heat_template_version: 2014-10-16

description: >
  Controller Config for Controller.

parameters:
  # unused here but is a placeholder for other compute-config templates
  # which may choose to create in-templates resources that require controller
  controller_id:
    type: string
    hidden: true

resources:

  ControllerConfigImpl:
    type: OS::Heat::StructuredConfig
    properties:
      group: os-apply-config
      config:
        admin-password: {get_input: admin_password}
        admin-token: {get_input: admin_token}
        bootstack:
          public_interface_ip: {get_input: neutron_public_interface_ip}
        bootstrap_host:
          nodeid: {get_input: bootstack_nodeid}
        cinder:
          db: {get_input: cinder_dsn}
          debug: {get_input: debug}
          volume_size_mb: {get_input: cinder_lvm_loop_device_size}
          service-password: {get_input: cinder_password}
          iscsi-helper: {get_input: CinderISCSIHelper}
        controller-address: {get_input: controller_host}
        corosync:
          bindnetaddr: {get_input: controller_host}
          mcastport: 5577
        pacemaker:
          stonith_enabled : false
          recheck_interval : 5
          quorum_policy : ignore
        db-password: unset
        glance:
          registry:
            host: {get_input: controller_virtual_ip}
          backend: swift
          db: {get_input: glance_dsn}
          debug: {get_input: debug}
          host: {get_input: controller_virtual_ip}
          port: {get_input: glance_port}
          protocol: {get_input: glance_protocol}
          service-password: {get_input: glance_password}
          swift-store-user: service:glance
          swift-store-key: {get_input: glance_password}
          notifier-strategy: {get_input: glance_notifier_strategy}
          log-file: {get_input: glance_log_file}
        heat:
          admin_password: {get_input: heat_password}
          admin_tenant_name: service
          admin_user: heat
          auth_encryption_key: unset___________
          db: {get_input: heat_dsn}
          debug: {get_input: debug}
          stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
          watch_server_url: {get_input: heat.watch_server_url}
          metadata_server_url: {get_input: heat.metadata_server_url}
          waitcondition_server_url: {get_input: heat.waitcondition_server_url}
        keystone:
          db: {get_input: keystone_dsn}
          debug: {get_input: debug}
          host: {get_input: controller_virtual_ip}
          ca_certificate: {get_input: keystone_ca_certificate}
          signing_key: {get_input: keystone_signing_key}
          signing_certificate: {get_input: keystone_signing_certificate}
          ssl:
              certificate: {get_input: keystone_ssl_certificate}
              certificate_key: {get_input: keystone_ssl_certificate_key}
        mysql:
          innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
          local_bind: true
          root-password: {get_input: mysql_root_password}
          cluster_name: {get_input: mysql_cluster_name}
        neutron:
          debug: {get_input: debug}
          flat-networks: {get_input: neutron_flat_networks}
          host: {get_input: controller_virtual_ip}
          metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
          agent_mode: {get_input: neutron_agent_mode}
          router_distributed: {get_input: neutron_router_distributed}
          mechanism_drivers: {get_input: neutron_mechanism_drivers}
          allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
          ovs:
            enable_tunneling: {get_input: neutron_enable_tunneling}
            local_ip: {get_input: controller_host}
            network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
            bridge_mappings: {get_input: neutron_bridge_mappings}
            public_interface: {get_input: neutron_public_interface}
            public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
            public_interface_route: {get_input: neutron_public_interface_default_route}
            public_interface_tag: {get_input: neutron_public_interface_tag}
            physical_bridge: br-ex
            tenant_network_type: {get_input: neutron_tenant_network_type}
            tunnel_types: {get_input: neutron_tunnel_types}
          ovs_db: {get_input: neutron_dsn}
          service-password: {get_input: neutron_password}
          dnsmasq-options: {get_input: neutron_dnsmasq_options}
        ceilometer:
          db: {get_input: ceilometer_dsn}
          debug: {get_input: debug}
          metering_secret: {get_input: ceilometer_metering_secret}
          service-password: {get_input: ceilometer_password}
        snmpd:
          export_MIB: UCD-SNMP-MIB
          readonly_user_name: {get_input: snmpd_readonly_user_name}
          readonly_user_password: {get_input: snmpd_readonly_user_password}
        nova:
          compute_driver: libvirt.LibvirtDriver
          db: {get_input: nova_dsn}
          default_floating_pool:
            ext-net
          host: {get_input: controller_virtual_ip}
          metadata-proxy: true
          service-password: {get_input: nova_password}
        rabbit:
          host: {get_input: controller_virtual_ip}
          username: {get_input: rabbit_username}
          password: {get_input: rabbit_password}
          cookie: {get_input: rabbit_cookie}
          rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
          rabbit_port: {get_input: rabbit_client_port}
        ntp:
          servers:
              - {server: {get_input: ntp_server}, fudge: "stratum 0"}
        virtual_interfaces:
          instances:
            - vrrp_instance_name: VI_CONTROL
              virtual_router_id: 51
              keepalive_interface: {get_input: control_virtual_interface}
              priority: 101
              virtual_ips:
              - ip: {get_input: controller_virtual_ip}
                interface: {get_input: control_virtual_interface}
            - vrrp_instance_name: VI_PUBLIC
              virtual_router_id: 52
              keepalive_interface: {get_input: public_virtual_interface}
              priority: 101
              virtual_ips:
              - ip: {get_input: public_virtual_ip}
                interface: {get_input: public_virtual_interface}
          vrrp_sync_groups:
            - name: VG1
              members:
                - VI_CONTROL
                - VI_PUBLIC
        keepalived:
          keepalive_interface: {get_input: public_virtual_interface}
          priority: 101
        virtual_ips:
            -
              ip: {get_input: controller_virtual_ip}
              interface: {get_input: control_virtual_interface}
            -
              ip: {get_input: public_virtual_ip}
              interface: {get_input: public_virtual_interface}
        haproxy:
          net_binds:
            - ip: {get_input: controller_virtual_ip}
          options:
            - option httpchk GET /
          services:
            - name: keystone_admin
              port: 35357
              net_binds: &public_binds
                - ip: {get_input: controller_virtual_ip}
                - ip: {get_input: public_virtual_ip}
            - name: keystone_public
              port: 5000
              net_binds: *public_binds
            - name: horizon
              port: 80
              net_binds: *public_binds
            - name: neutron
              port: 9696
              net_binds: *public_binds
            - name: cinder
              port: 8776
              net_binds: *public_binds
            - name: glance_api
              port: 9292
              net_binds: *public_binds
            - name: glance_registry
              port: 9191
              net_binds: *public_binds
              options: # overwrite options as glace_reg needs auth for http req
            - name: heat_api
              port: 8004
              net_binds: *public_binds
            - name: heat_cloudwatch
              port: 8003
              net_binds: *public_binds
            - name: heat_cfn
              port: 8000
              net_binds: *public_binds
            - name: mysql
              port: 3306
              extra_server_params:
                - backup
              options:
                - timeout client 0
                - timeout server 0
            - name: nova_ec2
              port: 8773
            - name: nova_osapi
              port: 8774
              net_binds: *public_binds
            - name: nova_metadata
              port: 8775
              net_binds: *public_binds
            - name: nova_novncproxy
              port: 6080
              net_binds: *public_binds
            - name: ceilometer
              port: 8777
              net_binds: *public_binds
              options: # overwrite options as ceil needs auth for http req
            - name: swift_proxy_server
              port: 8080
              net_binds: *public_binds
              options:
                - option httpchk GET /info
            - name: rabbitmq
              port: 5672
              options:
                - timeout client 0
                - timeout server 0
                - maxconn 1500

outputs:
  config_id:
    description: The ID of the ControllerConfigImpl resource.
    value:
      {get_resource: ControllerConfigImpl}