controllerImage:
type: string
default: overcloud-control
+ constraints:
+ - custom_constraint: glance.image
ControlVirtualInterface:
default: 'br-ex'
description: Interface where virtual ip will be assigned.
description: The filepath of the file to use for logging messages from Glance.
type: string
default: ''
+ HorizonPort:
+ type: number
+ default: 80
+ description: Horizon web server port.
GlancePassword:
default: unset
description: The password for the glance service account, used by the glance services.
the openvswitch agent. Typically should not need to be changed.
type: string
HypervisorNeutronPublicInterface:
- default: 'eth0'
+ default: nic1
description: What interface to add to the HypervisorNeutronPhysicalBridge.
type: string
ImageUpdatePolicy:
default: default
description: Name of an existing EC2 KeyPair to enable SSH access to the instances
type: string
+ constraints:
+ - custom_constraint: nova.keypair
KeystoneCACertificate:
default: ''
description: Keystone self-signed certificate authority certificate.
description: Keystone key for signing tokens.
type: string
hidden: true
- LiveUpdateComputeImage:
- type: string
- description: The image ID for live-updates to the overcloud compute nodes.
+ KeystoneSSLCertificate:
default: ''
- LiveUpdateHost:
+ description: Keystone certificate for verifying token validity.
type: string
- description: The IP address for the undercloud Glance API.
+ KeystoneSSLCertificateKey:
default: ''
- LiveUpdatePassword:
+ description: Keystone key for signing tokens.
type: string
- default: ''
- description: The live-update password for the undercloud Glance API.
hidden: true
- LiveUpdateTenantName:
- type: string
- description: The live-update tenant name for the undercloud Glance API.
- default: ''
- LiveUpdateUserName:
- type: string
- description: The live-update username for the undercloud Glance API.
- default: ''
MysqlInnodbBufferPoolSize:
description: >
Specifies the size of the buffer pool in megabytes. Setting to
type: string
hidden: true
NeutronPublicInterface:
- default: eth0
+ default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
NeutronPublicInterfaceDefaultRoute:
overcloud.yaml to include the deployment of VLAN ports to the control
plane.
type: string
+ NeutronComputeAgentMode:
+ default: 'dvr'
+ description: Agent mode for the neutron-l3-agent on the compute hosts
+ type: string
+ NeutronAgentMode:
+ default: 'dvr_snat'
+ description: Agent mode for the neutron-l3-agent on the controller hosts
+ type: string
+ NeutronDVR:
+ default: 'False'
+ description: Whether to configure Neutron Distributed Virtual Routers
+ type: string
+ NeutronMetadataProxySharedSecret:
+ default: 'unset'
+ description: Shared secret to prevent spoofing
+ type: string
NeutronTunnelTypes:
default: 'gre'
description: |
The tunnel types for the Neutron tenant network. To specify multiple
values, use a comma separated string, like so: 'gre,vxlan'
type: string
+ NeutronMechanismDrivers:
+ default: 'openvswitch'
+ description: |
+ The mechanism drivers for the Neutron tenant network. To specify multiple
+ values, use a comma separated string, like so: 'openvswitch,l2_population'
+ type: string
+ NeutronAllowL3AgentFailover:
+ default: 'True'
+ description: Allow automatic l3-agent failover
+ type: string
NovaComputeDriver:
default: libvirt.LibvirtDriver
type: string
NovaImage:
type: string
default: overcloud-compute
+ constraints:
+ - custom_constraint: glance.image
NovaPassword:
default: unset
description: The password for the nova service account, used by nova-api.
type: string
default: ''
OvercloudComputeFlavor:
- default: baremetal
description: Flavor for compute nodes to request when deploying.
type: string
+ constraints:
+ - custom_constraint: nova.flavor
OvercloudControlFlavor:
- default: baremetal
description: Flavor for control nodes to request when deploying.
type: string
+ constraints:
+ - custom_constraint: nova.flavor
PublicVirtualFixedIPs:
default: []
description: >
default: guest
description: The username for RabbitMQ
type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
network_id: {get_param: NeutronControlPlaneID}
fixed_ips:
get_param: ControlFixedIPs
+ replacement_policy: AUTO
MysqlClusterUniquePart:
type: OS::Heat::RandomString
properties:
network: {get_param: PublicVirtualNetwork}
fixed_ips:
get_param: PublicVirtualFixedIPs
+ replacement_policy: AUTO
RabbitCookie:
type: OS::Heat::RandomString
properties:
NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- NovaDSN:
- Fn::Join:
- - ''
- - - mysql://nova:unset@
- - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- - /nova
NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
CeilometerDSN:
Fn::Join:
- ''
- - mysql://ceilometer:unset@
- - *compute_database_host
+ - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- /ceilometer
- NeutronDSN:
- Fn::Join:
- - ''
- - - mysql://neutron:unset@
- - *compute_database_host
- - /ovs_neutron
NeutronNetworkType:
get_param: NeutronNetworkType
NeutronTunnelTypes:
get_param: HypervisorNeutronPublicInterface
NeutronBridgeMappings:
get_param: NeutronBridgeMappings
+ NeutronDVR:
+ get_param: NeutronDVR
+ NeutronAgentMode:
+ get_param: NeutronComputeAgentMode
+ NeutronPublicInterfaceRawDevice:
+ get_param: NeutronPublicInterfaceRawDevice
+ NeutronMechanismDrivers:
+ get_param: NeutronMechanismDrivers
+ NeutronAllowL3AgentFailover:
+ get_param: NeutronAllowL3AgentFailover
NovaCompute0AllNodesDeployment:
type: FileInclude
Path: nova-compute-instance.yaml
metadata_server_url: {get_input: heat.metadata_server_url}
waitcondition_server_url: {get_input: heat.waitcondition_server_url}
horizon:
+ port: {get_param: HorizonPort}
caches:
memcached:
nodes:
ca_certificate: {get_param: KeystoneCACertificate}
signing_key: {get_param: KeystoneSigningKey}
signing_certificate: {get_param: KeystoneSigningCertificate}
+ ssl:
+ certificate: {get_param: KeystoneSSLCertificate}
+ certificate_key: {get_param: KeystoneSSLCertificateKey}
mysql:
innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
local_bind: true
debug: {get_param: Debug}
flat-networks: {get_param: NeutronFlatNetworks}
host: {get_input: controller_virtual_ip}
- metadata_proxy_shared_secret: unset
+ metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ agent_mode: {get_param: NeutronAgentMode}
+ router_distributed: {get_param: NeutronDVR}
+ mechanism_drivers: {get_param: NeutronMechanismDrivers}
+ allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
ovs:
enable_tunneling: 'True'
local_ip:
get_attr:
- RabbitCookie
- value
+ rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
+ rabbit_port: {get_param: RabbitClientPort}
ntp:
servers:
- {server: {get_param: NtpServer}, fudge: "stratum 0"}
ip: {get_attr: [controller0, networks, ctlplane, 0]}
name: {get_attr: [controller0, name]}
net_binds:
- - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+ - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}}
+ - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}}
+ options:
+ - option httpchk GET /
services:
- name: keystone_admin
port: 35357
- net_binds: &public_binds
- - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
- name: keystone_public
port: 5000
- net_binds: *public_binds
- name: horizon
port: 80
- net_binds: *public_binds
- name: neutron
port: 9696
- net_binds: *public_binds
- name: cinder
port: 8776
- net_binds: *public_binds
- name: glance_api
port: 9292
- net_binds: *public_binds
- name: glance_registry
port: 9191
- net_binds: *public_binds
+ options: # overwrite options as glace_reg needs auth for http req
- name: heat_api
port: 8004
- net_binds: *public_binds
- name: heat_cloudwatch
port: 8003
- net_binds: *public_binds
- name: heat_cfn
port: 8000
- net_binds: *public_binds
- name: mysql
port: 3306
+ net_binds:
+ - *control_vip
extra_server_params:
- backup
options:
port: 8773
- name: nova_osapi
port: 8774
- net_binds: *public_binds
- name: nova_metadata
port: 8775
- net_binds: *public_binds
- name: nova_novncproxy
port: 6080
- net_binds: *public_binds
- name: ceilometer
port: 8777
- net_binds: *public_binds
+ options: # overwrite options as ceil needs auth for http req
- name: swift_proxy_server
port: 8080
- net_binds: *public_binds
+ options:
+ - option httpchk GET /info
- name: rabbitmq
port: 5672
+ net_binds:
+ - *control_vip
options:
- timeout client 0
- timeout server 0
+ - maxconn 1500
controllerPassthrough:
type: OS::Heat::StructuredConfig
properties:
- Merge::Map:
controller0:
{get_attr: [controller0, name]}
+ sysctl:
+ net.ipv4.tcp_keepalive_time: 5
+ net.ipv4.tcp_keepalive_probes: 5
+ net.ipv4.tcp_keepalive_intvl: 1
controller0SSLDeployment:
type: OS::Heat::StructuredDeployment
properties: