description: Keystone key for signing tokens.
type: string
hidden: true
+ KeystoneSSLCertificate:
+ default: ''
+ description: Keystone certificate for verifying token validity.
+ type: string
+ KeystoneSSLCertificateKey:
+ default: ''
+ description: Keystone key for signing tokens.
+ type: string
+ hidden: true
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
default: 'dhcp-option-force=26,1400'
description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
type: string
+ NeutronAgentMode:
+ default: 'dvr_snat'
+ description: Agent mode for the neutron-l3-agent on the controller hosts
+ type: string
+ NeutronDVR:
+ default: 'False'
+ description: Whether to configure Neutron Distributed Virtual Routers
+ type: string
+ NeutronMetadataProxySharedSecret:
+ default: 'unset'
+ description: Shared secret to prevent spoofing
+ type: string
+ NeutronMechanismDrivers:
+ default: 'openvswitch'
+ description: |
+ The mechanism drivers for the Neutron tenant network. To specify multiple
+ values, use a comma separated string, like so: 'openvswitch,l2_population'
+ type: string
+ NeutronAllowL3AgentFailover:
+ default: 'True'
+ description: Allow automatic l3-agent failover
+ type: string
NeutronEnableTunnelling:
type: string
default: "True"
default: guest
description: The username for RabbitMQ
type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
type: string
hidden: true
+ SwiftHashSuffix:
+ default: unset
+ description: A random string to be used as a salt when hashing to determine mappings
+ in the ring.
+ hidden: true
+ type: string
+ SwiftPartPower:
+ default: 10
+ description: Partition Power to use when building Swift rings
+ type: number
+ SwiftPassword:
+ default: unset
+ description: The password for the swift service account, used by the swift proxy
+ services.
+ hidden: true
+ type: string
+ SwiftReplicas:
+ type: number
+ default: 1
+ description: How many replicas to use in the swift rings.
VirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
ca_certificate: {get_param: KeystoneCACertificate}
signing_key: {get_param: KeystoneSigningKey}
signing_certificate: {get_param: KeystoneSigningCertificate}
+ ssl:
+ certificate: {get_param: KeystoneSSLCertificate}
+ certificate_key: {get_param: KeystoneSSLCertificateKey}
mysql:
innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
local_bind: true
debug: {get_param: Debug}
flat-networks: {get_param: NeutronFlatNetworks}
host: {get_input: controller_virtual_ip}
- metadata_proxy_shared_secret: unset
+ metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ agent_mode: {get_param: NeutronAgentMode}
+ router_distributed: {get_param: NeutronDVR}
+ mechanism_drivers: {get_param: NeutronMechanismDrivers}
+ allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
ovs:
enable_tunneling: {get_input: neutron_enable_tunneling}
local_ip: {get_input: controller_host}
username: {get_param: RabbitUserName}
password: {get_param: RabbitPassword}
cookie: {get_param: RabbitCookie}
+ rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
+ rabbit_port: {get_param: RabbitClientPort}
ntp:
servers:
- {server: {get_param: NtpServer}, fudge: "stratum 0"}
haproxy:
net_binds:
- ip: {get_param: VirtualIP}
+ options:
+ - option httpchk GET /
services:
- name: keystone_admin
port: 35357
- name: glance_registry
port: 9191
net_binds: *public_binds
+ options: # overwrite options as glace_reg needs auth for http req
- name: heat_api
port: 8004
net_binds: *public_binds
- name: nova_metadata
port: 8775
net_binds: *public_binds
+ - name: nova_novncproxy
+ port: 6080
+ net_binds: *public_binds
- name: ceilometer
port: 8777
net_binds: *public_binds
+ options: # overwrite options as ceil needs auth for http req
- name: swift_proxy_server
port: 8080
net_binds: *public_binds
+ options:
+ - option httpchk GET /info
- name: rabbitmq
port: 5672
options:
input_values:
passthrough_config_specific: {get_param: ControllerExtraConfig}
+ SwiftConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ swift:
+ hash: { get_input: swift_hash_suffix }
+ part-power: { get_input: swift_part_power }
+ replicas: {get_input: swift_replicas }
+ service-password: { get_input: swift_password }
+
+ SwiftStorageDeploy:
+ type: OS::Heat::StructuredDeployment
+ properties:
+ server: {get_resource: Controller}
+ config: {get_resource: SwiftConfig}
+ signal_transport: NO_SIGNAL
+ input_values:
+ swift_hash_suffix: {get_param: SwiftHashSuffix}
+ swift_password: {get_param: SwiftPassword}
+ swift_part_power: {get_param: SwiftPartPower}
+ swift_replicas: { get_param: SwiftReplicas}
outputs:
ip_address: