-heat_template_version: 2014-10-16
+heat_template_version: 2015-04-30
description: >
OpenStack controller node configured by Puppet.
description: The keystone auth secret.
type: string
hidden: true
+ CeilometerBackend:
+ default: 'mongodb'
+ description: The ceilometer backend type.
+ type: string
CeilometerMeteringSecret:
default: unset
description: Secret shared by the ceilometer services.
description: The password for the ceilometer service account.
type: string
hidden: true
+ CinderEnableIscsiBackend:
+ default: true
+ description: Whether to enable or not the Iscsi backend for Cinder
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
CinderISCSIHelper:
default: tgtadm
description: The iSCSI helper to use with cinder.
default: ''
description: Set to True to enable debugging on all services.
type: string
+ EnableGalera:
+ default: true
+ description: Whether to use Galera instead of regular MariaDB.
+ type: boolean
+ EnablePacemaker:
+ default: false
+ description: If enabled services will be monitored by Pacemaker; it
+ will manage VIPs as well, in place of Keepalived.
+ type: boolean
+ EnableCephStorage:
+ default: false
+ description: Whether to deploy Ceph Storage (OSD) on the Controller
+ type: boolean
+ EnableSwiftStorage:
+ default: true
+ description: Whether to enable Swift Storage on the Controller
+ type: boolean
ExtraConfig:
default: {}
description: |
default: http
description: Protocol to use when connecting to glance, set to https for SSL.
type: string
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
HeatPassword:
default: unset
description: The password for the Heat service account, used by the Heat services.
type: string
default: ''
hidden: true
+ HeatAuthEncryptionKey:
+ description: Auth encryption key for heat-engine
+ type: string
+ HorizonSecret:
+ description: Secret key for Django
+ type: string
Image:
type: string
default: overcloud-control
network) - if changing this either use different post-install network
scripts or be sure to keep 'datacentre' as a mapping network name.
type: string
- default: ""
+ default: "datacentre:br-ex"
NeutronDnsmasqOptions:
default: 'dhcp-option-force=26,1400'
description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
default: "True"
NeutronFlatNetworks:
type: string
- default: ''
+ default: 'datacentre'
description: If set, flat networks to configure in neutron plugins.
+ NeutronL3HA:
+ default: 'False'
+ description: Whether to enable l3-agent HA
+ type: string
NeutronNetworkType:
default: 'gre'
description: The tenant network type for Neutron, either gre or vxlan.
NtpServer:
type: string
default: ''
+ PcsdPassword:
+ type: string
+ description: The password for the 'pcsd' user.
PublicVirtualInterface:
default: 'br-ex'
description: >
default: 'false'
description: Set to true to enable package installation via Puppet
type: boolean
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
resources:
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
+ user_data: {get_resource: NodeUserData}
+
+ NodeUserData:
+ type: OS::TripleO::NodeUserData
+
+ ExternalPort:
+ type: OS::TripleO::Controller::Ports::ExternalPort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ InternalApiPort:
+ type: OS::TripleO::Controller::Ports::InternalApiPort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ StoragePort:
+ type: OS::TripleO::Controller::Ports::StoragePort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ StorageMgmtPort:
+ type: OS::TripleO::Controller::Ports::StorageMgmtPort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ TenantPort:
+ type: OS::TripleO::Controller::Ports::TenantPort
+ properties:
+ ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
