description: Keystone key for signing tokens.
type: string
hidden: true
+ KeystoneSSLCertificate:
+ default: ''
+ description: Keystone certificate for verifying token validity.
+ type: string
+ KeystoneSSLCertificateKey:
+ default: ''
+ description: Keystone key for signing tokens.
+ type: string
+ hidden: true
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
default: 'unset' # Has to be here because of the ignored empty value bug
- constraints:
- - length: {min: 4, max: 10}
+ # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
+ # constraints:
+ # - length: {min: 4, max: 10}
MysqlInnodbBufferPoolSize:
description: >
Specifies the size of the buffer pool in megabytes. Setting to
default: 'dhcp-option-force=26,1400'
description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
type: string
+ NeutronAgentMode:
+ default: 'dvr_snat'
+ description: Agent mode for the neutron-l3-agent on the controller hosts
+ type: string
+ NeutronDVR:
+ default: 'False'
+ description: Whether to configure Neutron Distributed Virtual Routers
+ type: string
+ NeutronMetadataProxySharedSecret:
+ default: 'unset'
+ description: Shared secret to prevent spoofing
+ type: string
+ NeutronMechanismDrivers:
+ default: 'openvswitch'
+ description: |
+ The mechanism drivers for the Neutron tenant network. To specify multiple
+ values, use a comma separated string, like so: 'openvswitch,l2_population'
+ type: string
+ NeutronAllowL3AgentFailover:
+ default: 'True'
+ description: Allow automatic l3-agent failover
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
type: string
hidden: true
NeutronPublicInterface:
- default: eth0
+ default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
NeutronPublicInterfaceTag:
default: guest
description: The username for RabbitMQ
type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
in the ring.
hidden: true
type: string
+ SwiftMountCheck:
+ default: 'false'
+ description: Value of mount_check in Swift account/container/object -server.conf
+ type: boolean
+ SwiftMinPartHours:
+ type: number
+ default: 1
+ description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
SwiftPartPower:
default: 10
description: Partition Power to use when building Swift rings
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
+ NetworkConfig:
+ type: OS::TripleO::Net::SoftwareConfig
+
+ NetworkDeployment:
+ type: OS::TripleO::SoftwareDeployment
+ properties:
+ signal_transport: NO_SIGNAL
+ config: {get_attr: [NetworkConfig, config_id]}
+ server: {get_resource: Controller}
+ input_values:
+ bridge_name: br-ex
+ interface_name: {get_param: NeutronPublicInterface}
+
ControllerConfig:
- type: OS::Heat::StructuredConfig
+ type: OS::TripleO::Controller::SoftwareConfig
properties:
- group: os-apply-config
- config:
- admin-password: {get_param: AdminPassword}
- admin-token: {get_param: AdminToken}
- bootstack:
- public_interface_ip: {get_param: NeutronPublicInterfaceIP}
- bootstrap_host:
- nodeid: {get_input: bootstack_nodeid}
- database:
- host: &database_host
- {get_param: VirtualIP}
- cinder:
- db:
- list_join:
- - ''
- - - mysql://cinder:unset@
- - *database_host
- - /cinder
- debug: {get_param: Debug}
- volume_size_mb: {get_param: CinderLVMLoopDeviceSize}
- service-password: {get_param: CinderPassword}
- iscsi-helper: {get_param: CinderISCSIHelper}
- controller-address: {get_input: controller_host}
- corosync:
- bindnetaddr: {get_input: controller_host}
- mcastport: 5577
- pacemaker:
- stonith_enabled : false
- recheck_interval : 5
- quorum_policy : ignore
- db-password: unset
- glance:
- registry:
- host: {get_input: controller_virtual_ip}
- backend: swift
- db:
- list_join:
- - ''
- - - mysql://glance:unset@
- - *database_host
- - /glance
- debug: {get_param: Debug}
- host: {get_input: controller_virtual_ip}
- port: {get_param: GlancePort}
- protocol: {get_param: GlanceProtocol}
- service-password: {get_param: GlancePassword}
- swift-store-user: service:glance
- swift-store-key: {get_param: GlancePassword}
- notifier-strategy: {get_param: GlanceNotifierStrategy}
- log-file: {get_param: GlanceLogFile}
- heat:
- admin_password: {get_param: HeatPassword}
- admin_tenant_name: service
- admin_user: heat
- auth_encryption_key: unset___________
- db:
- list_join:
- - ''
- - - mysql://heat:unset@
- - *database_host
- - /heat
- debug: {get_param: Debug}
- stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
- watch_server_url: {get_input: heat.watch_server_url}
- metadata_server_url: {get_input: heat.metadata_server_url}
- waitcondition_server_url: {get_input: heat.waitcondition_server_url}
- keystone:
- db:
- list_join:
- - ''
- - - mysql://keystone:unset@
- - *database_host
- - /keystone
- debug: {get_param: Debug}
- host: {get_input: controller_virtual_ip}
- ca_certificate: {get_param: KeystoneCACertificate}
- signing_key: {get_param: KeystoneSigningKey}
- signing_certificate: {get_param: KeystoneSigningCertificate}
- mysql:
- innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
- local_bind: true
- root-password: {get_param: MysqlRootPassword}
- cluster_name:
- str_replace:
- template: tripleo-CLUSTER
- params:
- CLUSTER: {get_param: MysqlClusterUniquePart}
- neutron:
- debug: {get_param: Debug}
- flat-networks: {get_param: NeutronFlatNetworks}
- host: {get_input: controller_virtual_ip}
- metadata_proxy_shared_secret: unset
- ovs:
- enable_tunneling: {get_input: neutron_enable_tunneling}
- local_ip: {get_input: controller_host}
- network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
- bridge_mappings: {get_param: NeutronBridgeMappings}
- public_interface: {get_param: NeutronPublicInterface}
- public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
- public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute}
- public_interface_tag: {get_param: NeutronPublicInterfaceTag}
- physical_bridge: br-ex
- tenant_network_type: {get_param: NeutronNetworkType}
- tunnel_types: {get_param: NeutronTunnelTypes}
- ovs_db:
- list_join:
- - ''
- - - mysql://neutron:unset@
- - *database_host
- - /ovs_neutron?charset=utf8
- service-password: {get_param: NeutronPassword}
- dnsmasq-options: {get_param: NeutronDnsmasqOptions}
- ceilometer:
- db:
- list_join:
- - ''
- - - mysql://ceilometer:unset@
- - *database_host
- - /ceilometer
- debug: {get_param: Debug}
- metering_secret: {get_param: CeilometerMeteringSecret}
- service-password: {get_param: CeilometerPassword}
- snmpd:
- export_MIB: UCD-SNMP-MIB
- readonly_user_name: {get_param: SnmpdReadonlyUserName}
- readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- nova:
- compute_driver: libvirt.LibvirtDriver
- db:
- list_join:
- - ''
- - - mysql://nova:unset@
- - *database_host
- - /nova
- default_floating_pool:
- ext-net
- host: {get_input: controller_virtual_ip}
- metadata-proxy: true
- service-password: {get_param: NovaPassword}
- rabbit:
- host: {get_input: controller_virtual_ip}
- username: {get_param: RabbitUserName}
- password: {get_param: RabbitPassword}
- cookie: {get_param: RabbitCookie}
- ntp:
- servers:
- - {server: {get_param: NtpServer}, fudge: "stratum 0"}
- virtual_interfaces:
- instances:
- - vrrp_instance_name: VI_CONTROL
- virtual_router_id: 51
- keepalive_interface: {get_param: ControlVirtualInterface}
- priority: 101
- virtual_ips:
- - ip: {get_param: VirtualIP}
- interface: {get_param: ControlVirtualInterface}
- - vrrp_instance_name: VI_PUBLIC
- virtual_router_id: 52
- keepalive_interface: {get_param: PublicVirtualInterface}
- priority: 101
- virtual_ips:
- - ip: {get_param: PublicVirtualIP}
- interface: {get_param: PublicVirtualInterface}
- vrrp_sync_groups:
- - name: VG1
- members:
- - VI_CONTROL
- - VI_PUBLIC
- keepalived:
- keepalive_interface: {get_param: PublicVirtualInterface}
- priority: 101
- virtual_ips:
- -
- ip: {get_param: VirtualIP}
- interface: {get_param: ControlVirtualInterface}
- -
- ip: {get_param: PublicVirtualIP}
- interface: {get_param: PublicVirtualInterface}
- haproxy:
- net_binds:
- - ip: {get_param: VirtualIP}
- services:
- - name: keystone_admin
- port: 35357
- net_binds: &public_binds
- - ip: {get_param: VirtualIP}
- - ip: {get_param: PublicVirtualIP}
- - name: keystone_public
- port: 5000
- net_binds: *public_binds
- - name: horizon
- port: 80
- net_binds: *public_binds
- - name: neutron
- port: 9696
- net_binds: *public_binds
- - name: cinder
- port: 8776
- net_binds: *public_binds
- - name: glance_api
- port: 9292
- net_binds: *public_binds
- - name: glance_registry
- port: 9191
- net_binds: *public_binds
- - name: heat_api
- port: 8004
- net_binds: *public_binds
- - name: heat_cloudwatch
- port: 8003
- net_binds: *public_binds
- - name: heat_cfn
- port: 8000
- net_binds: *public_binds
- - name: mysql
- port: 3306
- extra_server_params:
- - backup
- options:
- - timeout client 0
- - timeout server 0
- - name: nova_ec2
- port: 8773
- - name: nova_osapi
- port: 8774
- net_binds: *public_binds
- - name: nova_metadata
- port: 8775
- net_binds: *public_binds
- - name: ceilometer
- port: 8777
- net_binds: *public_binds
- - name: swift_proxy_server
- port: 8080
- net_binds: *public_binds
- - name: rabbitmq
- port: 5672
- options:
- - timeout client 0
- - timeout server 0
+ # allow configs to create sub-resources attached to the controller
+ controller_id: {get_resource: Controller}
ControllerPassthroughConfig:
type: OS::Heat::StructuredConfig
config: {get_input: passthrough_config_specific}
ControllerDeployment:
- type: OS::Heat::StructuredDeployment
+ type: OS::TripleO::SoftwareDeployment
properties:
signal_transport: NO_SIGNAL
- config: {get_resource: ControllerConfig}
+ config: {get_attr: [ControllerConfig, config_id]}
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- - 'http://'
- {get_param: VirtualIP}
- ':8000/v1/waitcondition'
+ admin_password: {get_param: AdminPassword}
+ admin_token: {get_param: AdminToken}
+ neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
+ debug: {get_param: Debug}
+ cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
+ cinder_password: {get_param: CinderPassword}
+ cinder_iscsi_helper: {get_param: CinderISCSIHelper}
+ cinder_dsn:
+ list_join:
+ - ''
+ - - 'mysql://cinder:unset@'
+ - {get_param: VirtualIP}
+ - '/cinder'
+ glance_port: {get_param: GlancePort}
+ glance_protocol: {get_param: GlanceProtocol}
+ glance_password: {get_param: GlancePassword}
+ glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
+ glance_log_file: {get_param: GlanceLogFile}
+ glance_dsn:
+ list_join:
+ - ''
+ - - 'mysql://glance:unset@'
+ - {get_param: VirtualIP}
+ - '/glance'
+ heat_password: {get_param: HeatPassword}
+ heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
+ heat_dsn:
+ list_join:
+ - ''
+ - - 'mysql://heat:unset@'
+ - {get_param: VirtualIP}
+ - '/heat'
+ keystone_ca_certificate: {get_param: KeystoneCACertificate}
+ keystone_signing_key: {get_param: KeystoneSigningKey}
+ keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
+ keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
+ keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone_dsn:
+ list_join:
+ - ''
+ - - 'mysql://keystone:unset@'
+ - {get_param: VirtualIP}
+ - '/keystone'
+ mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
+ mysql_root_password: {get_param: MysqlRootPassword}
+ mysql_cluster_name:
+ str_replace:
+ template: tripleo-CLUSTER
+ params:
+ CLUSTER: {get_param: MysqlClusterUniquePart}
+ neutron_flat_networks: {get_param: NeutronFlatNetworks}
+ neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ neutron_agent_mode: {get_param: NeutronAgentMode}
+ neutron_router_distributed: {get_param: NeutronDVR}
+ neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
+ neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
+ neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
+ neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
+ neutron_public_interface: {get_param: NeutronPublicInterface}
+ neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
+ neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
+ neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
+ neutron_tenant_network_type: {get_param: NeutronNetworkType}
+ neutron_tunnel_types: {get_param: NeutronTunnelTypes}
+ neutron_password: {get_param: NeutronPassword}
+ neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
+ neutron_dsn:
+ list_join:
+ - ''
+ - - 'mysql://neutron:unset@'
+ - {get_param: VirtualIP}
+ - '/ovs_neutron?charset=utf8'
+ ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
+ ceilometer_password: {get_param: CeilometerPassword}
+ ceilometer_dsn:
+ list_join:
+ - ''
+ - - 'mysql://ceilometer:unset@'
+ - {get_param: VirtualIP}
+ - '/ceilometer'
+ snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
+ snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
+ nova_password: {get_param: NovaPassword}
+ nova_dsn:
+ list_join:
+ - ''
+ - - 'mysql://nova:unset@'
+ - {get_param: VirtualIP}
+ - '/nova'
+ rabbit_username: {get_param: RabbitUserName}
+ rabbit_password: {get_param: RabbitPassword}
+ rabbit_cookie: {get_param: RabbitCookie}
+ rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
+ rabbit_client_port: {get_param: RabbitClientPort}
+ ntp_server: {get_param: NtpServer}
+ control_virtual_interface: {get_param: ControlVirtualInterface}
+ public_virtual_interface: {get_param: PublicVirtualInterface}
+ public_virtual_ip: {get_param: PublicVirtualIP}
SSLConfig:
type: OS::Heat::StructuredConfig
swift:
hash: { get_input: swift_hash_suffix }
part-power: { get_input: swift_part_power }
+ mount-check: { get_input: swift_mount_check }
+ min-part-hours: { get_input: swift_min_part_hours }
replicas: {get_input: swift_replicas }
service-password: { get_input: swift_password }
signal_transport: NO_SIGNAL
input_values:
swift_hash_suffix: {get_param: SwiftHashSuffix}
+ swift_mount_check: {get_param: SwiftMountCheck}
swift_password: {get_param: SwiftPassword}
+ swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_part_power: {get_param: SwiftPartPower}
swift_replicas: { get_param: SwiftReplicas}