allNodesConfigImpl:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- datafiles:
- bootstrap_node:
- mapped_data:
- bootstrap_nodeid: {get_input: bootstrap_nodeid}
- bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
- all_nodes:
- mapped_data:
- map_merge:
- - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
- - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
- - enabled_services: {get_param: enabled_services}
- # This writes out a mapping of service_name_enabled: 'true'
- # For any services not enabled, hiera foo_enabled will
- # return nil, as it's undefined
- - map_merge:
- repeat:
- template:
- # Note this must be string 'true' due to
- # https://bugs.launchpad.net/heat/+bug/1617203
- SERVICE_enabled: 'true'
- for_each:
- SERVICE:
- str_split: [',', {get_param: enabled_services}]
- # Dynamically generate per-service network data
- # This works as follows (outer->inner functions)
- # yaql - filters services where no mapping exists in ServiceNetMap
- # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
- # map_merge/repeat: generate a per-service mapping
- - yaql:
- # This filters any entries where the value hasn't been substituted for
- # a list, e.g it's still $service_network. This happens when there is
- # no network defined for the service in the ServiceNetMap, which is OK
- # as not all services have to be bound to a network, so we filter them
- expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
- data:
- map:
- map_replace:
+ datafiles:
+ bootstrap_node:
+ bootstrap_nodeid: {get_input: bootstrap_nodeid}
+ bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
+ all_nodes:
+ map_merge:
+ - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
+ - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
+ - enabled_services: {get_param: enabled_services}
+ # This writes out a mapping of service_name_enabled: 'true'
+ # For any services not enabled, hiera foo_enabled will
+ # return nil, as it's undefined
+ - map_merge:
+ repeat:
+ template:
+ # Note this must be string 'true' due to
+ # https://bugs.launchpad.net/heat/+bug/1617203
+ SERVICE_enabled: 'true'
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ # Dynamically generate per-service network data
+ # This works as follows (outer->inner functions)
+ # yaql - filters services where no mapping exists in ServiceNetMap
+ # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
+ # map_merge/repeat: generate a per-service mapping
+ - yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
+ data:
+ map:
+ map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_network: SERVICE_network
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ - values: {get_param: ServiceNetMap}
+ # Keystone doesn't provide separate entries for the public
+ # and admin endpoints, so we need to add them here manually
+ # like we do in the vip-config below
+ - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
+ keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
+ # provides a mapping of service_name_ips to a list of IPs
+ - {get_param: service_ips}
+ - {get_param: service_node_names}
+ - {get_param: short_service_node_names}
+ - controller_node_ips:
+ list_join:
+ - ','
+ - {get_param: controller_ips}
+ controller_node_names:
+ list_join:
+ - ','
+ - {get_param: controller_names}
+ memcached_node_ips_v6:
+ repeat:
+ template: "inet6:[NAME]"
+ for_each:
+ NAME: {get_param: memcache_node_ips}
+ deploy_identifier: {get_param: DeployIdentifier}
+ update_identifier: {get_param: UpdateIdentifier}
+ stack_action: {get_param: StackAction}
+ vip_data:
+ map_merge:
+ # Dynamically generate per-service VIP data based on enabled_services
+ # This works as follows (outer->inner functions)
+ # yaql - filters services where no mapping exists in ServiceNetMap
+ # map_replace: substitute e.g internal_api with the IP from NetVipMap
+ # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
+ # map_merge/repeat: generate a per-service mapping
+ - yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
+ data:
+ map:
+ map_replace:
+ - map_replace:
- map_merge:
repeat:
template:
- SERVICE_network: SERVICE_network
+ SERVICE_vip: SERVICE_network
for_each:
SERVICE:
str_split: [',', {get_param: enabled_services}]
- values: {get_param: ServiceNetMap}
- # Keystone doesn't provide separate entries for the public
- # and admin endpoints, so we need to add them here manually
- # like we do in the vip-config below
- - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
- keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
- # provides a mapping of service_name_ips to a list of IPs
- - {get_param: service_ips}
- - {get_param: service_node_names}
- - {get_param: short_service_node_names}
- - controller_node_ips:
- list_join:
- - ','
- - {get_param: controller_ips}
- controller_node_names:
- list_join:
- - ','
- - {get_param: controller_names}
- memcached_node_ips_v6:
- str_replace:
- template: "['inet6:[SERVERS_LIST]']"
- params:
- SERVERS_LIST:
- list_join:
- - "]','inet6:["
- - {get_param: memcache_node_ips}
-
- deploy_identifier: {get_param: DeployIdentifier}
- update_identifier: {get_param: UpdateIdentifier}
- stack_action: {get_param: StackAction}
- vip_data:
- mapped_data:
- map_merge:
- # Dynamically generate per-service VIP data based on enabled_services
- # This works as follows (outer->inner functions)
- # yaql - filters services where no mapping exists in ServiceNetMap
- # map_replace: substitute e.g internal_api with the IP from NetVipMap
- # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
- # map_merge/repeat: generate a per-service mapping
- - yaql:
- # This filters any entries where the value hasn't been substituted for
- # a list, e.g it's still $service_network. This happens when there is
- # no network defined for the service in the ServiceNetMap, which is OK
- # as not all services have to be bound to a network, so we filter them
- expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
- data:
- map:
- map_replace:
- - map_replace:
- - map_merge:
- repeat:
- template:
- SERVICE_vip: SERVICE_network
- for_each:
- SERVICE:
- str_split: [',', {get_param: enabled_services}]
- - values: {get_param: ServiceNetMap}
- - values: {get_param: NetVipMap}
- - keystone_admin_api_vip:
- get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
- keystone_public_api_vip:
- get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
- public_virtual_ip: {get_param: [NetVipMap, external]}
- controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
- internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
- storage_virtual_ip: {get_param: [NetVipMap, storage]}
- storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
- redis_vip: {get_param: RedisVirtualIP}
- # public_virtual_ip and controller_virtual_ip are needed in
- # both HAproxy & keepalived.
- tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
- tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
- tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
- tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
- tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
- tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
- tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
- tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
- tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
- cloud_name_external: {get_param: cloud_name_external}
- cloud_name_internal_api: {get_param: cloud_name_internal_api}
- cloud_name_storage: {get_param: cloud_name_storage}
- cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
- cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
- # TLS parameters
- certmonger_ca: {get_param: CertmongerCA}
- enable_internal_tls: {get_param: EnableInternalTLS}
+ - values: {get_param: NetVipMap}
+ - keystone_admin_api_vip:
+ get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
+ keystone_public_api_vip:
+ get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
+ public_virtual_ip: {get_param: [NetVipMap, external]}
+ controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
+ storage_virtual_ip: {get_param: [NetVipMap, storage]}
+ storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ redis_vip: {get_param: RedisVirtualIP}
+ # public_virtual_ip and controller_virtual_ip are needed in
+ # both HAproxy & keepalived.
+ tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
+ tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
+ tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
+ tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
+ cloud_name_external: {get_param: cloud_name_external}
+ cloud_name_internal_api: {get_param: cloud_name_internal_api}
+ cloud_name_storage: {get_param: cloud_name_storage}
+ cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
+ cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
+ # TLS parameters
+ certmonger_ca: {get_param: CertmongerCA}
+ enable_internal_tls: {get_param: EnableInternalTLS}
outputs:
config_id:
BlockStorageConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - volume_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - volume
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- mapped_data:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- mapped_data:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- volume_extraconfig:
- mapped_data: {get_param: BlockStorageExtraConfig}
- extraconfig:
- mapped_data: {get_param: ExtraConfig}
- volume:
- mapped_data:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ hierarchy:
+ - '"%{::uuid}"'
+ - heat_config_%{::deploy_config_name}
+ - volume_extraconfig
+ - extraconfig
+ - service_names
+ - service_configs
+ - volume
+ - bootstrap_node # provided by allNodesConfig
+ - all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
+ - '"%{::osfamily}"'
+ merge_behavior: deeper
+ datafiles:
+ service_names:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ service_configs:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
+ volume_extraconfig: {get_param: BlockStorageExtraConfig}
+ extraconfig: {get_param: ExtraConfig}
+ volume:
+ tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
CephStorageConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - ceph_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - ceph
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- mapped_data:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- mapped_data:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- ceph_extraconfig:
- mapped_data: {get_param: CephStorageExtraConfig}
- extraconfig:
- mapped_data: {get_param: ExtraConfig}
- ceph:
- mapped_data:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ hierarchy:
+ - '"%{::uuid}"'
+ - heat_config_%{::deploy_config_name}
+ - ceph_extraconfig
+ - extraconfig
+ - service_names
+ - service_configs
+ - ceph
+ - bootstrap_node # provided by allNodesConfig
+ - all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
+ - '"%{::osfamily}"'
+ merge_behavior: deeper
+ datafiles:
+ service_names:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ service_configs:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
+ ceph_extraconfig: {get_param: CephStorageExtraConfig}
+ extraconfig: {get_param: ExtraConfig}
+ ceph:
+ tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
NovaComputeConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - compute_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - compute
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- - nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- - midonet_data # Optionally provided by AllNodesExtraConfig
- - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
- - cisco_aci_data # Optionally provided by ComputeExtraConfigPre
- merge_behavior: deeper
- datafiles:
- service_names:
- mapped_data:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- mapped_data:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- compute_extraconfig:
- mapped_data: {get_param: NovaComputeExtraConfig}
- extraconfig:
- mapped_data: {get_param: ExtraConfig}
- compute:
- mapped_data:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ hierarchy:
+ - '"%{::uuid}"'
+ - heat_config_%{::deploy_config_name}
+ - compute_extraconfig
+ - extraconfig
+ - service_names
+ - service_configs
+ - compute
+ - bootstrap_node # provided by allNodesConfig
+ - all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
+ - '"%{::osfamily}"'
+ - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
+ - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
+ - nova_nuage_data # Optionally provided by ComputeExtraConfigPre
+ - midonet_data # Optionally provided by AllNodesExtraConfig
+ - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
+ - cisco_aci_data # Optionally provided by ComputeExtraConfigPre
+ merge_behavior: deeper
+ datafiles:
+ service_names:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ service_configs:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
+ compute_extraconfig: {get_param: NovaComputeExtraConfig}
+ extraconfig: {get_param: ExtraConfig}
+ compute:
+ tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
ControllerConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - controller_extraconfig
- - extraconfig
- - service_configs
- - service_names
- - controller
- - bootstrap_node # provided by BootstrapNodeConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
- - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- - midonet_data #Optionally provided by AllNodesExtraConfig
- - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
- merge_behavior: deeper
- datafiles:
- service_names:
- mapped_data:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- mapped_data:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- controller_extraconfig:
- mapped_data:
- map_merge:
- - {get_param: controllerExtraConfig}
- - {get_param: ControllerExtraConfig}
- extraconfig:
- mapped_data: {get_param: ExtraConfig}
- controller:
- mapped_data: # data supplied directly to this deployment configuration, etc
- bootstack_nodeid: {get_input: bootstack_nodeid}
+ hierarchy:
+ - '"%{::uuid}"'
+ - heat_config_%{::deploy_config_name}
+ - controller_extraconfig
+ - extraconfig
+ - service_configs
+ - service_names
+ - controller
+ - bootstrap_node # provided by BootstrapNodeConfig
+ - all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
+ - '"%{::osfamily}"'
+ - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
+ - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
+ - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
+ - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
+ - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
+ - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
+ - midonet_data #Optionally provided by AllNodesExtraConfig
+ - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
+ merge_behavior: deeper
+ datafiles:
+ service_names:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ service_configs:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
+ controller_extraconfig:
+ map_merge:
+ - {get_param: controllerExtraConfig}
+ - {get_param: ControllerExtraConfig}
+ extraconfig: {get_param: ExtraConfig}
+ controller:
+ # data supplied directly to this deployment configuration, etc
+ bootstack_nodeid: {get_input: bootstack_nodeid}
+ # Pacemaker
+ enable_load_balancer: {get_input: enable_load_balancer}
- # Pacemaker
- enable_load_balancer: {get_input: enable_load_balancer}
-
- # Misc
- tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ # Misc
+ tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
+ tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
ControllerExtraConfigPre:
SwiftStorageHieraConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - object_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - object
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- mapped_data:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- mapped_data:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- object_extraconfig:
- mapped_data: {get_param: ObjectStorageExtraConfig}
- extraconfig:
- mapped_data: {get_param: ExtraConfig}
- object:
- mapped_data: # data supplied directly to this deployment configuration, etc
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
-
+ hierarchy:
+ - '"%{::uuid}"'
+ - heat_config_%{::deploy_config_name}
+ - object_extraconfig
+ - extraconfig
+ - service_names
+ - service_configs
+ - object
+ - bootstrap_node # provided by allNodesConfig
+ - all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
+ - '"%{::osfamily}"'
+ merge_behavior: deeper
+ datafiles:
+ service_names:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ service_configs:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
+ object_extraconfig: {get_param: ObjectStorageExtraConfig}
+ extraconfig: {get_param: ExtraConfig}
+ object:
+ tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
SwiftStorageHieraDeploy:
type: OS::Heat::StructuredDeployment