+
+ NetIpMap:
+ type: OS::TripleO::Network::Ports::NetIpMap
+ properties:
+ ExternalIp: {get_attr: [ExternalPort, ip_address]}
+ InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
+ StorageIp: {get_attr: [StoragePort, ip_address]}
+ StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
+ TenantIp: {get_attr: [TenantPort, ip_address]}
NetworkConfig:
- type: OS::TripleO::Net::SoftwareConfig
+ type: OS::TripleO::Controller::Net::SoftwareConfig
+ properties:
+ ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
+ InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
+ StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
+ StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
+ TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
properties:
signal_transport: NO_SIGNAL
- config: {get_attr: [NetworkConfig, config_id]}
+ config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
input_values:
bridge_name: br-ex
- - 'http://'
- {get_param: VirtualIP}
- ':8000/v1/waitcondition'
+ heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
+ horizon_secret: {get_param: HorizonSecret}
admin_password: {get_param: AdminPassword}
admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
debug: {get_param: Debug}
+ cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
cinder_password: {get_param: CinderPassword}
+ cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
cinder_iscsi_helper: {get_param: CinderISCSIHelper}
cinder_dsn:
list_join:
glance_port: {get_param: GlancePort}
glance_protocol: {get_param: GlanceProtocol}
glance_password: {get_param: GlancePassword}
+ glance_backend: {get_param: GlanceBackend}
+ glance_swift_store_auth_address: {list_join: ['', ['http://', {get_param: VirtualIP} , ':5000/v2.0']]}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance_dsn:
- - 'mysql://keystone:unset@'
- {get_param: VirtualIP}
- '/keystone'
+ keystone_identity_uri:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: VirtualIP}
+ - ':35357/'
+ keystone_auth_uri:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: VirtualIP}
+ - ':5000/v2.0/'
+ enable_galera: {get_param: EnableGalera}
+ enable_ceph_storage: {get_param: EnableCephStorage}
+ enable_swift_storage: {get_param: EnableSwiftStorage}
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
mysql_root_password: {get_param: MysqlRootPassword}
mysql_cluster_name:
neutron_router_distributed: {get_param: NeutronDVR}
neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
+ neutron_l3_ha: {get_param: NeutronL3HA}
neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
neutron_public_interface: {get_param: NeutronPublicInterface}
- - 'mysql://neutron:unset@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
+ neutron_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: VirtualIP}
+ - ':9696'
+ neutron_admin_auth_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - {get_param: VirtualIP}
+ - ':35357/v2.0'
+ ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_dsn:
- - 'mysql://nova:unset@'
- {get_param: VirtualIP}
- '/nova'
+ pcsd_password: {get_param: PcsdPassword}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
rabbit_cookie: {get_param: RabbitCookie}
- controller
- object
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- - rabbit # provided by allNodesConfig
+ - ceph_cluster # provided by CephClusterConfig
+ - ceph
- bootstrap_node # provided by BootstrapNodeConfig
+ - all_nodes # provided by allNodesConfig
+ - '"%{::osfamily}"'
- common
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
+ ceph:
+ raw_data: {get_file: hieradata/ceph.yaml}
object:
raw_data: {get_file: hieradata/object.yaml}
controller:
raw_data: {get_file: hieradata/controller.yaml}
mapped_data: # data supplied directly to this deployment configuration, etc
- debug: {get_input: debug}
bootstack_nodeid: {get_input: bootstack_nodeid}
controller_host: {get_input: controller_host} #local-ipv4
+
+ # Pacemaker
+ hacluster_pwd: {get_input: pcsd_password}
+
# Swift
swift::proxy::proxy_local_net_ip: {get_input: controller_host}
- swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip}
+ swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
+ swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
swift::storage::all::storage_local_net_ip: {get_input: controller_host}
swift::swift_hash_suffix: {get_input: swift_hash_suffix}
swift::proxy::authtoken::admin_password: {get_input: swift_password}
# NOTE(dprince): build_ring support is currently not wired in.
# See: https://review.openstack.org/#/c/109225/
tripleo::ringbuilder::build_ring: True
+
# Cinder
+ cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
- cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper}
- cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host}
+ cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
+ cinder_iscsi_ip_address: {get_input: controller_host}
cinder::database_connection: {get_input: cinder_dsn}
cinder::api::keystone_password: {get_input: cinder_password}
- cinder::api::keystone_auth_host: {get_input: controller_virtual_ip}
+ cinder::api::auth_uri: {get_input: keystone_auth_uri}
+ cinder::api::identity_uri: {get_input: keystone_identity_uri}
cinder::api::bind_host: {get_input: controller_host}
cinder::rabbit_userid: {get_input: rabbit_username}
cinder::rabbit_password: {get_input: rabbit_password}
- #cinder::debug: {get_input: debug}
+ cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ cinder::rabbit_port: {get_input: rabbit_client_port}
+ cinder::debug: {get_input: debug}
+ cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend}
+
# Glance
glance::api::bind_port: {get_input: glance_port}
glance::api::bind_host: {get_input: controller_host}
- glance::api::auth_host: {get_input: controller_virtual_ip}
+ glance::api::auth_uri: {get_input: keystone_auth_uri}
+ glance::api::identity_uri: {get_input: keystone_identity_uri}
glance::api::registry_host: {get_input: controller_host}
glance::api::keystone_password: {get_input: glance_password}
+ glance::api::debug: {get_input: debug}
# used to construct glance_api_servers
glance_port: {get_input: glance_port}
glance_protocol: {get_input: glance_protocol}
glance::registry::keystone_password: {get_input: glance_password}
glance::registry::database_connection: {get_input: glance_dsn}
glance::registry::bind_host: {get_input: controller_host}
- glance::registry::auth_host: {get_input: controller_virtual_ip}
+ glance::registry::auth_uri: {get_input: keystone_auth_uri}
+ glance::registry::identity_uri: {get_input: keystone_identity_uri}
+ glance::registry::debug: {get_input: debug}
+ glance::backend::swift::swift_store_auth_address: {get_input: glance_swift_store_auth_address}
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_input: glance_password}
+ glance_backend: {get_input: glance_backend}
+
# Heat
heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
- heat::engine::auth_encryption_key: unset___________
+ heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
heat::rabbit_userid: {get_input: rabbit_username}
heat::rabbit_password: {get_input: rabbit_password}
- heat::rabbit_host: {get_input: controller_virtual_ip}
- heat::keystone_host: {get_input: controller_virtual_ip}
+ heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ heat::rabbit_port: {get_input: rabbit_client_port}
+ heat::auth_uri: {get_input: keystone_auth_uri}
+ heat::identity_uri: {get_input: keystone_identity_uri}
heat::keystone_password: {get_input: heat_password}
heat::api::bind_host: {get_input: controller_host}
heat::api_cloudwatch::bind_host: {get_input: controller_host}
heat::api_cfn::bind_host: {get_input: controller_host}
heat::database_connection: {get_input: heat_dsn}
+ heat::instance_user: heat-admin
+ heat::debug: {get_input: debug}
# Keystone
keystone::admin_token: {get_input: admin_token}
keystone::database_connection: {get_input: keystone_dsn}
keystone::public_bind_host: {get_input: controller_host}
keystone::admin_bind_host: {get_input: controller_host}
- #keystone::debug: {get_input: debug}
+ keystone::debug: {get_input: debug}
+ # MongoDB
+ mongodb::server::bind_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
# MySQL
admin_password: {get_input: admin_password}
+ enable_galera: {get_input: enable_galera}
+ enable_ceph_storage: {get_input: enable_ceph_storage}
+ enable_swift_storage: {get_input: enable_swift_storage}
mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
- mysql_root_password: {get_input: mysql_root_password}
+ mysql::server::root_password: {get_input: mysql_root_password}
mysql_cluster_name: {get_input: mysql_cluster_name}
+
# Neutron
neutron::bind_host: {get_input: controller_host}
neutron::rabbit_password: {get_input: rabbit_password}
neutron::rabbit_user: {get_input: rabbit_user}
- #neutron::debug: {get_input: debug}
- neutron::server::auth_host: {get_input: controller_virtual_ip}
+ neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ neutron::rabbit_port: {get_input: rabbit_client_port}
+ neutron::debug: {get_input: debug}
+ neutron::server::auth_uri: {get_input: keystone_auth_uri}
+ neutron::server::identity_uri: {get_input: keystone_identity_uri}
neutron::server::database_connection: {get_input: neutron_dsn}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
- neutron::agents::ml2::ovs::local_ip: {get_input: controller_host}
+ neutron::agents::ml2::ovs::local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronLocalIp]}]}
neutron_flat_networks: {get_input: neutron_flat_networks}
neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip}
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers}
neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
+ neutron::server::l3_ha: {get_input: neutron_l3_ha}
neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
neutron_bridge_mappings: {get_input: neutron_bridge_mappings}
neutron_public_interface: {get_input: neutron_public_interface}
neutron::agents::metadata::auth_password: {get_input: neutron_password}
neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
neutron_dsn: {get_input: neutron_dsn}
+
# Ceilometer
+ ceilometer_backend: {get_input: ceilometer_backend}
+ ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
ceilometer::metering_secret: {get_input: ceilometer_metering_secret}
ceilometer::rabbit_userid: {get_input: rabbit_username}
ceilometer::rabbit_password: {get_input: rabbit_password}
- ceilometer::rabbit_host: {get_input: controller_virtual_ip}
- ceilometer::api::host: {get_input: controller_host}
+ ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ ceilometer::rabbit_port: {get_input: rabbit_client_port}
+ ceilometer::debug: {get_input: debug}
+ ceilometer::api::host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
ceilometer::api::keystone_password: {get_input: ceilometer_password}
- ceilometer::api::keystone_host: {get_input: controller_virtual_ip}
- ceilometer::db::database_connection: {get_input: ceilometer_dsn}
+ ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
+ ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
+
# Nova
nova::rabbit_userid: {get_input: rabbit_username}
nova::rabbit_password: {get_input: rabbit_password}
- nova::api::auth_host: {get_input: controller_virtual_ip}
+ nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ nova::rabbit_port: {get_input: rabbit_client_port}
+ nova::debug: {get_input: debug}
+ nova::api::auth_uri: {get_input: keystone_auth_uri}
+ nova::api::identity_uri: {get_input: keystone_identity_uri}
nova::api::api_bind_address: {get_input: controller_host}
nova::api::metadata_listen: {get_input: controller_host}
nova::api::admin_password: {get_input: nova_password}
nova::database_connection: {get_input: nova_dsn}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
+ nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
+ nova::network::neutron::neutron_url: {get_input: neutron_url}
+ nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
+
+ # Horizon
+ horizon::django_debug: {get_input: debug}
+ horizon::secret_key: {get_input: horizon_secret}
+ horizon::bind_address: {get_input: controller_host}
+ horizon::keystone_url: {get_input: keystone_auth_uri}
+
# Rabbit
- rabbit_username: {get_input: rabbit_username}
- rabbit_password: {get_input: rabbit_password}
- rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
- rabbit_client_port: {get_input: rabbit_client_port}
+ rabbitmq::node_ip_address: {get_input: controller_host}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
+ # Redis
+ redis::bind: {get_input: controller_host}
# Misc
+ memcached::listen_ip: {get_input: controller_host}
neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
ntp::servers: {get_input: ntp_servers}
control_virtual_interface: {get_input: control_virtual_interface}
controller_virtual_ip: {get_input: controller_virtual_ip}
public_virtual_interface: {get_input: public_virtual_interface}
public_virtual_ip: {get_input: public_virtual_ip}
+ tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
+ tripleo::loadbalancer::controller_virtual_ip: {get_input: controller_virtual_ip}
+ tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
+ tripleo::loadbalancer::public_virtual_ip: {get_input: public_virtual_ip}
enable_package_install: {get_input: enable_package_install}
outputs:
ip_address:
description: IP address of the server in the ctlplane network
value: {get_attr: [Controller, networks, ctlplane, 0]}
+ external_ip_address:
+ description: IP address of the server in the external network
+ value: {get_attr: [ExternalPort, ip_address]}
+ internal_api_ip_address:
+ description: IP address of the server in the internal_api network
+ value: {get_attr: [InternalApiPort, ip_address]}
+ storage_ip_address:
+ description: IP address of the server in the storage network
+ value: {get_attr: [StoragePort, ip_address]}
+ storage_mgmt_ip_address:
+ description: IP address of the server in the storage_mgmt network
+ value: {get_attr: [StorageMgmtPort, ip_address]}
+ tenant_ip_address:
+ description: IP address of the server in the tenant network
+ value: {get_attr: [TenantPort, ip_address]}
hostname:
description: Hostname of the server
value: {get_attr: [Controller, name]}
Server's IP address and hostname in the /etc/hosts format
value:
str_replace:
- template: IP HOST HOST.novalocal CLOUDNAME
+ template: IP HOST CLOUDNAME
params:
IP: {get_attr: [Controller, networks, ctlplane, 0]}
HOST: {get_attr: [Controller, name]}