diff options
Diffstat (limited to 'controller.yaml')
-rw-r--r-- | controller.yaml | 815 |
1 files changed, 657 insertions, 158 deletions
diff --git a/controller.yaml b/controller.yaml index 4123fc07..885d0894 100644 --- a/controller.yaml +++ b/controller.yaml @@ -1,38 +1,102 @@ -description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL - server,Dedicated RabbitMQ Server -heat_template_version: 2013-05-23 +heat_template_version: 2014-10-16 + +description: > + OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling. + parameters: - AdminToken: + AdminPassword: + default: unset + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string - BootstrapDumpPassword: - default: '' - description: Password to use for mysqldump from Bootstrap Host + hidden: true + AdminToken: + default: unset + description: The keystone auth secret. type: string hidden: true - BootstrapHost: - default: '' - description: Load mysqldump from this Host + CeilometerMeteringSecret: + default: unset + description: Secret shared by the ceilometer services. type: string - BootstrapRootPassword: - default: '' - description: Root password for localhost access after bootstrap + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service account. type: string hidden: true - BootstrapSlavePassword: - default: '' - description: Password to use with BootstrapSlaveUser + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderPassword: + default: unset + description: The password for the cinder service account, used by cinder-api. type: string hidden: true - BootstrapSlaveUser: + CloudName: default: '' - description: User to use for replication from bootstrap host + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string - controllerImage: + ControllerExtraConfig: + default: {} + description: | + Controller specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. type: string - GlanceDBPassword: - description: Password for connecting to glance database + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "compute_manager", + "value": "ironic.nova.compute.manager.ClusterComputeManager" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + default: baremetal + description: Flavor for control nodes to request when deploying. type: string - hidden: true GlanceNotifierStrategy: description: Strategy to use for Glance notification queue type: string @@ -41,8 +105,22 @@ parameters: description: The filepath of the file to use for logging messages from Glance. type: string default: '' - HeatDBPassword: - description: Password for accessing Heat database. + GlancePassword: + default: unset + description: The password for the glance service account, used by the glance services. + type: string + hidden: true + GlancePort: + default: "9292" + description: Glance port. + type: string + GlanceProtocol: + default: http + description: Protocol to use when connecting to glance, set to https for SSL. + type: string + HeatPassword: + default: unset + description: The password for the Heat service account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: @@ -50,168 +128,589 @@ parameters: type: string default: '' hidden: true - InstanceType: - default: baremetal - description: Use this flavor + Image: + type: string + default: overcloud-control + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. type: string KeyName: default: default description: Name of an existing EC2 KeyPair to enable SSH access to the instances type: string - KeystoneDBPassword: - description: Password for connecting to keystone + KeystoneCACertificate: + default: '' + description: Keystone self-signed certificate authority certificate. + type: string + KeystoneSigningCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSigningKey: + default: '' + description: Keystone key for signing tokens. type: string hidden: true - NeutronDBPassword: - description: Password for connecting to neutron database + MysqlClusterUniquePart: + description: A unique identifier of the MySQL cluster the controller is in. + type: string + default: 'unset' # Has to be here because of the ignored empty value bug + constraints: + - length: {min: 4, max: 10} + MysqlInnodbBufferPoolSize: + description: > + Specifies the size of the buffer pool in megabytes. Setting to + zero should be interpreted as "no value" and will defer to the + lower level default. + type: number + default: 0 + MysqlRootPassword: type: string hidden: true - NeutronInterfaces: - default: eth0 + default: '' # Has to be here because of the ignored empty value bug + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: string + default: "" + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,1400' + description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. + type: string + NeutronEnableTunnelling: + type: string + default: "True" + NeutronFlatNetworks: + type: string + default: '' + description: If set, flat networks to configure in neutron plugins. + NeutronNetworkType: + default: 'gre' + description: The tenant network type for Neutron, either gre or vxlan. + type: string + NeutronNetworkVLANRanges: + default: 'datacentre' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). type: string - NovaDBPassword: - description: Password for connecting to nova database + NeutronPassword: + default: unset + description: The password for the neutron service account, used by neutron agents. type: string hidden: true - NovaInterfaces: + NeutronPublicInterface: default: eth0 + description: What interface to bridge onto br-ex for network nodes. type: string - RabbitMQPassword: - description: Password for RabbitMQ + NeutronPublicInterfaceTag: + default: '' + description: > + VLAN tag for creating a public VLAN. The tag will be used to + create an access port on the exterior bridge for each control plane node, + and that port will be given the IP address returned by neutron from the + public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling + overcloud.yaml to include the deployment of VLAN ports to the control + plane. + type: string + NeutronPublicInterfaceDefaultRoute: + default: '' + description: A custom default route for the NeutronPublicInterface. + type: string + NeutronPublicInterfaceIP: + default: '' + description: A custom IP address to put onto the NeutronPublicInterface. + type: string + NeutronPublicInterfaceRawDevice: + default: '' + description: If set, the public interface is a vlan with this device as the raw device. + type: string + NeutronTunnelTypes: + default: 'gre' + description: | + The tunnel types for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'gre,vxlan' type: string + NovaPassword: + default: unset + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + NtpServer: + type: string + default: '' + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string + PublicVirtualIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + RabbitCookie: + type: string + default: '' # Has to be here because of the ignored empty value bug hidden: true RabbitPassword: + default: guest + description: The password for RabbitMQ type: string hidden: true RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string - ServicePassword: - description: admin_password for setting up auth in nova. + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true + SSLCACertificate: + default: '' + description: If set, the contents of an SSL certificate authority file. + type: string + SSLCertificate: + default: '' + description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. + type: string + hidden: true + SSLKey: + default: '' + description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. + type: string + hidden: true + VirtualIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + + resources: - AccessPolicy: + + Controller: + type: OS::Nova::Server properties: - AllowedResources: - - controller0 - type: OS::Heat::AccessPolicy - controller0Key: + image: {get_param: Image} + image_update_policy: {get_param: ImageUpdatePolicy} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + + ControllerConfig: + type: OS::Heat::StructuredConfig properties: - UserName: - get_resource: User - type: AWS::IAM::AccessKey - User: + group: os-apply-config + config: + admin-password: {get_param: AdminPassword} + admin-token: {get_param: AdminToken} + bootstack: + public_interface_ip: {get_param: NeutronPublicInterfaceIP} + bootstrap_host: + nodeid: {get_input: bootstack_nodeid} + database: + host: &database_host + {get_param: VirtualIP} + cinder: + db: + list_join: + - '' + - - mysql://cinder:unset@ + - *database_host + - /cinder + debug: {get_param: Debug} + volume_size_mb: {get_param: CinderLVMLoopDeviceSize} + service-password: {get_param: CinderPassword} + iscsi-helper: {get_param: CinderISCSIHelper} + controller-address: {get_input: controller_host} + corosync: + bindnetaddr: {get_input: controller_host} + mcastport: 5577 + pacemaker: + stonith_enabled : false + recheck_interval : 5 + quorum_policy : ignore + db-password: unset + glance: + registry: + host: {get_input: controller_virtual_ip} + backend: swift + db: + list_join: + - '' + - - mysql://glance:unset@ + - *database_host + - /glance + debug: {get_param: Debug} + host: {get_input: controller_virtual_ip} + port: {get_param: GlancePort} + protocol: {get_param: GlanceProtocol} + service-password: {get_param: GlancePassword} + swift-store-user: service:glance + swift-store-key: {get_param: GlancePassword} + notifier-strategy: {get_param: GlanceNotifierStrategy} + log-file: {get_param: GlanceLogFile} + heat: + admin_password: {get_param: HeatPassword} + admin_tenant_name: service + admin_user: heat + auth_encryption_key: unset___________ + db: + list_join: + - '' + - - mysql://heat:unset@ + - *database_host + - /heat + debug: {get_param: Debug} + stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} + watch_server_url: {get_input: heat.watch_server_url} + metadata_server_url: {get_input: heat.metadata_server_url} + waitcondition_server_url: {get_input: heat.waitcondition_server_url} + keystone: + db: + list_join: + - '' + - - mysql://keystone:unset@ + - *database_host + - /keystone + debug: {get_param: Debug} + host: {get_input: controller_virtual_ip} + ca_certificate: {get_param: KeystoneCACertificate} + signing_key: {get_param: KeystoneSigningKey} + signing_certificate: {get_param: KeystoneSigningCertificate} + mysql: + innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} + local_bind: true + root-password: {get_param: MysqlRootPassword} + cluster_name: + str_replace: + template: tripleo-CLUSTER + params: + CLUSTER: {get_param: MysqlClusterUniquePart} + neutron: + debug: {get_param: Debug} + flat-networks: {get_param: NeutronFlatNetworks} + host: {get_input: controller_virtual_ip} + metadata_proxy_shared_secret: unset + ovs: + enable_tunneling: {get_input: neutron_enable_tunneling} + local_ip: {get_input: controller_host} + network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + bridge_mappings: {get_param: NeutronBridgeMappings} + public_interface: {get_param: NeutronPublicInterface} + public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute} + public_interface_tag: {get_param: NeutronPublicInterfaceTag} + physical_bridge: br-ex + tenant_network_type: {get_param: NeutronNetworkType} + tunnel_types: {get_param: NeutronTunnelTypes} + ovs_db: + list_join: + - '' + - - mysql://neutron:unset@ + - *database_host + - /ovs_neutron?charset=utf8 + service-password: {get_param: NeutronPassword} + dnsmasq-options: {get_param: NeutronDnsmasqOptions} + ceilometer: + db: + list_join: + - '' + - - mysql://ceilometer:unset@ + - *database_host + - /ceilometer + debug: {get_param: Debug} + metering_secret: {get_param: CeilometerMeteringSecret} + service-password: {get_param: CeilometerPassword} + snmpd: + export_MIB: UCD-SNMP-MIB + readonly_user_name: {get_param: SnmpdReadonlyUserName} + readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + nova: + compute_driver: libvirt.LibvirtDriver + db: + list_join: + - '' + - - mysql://nova:unset@ + - *database_host + - /nova + default_floating_pool: + ext-net + host: {get_input: controller_virtual_ip} + metadata-proxy: true + service-password: {get_param: NovaPassword} + rabbit: + host: {get_input: controller_virtual_ip} + username: {get_param: RabbitUserName} + password: {get_param: RabbitPassword} + cookie: {get_param: RabbitCookie} + ntp: + servers: + - {server: {get_param: NtpServer}, fudge: "stratum 0"} + virtual_interfaces: + instances: + - vrrp_instance_name: VI_CONTROL + virtual_router_id: 51 + keepalive_interface: {get_param: ControlVirtualInterface} + priority: 101 + virtual_ips: + - ip: {get_param: VirtualIP} + interface: {get_param: ControlVirtualInterface} + - vrrp_instance_name: VI_PUBLIC + virtual_router_id: 52 + keepalive_interface: {get_param: PublicVirtualInterface} + priority: 101 + virtual_ips: + - ip: {get_param: PublicVirtualIP} + interface: {get_param: PublicVirtualInterface} + vrrp_sync_groups: + - name: VG1 + members: + - VI_CONTROL + - VI_PUBLIC + keepalived: + keepalive_interface: {get_param: PublicVirtualInterface} + priority: 101 + virtual_ips: + - + ip: {get_param: VirtualIP} + interface: {get_param: ControlVirtualInterface} + - + ip: {get_param: PublicVirtualIP} + interface: {get_param: PublicVirtualInterface} + haproxy: + net_binds: + - ip: {get_param: VirtualIP} + services: + - name: keystone_admin + port: 35357 + net_binds: &public_binds + - ip: {get_param: VirtualIP} + - ip: {get_param: PublicVirtualIP} + - name: keystone_public + port: 5000 + net_binds: *public_binds + - name: horizon + port: 80 + net_binds: *public_binds + - name: neutron + port: 9696 + net_binds: *public_binds + - name: cinder + port: 8776 + net_binds: *public_binds + - name: glance_api + port: 9292 + net_binds: *public_binds + - name: glance_registry + port: 9191 + net_binds: *public_binds + - name: heat_api + port: 8004 + net_binds: *public_binds + - name: heat_cloudwatch + port: 8003 + net_binds: *public_binds + - name: heat_cfn + port: 8000 + net_binds: *public_binds + - name: mysql + port: 3306 + extra_server_params: + - backup + options: + - timeout client 0 + - timeout server 0 + - name: nova_ec2 + port: 8773 + - name: nova_osapi + port: 8774 + net_binds: *public_binds + - name: nova_metadata + port: 8775 + net_binds: *public_binds + - name: ceilometer + port: 8777 + net_binds: *public_binds + - name: swift_proxy_server + port: 8080 + net_binds: *public_binds + - name: rabbitmq + port: 5672 + options: + - timeout client 0 + - timeout server 0 + + ControllerPassthroughConfig: + type: OS::Heat::StructuredConfig properties: - Policies: - - get_resource: AccessPolicy - type: AWS::IAM::User - controller0: - metadata: - admin-password: - get_param: ServicePassword - admin-token: - get_param: AdminToken - mysql: - create-users: - - database: keystone - username: keystone - password: {get_param: KeystoneDBPassword} - - database: heat - username: heat - password: {get_param: HeatDBPassword} - - database: glance - username: glance - password: {get_param: GlanceDBPassword} - - database: nova - username: nova - password: {get_param: NovaDBPassword} - - database: neutron - username: neutron - password: {get_param: NeutronDBPassword} - glance: - db: - Fn::Join: - - '' - - - 'mysql://glance:' - - {get_param: GlanceDBPassword} - - '@127.0.0.1/glance' - notifier-strategy: - get_param: GlanceNotifierStrategy - log-file: - get_param: GlanceLogFile - heat: - db: - Fn::Join: - - '' - - - 'mysql://heat:' - - {get_param: HeatDBPassword} - - '@127.0.0.1/heat' - access_key_id: - get_resource: controller0Key - refresh: - - resource: controller0 - secret_key: - get_attr: - - controller0Key - - SecretAccessKey - stack: - name: - get_param: AWS::StackName - region: - get_param: AWS::Region - auth_encryption_key: unset - stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - interfaces: - control: - get_param: NovaInterfaces - keystone: - host: - '127.0.0.1' - db: - Fn::Join: + group: os-apply-config + config: {get_input: passthrough_config} + + ControllerPassthroughConfigSpecific: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: {get_input: passthrough_config_specific} + + ControllerDeployment: + type: OS::Heat::StructuredDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_resource: ControllerConfig} + server: {get_resource: Controller} + input_values: + bootstack_nodeid: {get_attr: [Controller, name]} + controller_host: {get_attr: [Controller, networks, ctlplane, 0]} + controller_virtual_ip: {get_param: VirtualIP} + neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + heat.watch_server_url: + list_join: - '' - - - 'mysql://keystone:' - - {get_param: KeystoneDBPassword} - - '@127.0.0.1/keystone' - nova: - db: - Fn::Join: + - - 'http://' + - {get_param: VirtualIP} + - ':8003' + heat.metadata_server_url: + list_join: - '' - - - 'mysql://nova:' - - {get_param: NovaDBPassword} - - '@127.0.0.1/nova' - neutron: - host: - '127.0.0.1' - ovs_db: - Fn::Join: + - - 'http://' + - {get_param: VirtualIP} + - ':8000' + heat.waitcondition_server_url: + list_join: - '' - - - 'mysql://neutron:' - - {get_param: NeutronDBPassword} - - '@127.0.0.1/ovs_neutron' - rabbit: - host: - '127.0.0.1' - username: - get_param: RabbitUserName - password: - get_param: RabbitPassword - users: - username: - get_param: RabbitUserName - password: - get_param: RabbitPassword - cookie: - get_attr: - - RabbitCookie - - value - service-password: - get_param: ServicePassword + - - 'http://' + - {get_param: VirtualIP} + - ':8000/v1/waitcondition' + + SSLConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + ssl: + ca_certificate: {get_input: ssl_ca_certificate} + stunnel: + cert: {get_input: ssl_certificate} + key: {get_input: ssl_key} + cacert: {get_input: ssl_ca_certificate} + ports: + - name: 'ec2' + accept: 13773 + connect: 8773 + connect_host: {get_input: controller_host} + - name: 'image' + accept: 13292 + connect: 9292 + connect_host: {get_input: controller_host} + - name: 'identity' + accept: 13000 + connect: 5000 + connect_host: {get_input: controller_host} + - name: 'network' + accept: 13696 + connect: 9696 + connect_host: {get_input: controller_host} + - name: 'compute' + accept: 13774 + connect: 8774 + connect_host: {get_input: controller_host} + - name: 'swift-proxy' + accept: 13080 + connect: 8080 + connect_host: {get_input: controller_host} + - name: 'cinder' + accept: 13776 + connect: 8776 + connect_host: {get_input: controller_host} + - name: 'ceilometer' + accept: 13777 + connect: 8777 + connect_host: {get_input: controller_host} + + ControllerSSLDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: SSLConfig} + server: {get_resource: Controller} + signal_transport: NO_SIGNAL + input_values: + controller_host: {get_attr: [Controller, networks, ctlplane, 0]} + ssl_certificate: {get_param: SSLCertificate} + ssl_key: {get_param: SSLKey} + ssl_ca_certificate: {get_param: SSLCACertificate} + + ControllerPassthroughDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: ControllerPassthroughConfig} + server: {get_resource: Controller} + signal_transport: NO_SIGNAL + input_values: + passthrough_config: {get_param: ExtraConfig} + + ControllerPassthroughSpecificDeployment: + depends_on: [ControllerPassthroughDeployment] + type: OS::Heat::StructuredDeployment properties: - ImageId: - get_param: controllerImage - InstanceType: - get_param: InstanceType - KeyName: - get_param: KeyName - type: AWS::EC2::Instance + config: {get_resource: ControllerPassthroughConfigSpecific} + server: {get_resource: Controller} + signal_transport: NO_SIGNAL + input_values: + passthrough_config_specific: {get_param: ControllerExtraConfig} + + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [Controller, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [Controller, name]} + corosync_node: + description: > + Node object in the format {ip: ..., name: ...} format that the corosync + element expects + value: + ip: {get_attr: [Controller, networks, ctlplane, 0]} + name: {get_attr: [Controller, name]} + hosts_entry: + description: > + Server's IP address and hostname in the /etc/hosts format + value: + str_replace: + template: IP HOST HOST.novalocal CLOUDNAME + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} + HOST: {get_attr: [Controller, name]} + CLOUDNAME: {get_param: CloudName} + nova_server_resource: + description: Heat resource handle for the Nova compute server + value: + {get_resource: Controller} + swift_device: + description: Swift device formatted for swift-ring-builder + value: + str_replace: + template: 'r1z1-IP:%PORT%/d1' + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} + swift_proxy_memcache: + description: Swift proxy-memcache value + value: + str_replace: + template: "IP:11211" + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} |