{{role}}Config:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: hiera
config:
- hiera:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - {{role.lower()}}_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - {{role.lower()}}
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- mapped_data:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- mapped_data:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- {{role.lower()}}_extraconfig:
- mapped_data: {get_param: {{role}}ExtraConfig}
- extraconfig:
- mapped_data: {get_param: ExtraConfig}
- {{role.lower()}}:
- mapped_data:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
+ hierarchy:
+ - '"%{::uuid}"'
+ - heat_config_%{::deploy_config_name}
+ - {{role.lower()}}_extraconfig
+ - extraconfig
+ - service_names
+ - service_configs
+ - {{role.lower()}}
+ - bootstrap_node # provided by allNodesConfig
+ - all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
+ - '"%{::osfamily}"'
+ merge_behavior: deeper
+ datafiles:
+ service_names:
+ service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
+ service_configs:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
+ {{role.lower()}}_extraconfig: {get_param: {{role}}ExtraConfig}
+ extraconfig: {get_param: ExtraConfig}
+ {{role.lower()}}:
+ tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
+ tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
+ tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
aodh::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
aodh::api::service_name: 'httpd'
aodh::api::host:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
hidden: true
BarbicanWorkers:
description: Set the number of workers for barbican::wsgi::apache
- default: '"%{::processorcount}"'
+ default: '%{::processorcount}'
type: string
Debug:
default: ''
barbican::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::db::database_connection:
ceilometer::api::host:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
ceilometer::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
service_config_settings:
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::client_keys:
- str_replace:
- template: "{
- client.admin: {
- secret: 'ADMIN_KEY',
- mode: '0600',
- cap_mon: 'allow *',
- cap_osd: 'allow *',
+ map_replace:
+ - client.admin:
+ secret: {get_param: CephAdminKey}
+ mode: '0600'
+ cap_mon: 'allow *'
+ cap_osd: 'allow *'
cap_mds: 'allow *'
- },
- client.bootstrap-osd: {
- secret: 'ADMIN_KEY',
- keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
+ client.bootstrap-osd:
+ secret: {get_param: CephAdminKey}
+ keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring'
cap_mon: 'allow profile bootstrap-osd'
- },
- client.CLIENT_USER: {
- secret: 'CLIENT_KEY',
- mode: '0644',
- cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
- }
- }"
- params:
- CLIENT_USER: {get_param: CephClientUserName}
- CLIENT_KEY: {get_param: CephClientKey}
- ADMIN_KEY: {get_param: CephAdminKey}
- NOVA_POOL: {get_param: NovaRbdPoolName}
- CINDER_POOL: {get_param: CinderRbdPoolName}
- CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
- GLANCE_POOL: {get_param: GlanceRbdPoolName}
- GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ CEPH_CLIENT_KEY:
+ secret: {get_param: CephClientKey}
+ mode: '0644'
+ cap_mon: 'allow r'
+ cap_osd:
+ str_replace:
+ template: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
+ params:
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ - keys:
+ CEPH_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: CephClientUserName}]]
service_config_settings:
glance_api:
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
CinderWorkers:
type: string
description: Set the number of workers for cinder::wsgi::apache
- default: '"%{::os_workers}"'
+ default: '%{::os_workers}'
EnableInternalTLS:
type: boolean
default: false
cinder::api::bind_host:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
cinder::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-
tripleo::profile::base::database::mysql::bind_address:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
step_config: |
# internal_api_subnet - > IP/CIDR
redis::bind: {get_param: [ServiceNetMap, RedisNetwork]}
redis::port: 6379
- redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"'
- redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"'
+ redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
+ redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
gnocchi::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
gnocchi::api::host:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
list_join:
- ''
- - 'http://'
- - '%{hiera("ironic_conductor_http_host")}:'
+ - "%{hiera('ironic_conductor_http_host')}:"
- {get_param: IronicIPXEPort}
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Keepalived service configured with Puppet
default: 'overcloud-keepalived'
type: string
+conditions:
+
+ control_iface_empty: {equals : [{get_param: ControlVirtualInterface}, '']}
+ public_iface_empty: {equals : [{get_param: PublicVirtualInterface}, '']}
+
outputs:
role_data:
description: Role data for the Keepalived role.
service_name: keepalived
monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived}
config_settings:
- tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
- tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
- tripleo.keepalived.firewall_rules:
- '106 keepalived vrrp':
- proto: vrrp
+ map_merge:
+ - tripleo.keepalived.firewall_rules:
+ '106 keepalived vrrp':
+ proto: vrrp
+ -
+ if:
+ - control_iface_empty
+ - {}
+ - tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
+ -
+ if:
+ - public_iface_empty
+ - {}
+ - tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
step_config: |
include ::tripleo::profile::base::keepalived
KeystoneWorkers:
type: string
description: Set the number of workers for keystone::wsgi::apache
- default: '"%{::os_workers}"'
+ default: '%{::os_workers}'
MonitoringSubscriptionKeystone:
default: 'overcloud-keystone'
type: string
keystone::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::servername_admin:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
keystone::admin_bind_host:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::public_bind_host:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
neutron::rabbit_port: {get_param: RabbitClientPort}
neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
neutron::core_plugin: {get_param: NeutronCorePlugin}
- neutron::service_plugins:
- str_replace:
- template: PLUGINS
- params:
- PLUGINS: {get_param: NeutronServicePlugins}
+ neutron::service_plugins: {get_param: NeutronServicePlugins}
neutron::debug: {get_param: Debug}
neutron::purge_config: {get_param: EnableConfigPurge}
neutron::allow_overlapping_ips: true
neutron::rabbit_heartbeat_timeout_threshold: 60
- neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed
+ neutron::host: '%{::fqdn}'
neutron::db::database_db_max_retries: -1
neutron::db::database_max_retries: -1
neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
- neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"'
+ neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
step_config: |
include tripleo::profile::base::neutron::metadata
- neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
- neutron::agents::ml2::ovs::bridge_mappings:
- str_replace:
- template: MAPPINGS
- params:
- MAPPINGS: {get_param: NeutronBridgeMappings}
- neutron::agents::ml2::ovs::tunnel_types:
- str_replace:
- template: TYPES
- params:
- TYPES: {get_param: NeutronTunnelTypes}
- neutron::agents::ml2::ovs::extensions:
- str_replace:
- template: AGENT_EXTENSIONS
- params:
- AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
+ neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings}
+ neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
+ neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::plugins::ml2::mechanism_drivers:
- str_replace:
- template: MECHANISMS
- params:
- MECHANISMS: {get_param: NeutronMechanismDrivers}
- neutron::plugins::ml2::type_drivers:
- str_replace:
- template: DRIVERS
- params:
- DRIVERS: {get_param: NeutronTypeDrivers}
- neutron::plugins::ml2::flat_networks:
- str_replace:
- template: NETWORKS
- params:
- NETWORKS: {get_param: NeutronFlatNetworks}
- neutron::plugins::ml2::extension_drivers:
- str_replace:
- template: PLUGIN_EXTENSIONS
- params:
- PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions}
- neutron::plugins::ml2::network_vlan_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronNetworkVLANRanges}
- neutron::plugins::ml2::tunnel_id_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronTunnelIdRanges}
- neutron::plugins::ml2::vni_ranges:
- str_replace:
- template: RANGES
- params:
- RANGES: {get_param: NeutronVniRanges}
- neutron::plugins::ml2::tenant_network_types:
- str_replace:
- template: TYPES
- params:
- TYPES: {get_param: NeutronNetworkType}
+ - neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
+ neutron::plugins::ml2::type_drivers: {get_param: NeutronTypeDrivers}
+ neutron::plugins::ml2::flat_networks: {get_param: NeutronFlatNetworks}
+ neutron::plugins::ml2::extension_drivers: {get_param: NeutronPluginExtensions}
+ neutron::plugins::ml2::network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
+ neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
+ neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
+ neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs}
step_config: |
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- - nova::cron::archive_deleted_rows::hour: '"*/12"'
- nova::cron::archive_deleted_rows::destination: '"/dev/null"'
+ - nova::cron::archive_deleted_rows::hour: '*/12'
+ nova::cron::archive_deleted_rows::destination: '/dev/null'
tripleo.nova_api.firewall_rules:
'113 nova_api':
dport:
nova::api::api_bind_address:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::service_name: 'httpd'
nova::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
nova::rabbit_heartbeat_timeout_threshold: 60
nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
- nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed.
+ nova::host: '%{::fqdn}'
nova::notify_on_state_change: 'vm_and_task_state'
nova::notification_driver: messagingv2
nova::network::neutron::neutron_auth_type: 'v3password'
For different formats, refer to the nova.conf documentation for
pci_passthrough_whitelist configuration
type: json
- default: ''
+ default: {}
NovaVcpuPinSet:
description: >
A list or range of physical CPU cores to reserve for virtual machine
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::compute::libvirt::manage_libvirt_services: false
- nova::compute::pci_passthrough:
- str_replace:
- template: "'JSON_PARAM'"
- params:
- JSON_PARAM: {get_param: NovaPCIPassthrough}
+ nova::compute::pci_passthrough: {get_param: NovaPCIPassthrough}
nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet}
nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory}
# we manage migration in nova common puppet profile
- '.'
- - 'client'
- {get_param: CephClientUserName}
- nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"'
+ nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend}
- tripleo::profile::pacemaker::database::mysql::bind_address:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the
panko::wsgi::apache::servername:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::api::service_name: 'httpd'
panko::api::host:
str_replace:
template:
- '"%{::fqdn_$NETWORK}"'
+ '%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the