X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=overcloud-source.yaml;h=d62a093973b57f1c5bbdf4fa59c4402337a0c6b2;hb=61848672732585749724b74dcada09d9eed49c9c;hp=947becfbe0aca896755d65102cfa1c4d7bd3f88e;hpb=a35679f539614846f43dbb0b5a3c57dc7e0f34ee;p=apex-tripleo-heat-templates.git diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 947becfb..d62a0939 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -12,9 +12,20 @@ parameters: description: The keystone auth secret. type: string hidden: true - CinderPassword: + CeilometerComputeAgent: + description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly + type: string + default: '' + constraints: + - allowed_values: ['', Present] + CeilometerMeteringSecret: default: unset - description: The password for the cinder service account, used by cinder-api. + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service account. type: string hidden: true CinderISCSIHelper: @@ -25,10 +36,44 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderPassword: + default: unset + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + CloudName: + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + type: string + ControlFixedIPs: + default: [] + description: Should be used for arbitrary ips. + type: json + controllerExtraConfig: + default: {} + description: | + Controller specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + controllerImage: + type: string + default: overcloud-control + constraints: + - custom_constraint: glance.image + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string Debug: default: '' description: Set to True to enable debugging on all services. type: string + DefaultSignalTransport: + default: CFN_SIGNAL + description: Transport to use for software-config signals. + type: string + constraints: + - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] ExtraConfig: default: {} description: | @@ -67,26 +112,19 @@ parameters: } } type: json - controllerExtraConfig: - default: {} - description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - OvercloudControlFlavor: - default: baremetal - description: Flavor for control nodes to request when deploying. + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. type: string - OvercloudComputeFlavor: - default: baremetal - description: Flavor for compute nodes to request when deploying. + default: '' + HorizonPort: + type: number + default: 80 + description: Horizon web server port. + GlancePassword: + default: unset + description: The password for the glance service account, used by the glance services. type: string + hidden: true GlancePort: default: 9292 description: Glance port. @@ -95,24 +133,31 @@ parameters: default: http description: Protocol to use when connecting to glance, set to https for SSL. type: string - GlancePassword: - default: unset - description: The password for the glance service account, used by the glance services. - type: string - hidden: true GlanceNotifierStrategy: description: Strategy to use for Glance notification queue type: string default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' HeatPassword: default: unset description: The password for the Heat service account, used by the Heat services. type: string hidden: true + HeatStackDomainAdminPassword: + description: Password for heat_domain_admin user. + type: string + default: '' + hidden: true + HypervisorNeutronPhysicalBridge: + default: 'br-ex' + description: > + An OVS bridge to create on each hypervisor. This defaults to br-ex the + same as the control plane nodes, as we have a uniform configuration of + the openvswitch agent. Typically should not need to be changed. + type: string + HypervisorNeutronPublicInterface: + default: nic1 + description: What interface to add to the HypervisorNeutronPhysicalBridge. + type: string ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -121,6 +166,37 @@ parameters: default: default description: Name of an existing EC2 KeyPair to enable SSH access to the instances type: string + constraints: + - custom_constraint: nova.keypair + KeystoneCACertificate: + default: '' + description: Keystone self-signed certificate authority certificate. + type: string + KeystoneSigningCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSigningKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + MysqlInnodbBufferPoolSize: + description: > + Specifies the size of the buffer pool in megabytes. Setting to + zero should be interpreted as "no value" and will defer to the + lower level default. + type: number + default: 0 NeutronBridgeMappings: description: > The OVS logical->physical bridge mappings to use. See the Neutron @@ -131,80 +207,38 @@ parameters: scripts or be sure to keep 'datacentre' as a mapping network name. type: string default: "datacentre:br-ex" - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: string - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - CloudName: - default: '' - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - NovaComputeDriver: - default: libvirt.LibvirtDriver - type: string - NovaComputeLibvirtType: + NeutronControlPlaneID: default: '' type: string - NovaImage: - type: string - default: overcloud-compute - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. + description: Neutron ID for ctlplane network. + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,1400' + description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead. type: string - hidden: true NeutronFlatNetworks: type: string default: 'datacentre' description: > If set, flat networks to configure in neutron plugins. Defaults to 'datacentre' to permit external network creation. - HypervisorNeutronPhysicalBridge: - default: 'br-ex' + NeutronNetworkType: + default: 'gre' + description: The tenant network type for Neutron, either gre or vxlan. + type: string + NeutronNetworkVLANRanges: + default: 'datacentre' description: > - An OVS bridge to create on each hypervisor. This defaults to br-ex the - same as the control plane nodes, as we have a uniform configuration of - the openvswitch agent. Typically should not need to be changed. + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). type: string - HypervisorNeutronPublicInterface: - default: 'eth0' - description: What interface to add to the HypervisorNeutronPhysicalBridge. + NeutronPassword: + default: unset + description: The password for the neutron service account, used by neutron agents. type: string + hidden: true NeutronPublicInterface: - default: eth0 + default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string NeutronPublicInterfaceDefaultRoute: @@ -215,6 +249,10 @@ parameters: default: '' description: A custom IP address to put onto the NeutronPublicInterface. type: string + NeutronPublicInterfaceRawDevice: + default: '' + description: If set, the public interface is a vlan with this device as the raw device. + type: string NeutronPublicInterfaceTag: default: '' description: > @@ -225,21 +263,21 @@ parameters: overcloud.yaml to include the deployment of VLAN ports to the control plane. type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. + NeutronComputeAgentMode: + default: 'dvr' + description: Agent mode for the neutron-l3-agent on the compute hosts type: string - NeutronControlPlaneID: - default: '' + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts type: string - description: Neutron ID for ctlplane network. - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the tunnel overhead. + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers type: string - NeutronNetworkType: - default: 'gre' - description: The tenant network type for Neutron, either gre or vxlan. + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing type: string NeutronTunnelTypes: default: 'gre' @@ -247,66 +285,51 @@ parameters: The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' type: string - controllerImage: + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' type: string - default: overcloud-control - NtpServer: + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover type: string - default: '' - RabbitUserName: - default: guest - description: The username for RabbitMQ + NovaComputeDriver: + default: libvirt.LibvirtDriver type: string - RabbitPassword: - default: guest - description: The password for RabbitMQ + NovaComputeExtraConfig: + default: {} + description: | + NovaCompute specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + NovaComputeLibvirtType: + default: '' type: string - hidden: true - RabbitCookieSalt: + NovaImage: type: string + default: overcloud-compute + constraints: + - custom_constraint: glance.image + NovaPassword: default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + description: The password for the nova service account, used by nova-api. type: string - default: '' hidden: true - LiveUpdateUserName: - type: string - description: The live-update username for the undercloud Glance API. - default: '' - LiveUpdateTenantName: - type: string - description: The live-update tenant name for the undercloud Glance API. - default: '' - LiveUpdateHost: - type: string - description: The IP address for the undercloud Glance API. - default: '' - LiveUpdatePassword: + NtpServer: type: string default: '' - description: The live-update password for the undercloud Glance API. - hidden: true - LiveUpdateComputeImage: + OvercloudComputeFlavor: + description: Flavor for compute nodes to request when deploying. type: string - description: The image ID for live-updates to the overcloud compute nodes. - default: '' - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. + constraints: + - custom_constraint: nova.flavor + OvercloudControlFlavor: + description: Flavor for control nodes to request when deploying. type: string - ControlFixedIPs: - default: [] - description: Should be used for arbitrary ips. - type: json + constraints: + - custom_constraint: nova.flavor PublicVirtualFixedIPs: default: [] description: > @@ -324,25 +347,38 @@ parameters: type: string description: > Neutron network to allocate public virtual IP port on. - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. + RabbitCookieSalt: type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. + default: unset + description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. + RabbitPassword: + default: guest + description: The password for RabbitMQ type: string hidden: true - DefaultSignalTransport: - default: CFN_SIGNAL - description: Transport to use for software-config signals. + RabbitUserName: + default: guest + description: The username for RabbitMQ type: string - constraints: - - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true resources: ControlVirtualIP: type: OS::Neutron::Port @@ -351,6 +387,7 @@ resources: network_id: {get_param: NeutronControlPlaneID} fixed_ips: get_param: ControlFixedIPs + replacement_policy: AUTO MysqlClusterUniquePart: type: OS::Heat::RandomString properties: @@ -366,6 +403,7 @@ resources: network: {get_param: PublicVirtualNetwork} fixed_ips: get_param: PublicVirtualFixedIPs + replacement_policy: AUTO RabbitCookie: type: OS::Heat::RandomString properties: @@ -384,25 +422,13 @@ resources: NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - NovaDSN: - Fn::Join: - - '' - - - mysql://nova:unset@ - - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - /nova NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} CeilometerDSN: Fn::Join: - '' - - mysql://ceilometer:unset@ - - *compute_database_host + - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - /ceilometer - NeutronDSN: - Fn::Join: - - '' - - - mysql://neutron:unset@ - - *compute_database_host - - /ovs_neutron NeutronNetworkType: get_param: NeutronNetworkType NeutronTunnelTypes: @@ -418,6 +444,16 @@ resources: get_param: HypervisorNeutronPublicInterface NeutronBridgeMappings: get_param: NeutronBridgeMappings + NeutronDVR: + get_param: NeutronDVR + NeutronAgentMode: + get_param: NeutronComputeAgentMode + NeutronPublicInterfaceRawDevice: + get_param: NeutronPublicInterfaceRawDevice + NeutronMechanismDrivers: + get_param: NeutronMechanismDrivers + NeutronAllowL3AgentFailover: + get_param: NeutronAllowL3AgentFailover NovaCompute0AllNodesDeployment: type: FileInclude Path: nova-compute-instance.yaml @@ -539,6 +575,7 @@ resources: metadata_server_url: {get_input: heat.metadata_server_url} waitcondition_server_url: {get_input: heat.waitcondition_server_url} horizon: + port: {get_param: HorizonPort} caches: memcached: nodes: @@ -558,6 +595,9 @@ resources: ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} + ssl: + certificate: {get_param: KeystoneSSLCertificate} + certificate_key: {get_param: KeystoneSSLCertificateKey} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} local_bind: true @@ -575,7 +615,11 @@ resources: debug: {get_param: Debug} flat-networks: {get_param: NeutronFlatNetworks} host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: unset + metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + agent_mode: {get_param: NeutronAgentMode} + router_distributed: {get_param: NeutronDVR} + mechanism_drivers: {get_param: NeutronMechanismDrivers} + allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} ovs: enable_tunneling: 'True' local_ip: @@ -646,6 +690,8 @@ resources: get_attr: - RabbitCookie - value + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_port: {get_param: RabbitClientPort} ntp: servers: - {server: {get_param: NtpServer}, fudge: "stratum 0"} @@ -694,42 +740,36 @@ resources: ip: {get_attr: [controller0, networks, ctlplane, 0]} name: {get_attr: [controller0, name]} net_binds: - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + - &control_vip {ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}} + - &public_vip {ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}} + options: + - option httpchk GET / services: - name: keystone_admin port: 35357 - net_binds: &public_binds - - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - name: keystone_public port: 5000 - net_binds: *public_binds - name: horizon port: 80 - net_binds: *public_binds - name: neutron port: 9696 - net_binds: *public_binds - name: cinder port: 8776 - net_binds: *public_binds - name: glance_api port: 9292 - net_binds: *public_binds - name: glance_registry port: 9191 - net_binds: *public_binds + options: # overwrite options as glace_reg needs auth for http req - name: heat_api port: 8004 - net_binds: *public_binds - name: heat_cloudwatch port: 8003 - net_binds: *public_binds - name: heat_cfn port: 8000 - net_binds: *public_binds - name: mysql port: 3306 + net_binds: + - *control_vip extra_server_params: - backup options: @@ -739,21 +779,25 @@ resources: port: 8773 - name: nova_osapi port: 8774 - net_binds: *public_binds - name: nova_metadata port: 8775 - net_binds: *public_binds + - name: nova_novncproxy + port: 6080 - name: ceilometer port: 8777 - net_binds: *public_binds + options: # overwrite options as ceil needs auth for http req - name: swift_proxy_server port: 8080 - net_binds: *public_binds + options: + - option httpchk GET /info - name: rabbitmq port: 5672 + net_binds: + - *control_vip options: - timeout client 0 - timeout server 0 + - maxconn 1500 controllerPassthrough: type: OS::Heat::StructuredConfig properties: @@ -878,6 +922,10 @@ resources: - Merge::Map: controller0: {get_attr: [controller0, name]} + sysctl: + net.ipv4.tcp_keepalive_time: 5 + net.ipv4.tcp_keepalive_probes: 5 + net.ipv4.tcp_keepalive_intvl: 1 controller0SSLDeployment: type: OS::Heat::StructuredDeployment properties: