X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=overcloud-source.yaml;h=d62a093973b57f1c5bbdf4fa59c4402337a0c6b2;hb=61848672732585749724b74dcada09d9eed49c9c;hp=553000624c057be9102315e333520ad6f5e33d68;hpb=83914a012b85dc22c401ec484e74f947e825b132;p=apex-tripleo-heat-templates.git diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 55300062..d62a0939 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -58,6 +58,8 @@ parameters: controllerImage: type: string default: overcloud-control + constraints: + - custom_constraint: glance.image ControlVirtualInterface: default: 'br-ex' description: Interface where virtual ip will be assigned. @@ -114,6 +116,10 @@ parameters: description: The filepath of the file to use for logging messages from Glance. type: string default: '' + HorizonPort: + type: number + default: 80 + description: Horizon web server port. GlancePassword: default: unset description: The password for the glance service account, used by the glance services. @@ -149,7 +155,7 @@ parameters: the openvswitch agent. Typically should not need to be changed. type: string HypervisorNeutronPublicInterface: - default: 'eth0' + default: nic1 description: What interface to add to the HypervisorNeutronPhysicalBridge. type: string ImageUpdatePolicy: @@ -160,6 +166,8 @@ parameters: default: default description: Name of an existing EC2 KeyPair to enable SSH access to the instances type: string + constraints: + - custom_constraint: nova.keypair KeystoneCACertificate: default: '' description: Keystone self-signed certificate authority certificate. @@ -173,27 +181,15 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true - LiveUpdateComputeImage: - type: string - description: The image ID for live-updates to the overcloud compute nodes. + KeystoneSSLCertificate: default: '' - LiveUpdateHost: + description: Keystone certificate for verifying token validity. type: string - description: The IP address for the undercloud Glance API. + KeystoneSSLCertificateKey: default: '' - LiveUpdatePassword: + description: Keystone key for signing tokens. type: string - default: '' - description: The live-update password for the undercloud Glance API. hidden: true - LiveUpdateTenantName: - type: string - description: The live-update tenant name for the undercloud Glance API. - default: '' - LiveUpdateUserName: - type: string - description: The live-update username for the undercloud Glance API. - default: '' MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to @@ -242,7 +238,7 @@ parameters: type: string hidden: true NeutronPublicInterface: - default: eth0 + default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string NeutronPublicInterfaceDefaultRoute: @@ -267,12 +263,38 @@ parameters: overcloud.yaml to include the deployment of VLAN ports to the control plane. type: string + NeutronComputeAgentMode: + default: 'dvr' + description: Agent mode for the neutron-l3-agent on the compute hosts + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string NeutronTunnelTypes: default: 'gre' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string NovaComputeDriver: default: libvirt.LibvirtDriver type: string @@ -288,6 +310,8 @@ parameters: NovaImage: type: string default: overcloud-compute + constraints: + - custom_constraint: glance.image NovaPassword: default: unset description: The password for the nova service account, used by nova-api. @@ -297,13 +321,15 @@ parameters: type: string default: '' OvercloudComputeFlavor: - default: baremetal description: Flavor for compute nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor OvercloudControlFlavor: - default: baremetal description: Flavor for control nodes to request when deploying. type: string + constraints: + - custom_constraint: nova.flavor PublicVirtualFixedIPs: default: [] description: > @@ -334,6 +360,16 @@ parameters: default: guest description: The username for RabbitMQ type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -351,6 +387,7 @@ resources: network_id: {get_param: NeutronControlPlaneID} fixed_ips: get_param: ControlFixedIPs + replacement_policy: AUTO MysqlClusterUniquePart: type: OS::Heat::RandomString properties: @@ -366,6 +403,7 @@ resources: network: {get_param: PublicVirtualNetwork} fixed_ips: get_param: PublicVirtualFixedIPs + replacement_policy: AUTO RabbitCookie: type: OS::Heat::RandomString properties: @@ -384,25 +422,13 @@ resources: NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - NovaDSN: - Fn::Join: - - '' - - - mysql://nova:unset@ - - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - /nova NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} CeilometerDSN: Fn::Join: - '' - - mysql://ceilometer:unset@ - - *compute_database_host + - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - /ceilometer - NeutronDSN: - Fn::Join: - - '' - - - mysql://neutron:unset@ - - *compute_database_host - - /ovs_neutron NeutronNetworkType: get_param: NeutronNetworkType NeutronTunnelTypes: @@ -418,6 +444,16 @@ resources: get_param: HypervisorNeutronPublicInterface NeutronBridgeMappings: get_param: NeutronBridgeMappings + NeutronDVR: + get_param: NeutronDVR + NeutronAgentMode: + get_param: NeutronComputeAgentMode + NeutronPublicInterfaceRawDevice: + get_param: NeutronPublicInterfaceRawDevice + NeutronMechanismDrivers: + get_param: NeutronMechanismDrivers + NeutronAllowL3AgentFailover: + get_param: NeutronAllowL3AgentFailover NovaCompute0AllNodesDeployment: type: FileInclude Path: nova-compute-instance.yaml @@ -539,6 +575,7 @@ resources: metadata_server_url: {get_input: heat.metadata_server_url} waitcondition_server_url: {get_input: heat.waitcondition_server_url} horizon: + port: {get_param: HorizonPort} caches: memcached: nodes: @@ -558,6 +595,9 @@ resources: ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} + ssl: + certificate: {get_param: KeystoneSSLCertificate} + certificate_key: {get_param: KeystoneSSLCertificateKey} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} local_bind: true @@ -575,7 +615,11 @@ resources: debug: {get_param: Debug} flat-networks: {get_param: NeutronFlatNetworks} host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: unset + metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + agent_mode: {get_param: NeutronAgentMode} + router_distributed: {get_param: NeutronDVR} + mechanism_drivers: {get_param: NeutronMechanismDrivers} + allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} ovs: enable_tunneling: 'True' local_ip: @@ -646,6 +690,8 @@ resources: get_attr: - RabbitCookie - value + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_port: {get_param: RabbitClientPort} ntp: servers: - {server: {get_param: NtpServer}, fudge: "stratum 0"} @@ -694,42 +740,36 @@ resources: ip: {get_attr: [controller0, networks, ctlplane, 0]} name: {get_attr: [controller0, name]} net_binds: - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}} + - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}} + options: + - option httpchk GET / services: - name: keystone_admin port: 35357 - net_binds: &public_binds - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - name: keystone_public port: 5000 - net_binds: *public_binds - name: horizon port: 80 - net_binds: *public_binds - name: neutron port: 9696 - net_binds: *public_binds - name: cinder port: 8776 - net_binds: *public_binds - name: glance_api port: 9292 - net_binds: *public_binds - name: glance_registry port: 9191 - net_binds: *public_binds + options: # overwrite options as glace_reg needs auth for http req - name: heat_api port: 8004 - net_binds: *public_binds - name: heat_cloudwatch port: 8003 - net_binds: *public_binds - name: heat_cfn port: 8000 - net_binds: *public_binds - name: mysql port: 3306 + net_binds: + - *control_vip extra_server_params: - backup options: @@ -739,24 +779,25 @@ resources: port: 8773 - name: nova_osapi port: 8774 - net_binds: *public_binds - name: nova_metadata port: 8775 - net_binds: *public_binds - name: nova_novncproxy port: 6080 - net_binds: *public_binds - name: ceilometer port: 8777 - net_binds: *public_binds + options: # overwrite options as ceil needs auth for http req - name: swift_proxy_server port: 8080 - net_binds: *public_binds + options: + - option httpchk GET /info - name: rabbitmq port: 5672 + net_binds: + - *control_vip options: - timeout client 0 - timeout server 0 + - maxconn 1500 controllerPassthrough: type: OS::Heat::StructuredConfig properties: @@ -881,6 +922,10 @@ resources: - Merge::Map: controller0: {get_attr: [controller0, name]} + sysctl: + net.ipv4.tcp_keepalive_time: 5 + net.ipv4.tcp_keepalive_probes: 5 + net.ipv4.tcp_keepalive_intvl: 1 controller0SSLDeployment: type: OS::Heat::StructuredDeployment properties: