsmasqOptions:
default: 'dhcp-option-force=26,1400'
description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
default: 'True'
description: Allow automatic l3-agent failover
type: string
+ NeutronL3HA:
+ default: 'False'
+ description: Whether to enable l3-agent HA
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
NeutronFlatNetworks:
type: string
- default: ''
+ default: 'datacentre'
description: If set, flat networks to configure in neutron plugins.
NeutronNetworkType:
default: 'gre'
The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
Neutron documentation for permitted values. Defaults to permitting any
VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
- type: string
+ type: comma_delimited_list
NeutronPassword:
default: unset
- description: The password for the neutron service account, used by neutron agents.
+ description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
type: string
NovaPassword:
default: unset
- description: The password for the nova service account, used by nova-api.
+ description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
NtpServer:
type: string
default: ''
+ PcsdPassword:
+ type: string
+ description: The password for the 'pcsd' user.
PublicVirtualInterface:
default: 'br-ex'
description: >
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ RedisVirtualIP:
+ type: string
+ default: '' # Has to be here because of the ignored empty value bug
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
in the ring.
hidden: true
type: string
+ SwiftMountCheck:
+ default: 'false'
+ description: Value of mount_check in Swift account/container/object -server.conf
+ type: boolean
SwiftMinPartHours:
type: number
default: 1
type: string
SwiftReplicas:
type: number
- default: 1
+ default: 3
description: How many replicas to use in the swift rings.
VirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
-
+ HeatApiVirtualIP:
+ type: string
+ default: ''
+ GlanceApiVirtualIP:
+ type: string
+ default: ''
+ MysqlVirtualIP:
+ type: string
+ default: ''
+ KeystonePublicApiVirtualIP:
+ type: string
+ default: ''
+ NeutronApiVirtualIP:
+ type: string
+ default: ''
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ UpdateIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting to a previously unused value during stack-update will trigger
+ package update on all nodes
resources:
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
+ user_data: {get_resource: NodeUserData}
+
+ NodeUserData:
+ type: OS::TripleO::NodeUserData
+
+ ExternalPort:
+ type: OS::TripleO::Controller::Ports::ExternalPort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ InternalApiPort:
+ type: OS::TripleO::Controller::Ports::InternalApiPort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ StoragePort:
+ type: OS::TripleO::Controller::Ports::StoragePort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ StorageMgmtPort:
+ type: OS::TripleO::Controller::Ports::StorageMgmtPort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ TenantPort:
+ type: OS::TripleO::Controller::Ports::TenantPort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
NetworkConfig:
- type: OS::TripleO::Net::SoftwareConfig
+ type: OS::TripleO::Controller::Net::SoftwareConfig
+ properties:
+ ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
+ InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
+ StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
+ StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
+ TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
properties:
signal_transport: NO_SIGNAL
- config: {get_attr: [NetworkConfig, config_id]}
+ config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
- ControllerConfig:
- type: OS::TripleO::Controller::SoftwareConfig
- properties:
- # allow configs to create sub-resources attached to the controller
- controller_id: {get_resource: Controller}
-
ControllerPassthroughConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config: {get_input: passthrough_config_specific}
+ ControllerConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ admin-password: {get_input: admin_password}
+ admin-token: {get_input: admin_token}
+ bootstack:
+ public_interface_ip: {get_input: neutron_public_interface_ip}
+ bootstrap_host:
+ nodeid: {get_input: bootstack_nodeid}
+ cinder:
+ db: {get_input: cinder_dsn}
+ debug: {get_input: debug}
+ volume_size_mb: {get_input: cinder_lvm_loop_device_size}
+ service-password: {get_input: cinder_password}
+ iscsi-helper: {get_input: CinderISCSIHelper}
+ controller-address: {get_input: controller_host}
+ corosync:
+ bindnetaddr: {get_input: controller_host}
+ mcastport: 5577
+ pacemaker:
+ stonith_enabled : false
+ recheck_interval : 5
+ quorum_policy : ignore
+ db-password: unset
+ glance:
+ registry:
+ host: {get_input: controller_virtual_ip}
+ backend: swift
+ db: {get_input: glance_dsn}
+ debug: {get_input: debug}
+ host: {get_input: controller_virtual_ip}
+ port: {get_input: glance_port}
+ protocol: {get_input: glance_protocol}
+ service-password: {get_input: glance_password}
+ swift-store-user: service:glance
+ swift-store-key: {get_input: glance_password}
+ notifier-strategy: {get_input: glance_notifier_strategy}
+ log-file: {get_input: glance_log_file}
+ heat:
+ admin_password: {get_input: heat_password}
+ admin_tenant_name: service
+ admin_user: heat
+ auth_encryption_key: {get_input: heat_auth_encryption_key}
+ db: {get_input: heat_dsn}
+ debug: {get_input: debug}
+ stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
+ watch_server_url: {get_input: heat.watch_server_url}
+ metadata_server_url: {get_input: heat.metadata_server_url}
+ waitcondition_server_url: {get_input: heat.waitcondition_server_url}
+ keystone:
+ db: {get_input: keystone_dsn}
+ debug: {get_input: debug}
+ host: {get_input: controller_virtual_ip}
+ ca_certificate: {get_input: keystone_ca_certificate}
+ signing_key: {get_input: keystone_signing_key}
+ signing_certificate: {get_input: keystone_signing_certificate}
+ ssl:
+ certificate: {get_input: keystone_ssl_certificate}
+ certificate_key: {get_input: keystone_ssl_certificate_key}
+ mysql:
+ innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
+ local_bind: true
+ root-password: {get_input: mysql_root_password}
+ cluster_name: {get_input: mysql_cluster_name}
+ neutron:
+ debug: {get_input: debug}
+ flat-networks: {get_input: neutron_flat_networks}
+ host: {get_input: controller_virtual_ip}
+ metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
+ agent_mode: {get_input: neutron_agent_mode}
+ router_distributed: {get_input: neutron_router_distributed}
+ mechanism_drivers: {get_input: neutron_mechanism_drivers}
+ allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
+ l3_ha: {get_input: neutron_l3_ha}
+ ovs:
+ enable_tunneling: {get_input: neutron_enable_tunneling}
+ local_ip: {get_input: controller_host}
+ network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
+ bridge_mappings: {get_input: neutron_bridge_mappings}
+ public_interface: {get_input: neutron_public_interface}
+ public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
+ public_interface_route: {get_input: neutron_public_interface_default_route}
+ public_interface_tag: {get_input: neutron_public_interface_tag}
+ physical_bridge: br-ex
+ tenant_network_type: {get_input: neutron_tenant_network_type}
+ tunnel_types: {get_input: neutron_tunnel_types}
+ ovs_db: {get_input: neutron_dsn}
+ service-password: {get_input: neutron_password}
+ dnsmasq-options: {get_input: neutron_dnsmasq_options}
+ ceilometer:
+ db: {get_input: ceilometer_dsn}
+ debug: {get_input: debug}
+ metering_secret: {get_input: ceilometer_metering_secret}
+ service-password: {get_input: ceilometer_password}
+ snmpd:
+ export_MIB: UCD-SNMP-MIB
+ readonly_user_name: {get_input: snmpd_readonly_user_name}
+ readonly_user_password: {get_input: snmpd_readonly_user_password}
+ nova:
+ compute_driver: libvirt.LibvirtDriver
+ db: {get_input: nova_dsn}
+ default_floating_pool:
+ ext-net
+ host: {get_input: controller_virtual_ip}
+ metadata-proxy: true
+ service-password: {get_input: nova_password}
+ rabbit:
+ host: {get_input: controller_virtual_ip}
+ username: {get_input: rabbit_username}
+ password: {get_input: rabbit_password}
+ cookie: {get_input: rabbit_cookie}
+ rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
+ rabbit_port: {get_input: rabbit_client_port}
+ ntp:
+ servers:
+ - {server: {get_input: ntp_server}}
+ virtual_interfaces:
+ instances:
+ - vrrp_instance_name: VI_CONTROL
+ virtual_router_id: 51
+ keepalive_interface: {get_input: control_virtual_interface}
+ priority: 101
+ virtual_ips:
+ - ip: {get_input: controller_virtual_ip}
+ interface: {get_input: control_virtual_interface}
+ - vrrp_instance_name: VI_PUBLIC
+ virtual_router_id: 52
+ keepalive_interface: {get_input: public_virtual_interface}
+ priority: 101
+ virtual_ips:
+ - ip: {get_input: public_virtual_ip}
+ interface: {get_input: public_virtual_interface}
+ vrrp_sync_groups:
+ - name: VG1
+ members:
+ - VI_CONTROL
+ - VI_PUBLIC
+ keepalived:
+ keepalive_interface: {get_input: public_virtual_interface}
+ priority: 101
+ virtual_ips:
+ -
+ ip: {get_input: controller_virtual_ip}
+ interface: {get_input: control_virtual_interface}
+ -
+ ip: {get_input: public_virtual_ip}
+ interface: {get_input: public_virtual_interface}
+ haproxy:
+ net_binds:
+ - ip: {get_input: controller_virtual_ip}
+ options:
+ - option httpchk GET /
+ services:
+ - name: keystone_admin
+ port: 35357
+ net_binds: &public_binds
+ - ip: {get_input: controller_virtual_ip}
+ - ip: {get_input: public_virtual_ip}
+ - name: keystone_public
+ port: 5000
+ net_binds: *public_binds
+ - name: horizon
+ port: 80
+ net_binds: *public_binds
+ - name: neutron
+ port: 9696
+ net_binds: *public_binds
+ - name: cinder
+ port: 8776
+ net_binds: *public_binds
+ - name: glance_api
+ port: 9292
+ net_binds: *public_binds
+ - name: glance_registry
+ port: 9191
+ net_binds: *public_binds
+ options: # overwrite options as glace_reg needs auth for http req
+ - name: heat_api
+ port: 8004
+ net_binds: *public_binds
+ - name: heat_cloudwatch
+ port: 8003
+ net_binds: *public_binds
+ - name: heat_cfn
+ port: 8000
+ net_binds: *public_binds
+ - name: mysql
+ port: 3306
+ extra_server_params:
+ - backup
+ options:
+ - timeout client 0
+ - timeout server 0
+ - name: nova_ec2
+ port: 8773
+ - name: nova_osapi
+ port: 8774
+ net_binds: *public_binds
+ - name: nova_metadata
+ port: 8775
+ net_binds: *public_binds
+ - name: nova_novncproxy
+ port: 6080
+ net_binds: *public_binds
+ - name: ceilometer
+ port: 8777
+ net_binds: *public_binds
+ options: # overwrite options as ceil needs auth for http req
+ - name: swift_proxy_server
+ port: 8080
+ net_binds: *public_binds
+ options:
+ - option httpchk GET /info
+ - name: rabbitmq
+ port: 5672
+ options:
+ - timeout client 0
+ - timeout server 0
+ - maxconn 1500
+
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
properties:
signal_transport: NO_SIGNAL
- config: {get_attr: [ControllerConfig, config_id]}
+ config: {get_resource: ControllerConfig}
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
cinder_dsn:
list_join:
- ''
- - - 'mysql://cinder:unset@'
+ - - 'mysql://cinder:'
+ - {get_param: CinderPassword}
+ - '@'
- {get_param: VirtualIP}
- '/cinder'
glance_port: {get_param: GlancePort}
glance_dsn:
list_join:
- ''
- - - 'mysql://glance:unset@'
+ - - 'mysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
- {get_param: VirtualIP}
- '/glance'
heat_password: {get_param: HeatPassword}
heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
+ heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
heat_dsn:
list_join:
- ''
- - - 'mysql://heat:unset@'
+ - - 'mysql://heat:'
+ - {get_param: HeatPassword}
+ - '@'
- {get_param: VirtualIP}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_dsn:
list_join:
- ''
- - - 'mysql://keystone:unset@'
+ - - 'mysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
- {get_param: VirtualIP}
- '/keystone'
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
neutron_router_distributed: {get_param: NeutronDVR}
neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
+ neutron_l3_ha: {get_param: NeutronL3HA}
neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
neutron_public_interface: {get_param: NeutronPublicInterface}
neutron_dsn:
list_join:
- ''
- - - 'mysql://neutron:unset@'
+ - - 'mysql://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_dsn:
list_join:
- ''
- - - 'mysql://ceilometer:unset@'
+ - - 'mysql://ceilometer:'
+ - {get_param: CeilometerPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ceilometer'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
nova_dsn:
list_join:
- ''
- - - 'mysql://nova:unset@'
+ - - 'mysql://nova:'
+ - {get_param: NovaPassword}
+ - '@'
- {get_param: VirtualIP}
- '/nova'
rabbit_username: {get_param: RabbitUserName}
swift:
hash: { get_input: swift_hash_suffix }
part-power: { get_input: swift_part_power }
+ mount-check: { get_input: swift_mount_check }
min-part-hours: { get_input: swift_min_part_hours }
replicas: {get_input: swift_replicas }
service-password: { get_input: swift_password }
signal_transport: NO_SIGNAL
input_values:
swift_hash_suffix: {get_param: SwiftHashSuffix}
+ swift_mount_check: {get_param: SwiftMountCheck}
swift_password: {get_param: SwiftPassword}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_part_power: {get_param: SwiftPartPower}
ip_address:
description: IP address of the server in the ctlplane network
value: {get_attr: [Controller, networks, ctlplane, 0]}
+ external_ip_address:
+ description: IP address of the server in the external network
+ value: {get_attr: [ExternalPort, ip_address]}
+ internal_api_ip_address:
+ description: IP address of the server in the internal_api network
+ value: {get_attr: [InternalApiPort, ip_address]}
+ storage_ip_address:
+ description: IP address of the server in the storage network
+ value: {get_attr: [StoragePort, ip_address]}
+ storage_mgmt_ip_address:
+ description: IP address of the server in the storage_mgmt network
+ value: {get_attr: [StorageMgmtPort, ip_address]}
+ tenant_ip_address:
+ description: IP address of the server in the tenant network
+ value: {get_attr: [TenantPort, ip_address]}
hostname:
description: Hostname of the server
value: {get_attr: [Controller, name]}
Server's IP address and hostname in the /etc/hosts format
value:
str_replace:
- template: IP HOST HOST.novalocal CLOUDNAME
+ template: IP HOST CLOUDNAME
params:
IP: {get_attr: [Controller, networks, ctlplane, 0]}
HOST: {get_attr: [Controller, name]}
template: "IP:11211"
params:
IP: {get_attr: [Controller, networks, ctlplane, 0]}
+ config_identifier:
+ description: identifier which changes if the node configuration may need re-applying
+ value: "None - NO_SIGNAL"
Code Review / apex-tripleo-heat-templates.git / blobdiff