description: Nova API,Keystone,Heat Engine and API,Glance,Neutron,Dedicated MySQL server,Dedicated RabbitMQ Server,Group of Nova Computes heat_template_version: 2013-05-23 parameters: AdminPassword: default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AdminToken: default: unset description: The keystone auth secret. type: string hidden: true CinderPassword: default: unset description: The password for the cinder service account, used by cinder-api. type: string hidden: true CinderISCSIHelper: default: tgtadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number ExtraConfig: default: {} description: | Additional configuration to inject into the cluster. The JSON should have the following structure: {"FILEKEY": {"config": [{"section": "SECTIONNAME", "values": [{"option": "OPTIONNAME", "value": "VALUENAME" } ] } ] } } For instance: {"nova": {"config": [{"section": "default", "values": [{"option": "compute_manager", "value": "ironic.nova.compute.manager.ClusterComputeManager" } ] }, {"section": "cells", "values": [{"option": "driver", "value": "nova.cells.rpc_driver.CellsRPCDriver" } ] } ] } } type: json OvercloudControlFlavor: default: baremetal description: Flavor for control nodes to request when deploying. type: string OvercloudComputeFlavor: default: baremetal description: Flavor for compute nodes to request when deploying. type: string GlancePort: default: 9292 description: Glance port. type: string GlanceProtocol: default: http description: Protocol to use when connecting to glance, set to https for SSL. type: string GlancePassword: default: unset description: The password for the glance service account, used by the glance services. type: string hidden: true GlanceNotifierStrategy: description: Strategy to use for Glance notification queue type: string default: noop GlanceLogFile: description: The filepath of the file to use for logging messages from Glance. type: string default: '' HeatPassword: default: unset description: The password for the Heat service account, used by the Heat services. type: string hidden: true ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. type: string KeyName: default: default description: Name of an existing EC2 KeyPair to enable SSH access to the instances type: string NeutronBridgeMappings: description: | The OVS logical->physical bridge mappings to use. See the Neutron documentation for details. Defaults to mapping br-ex - the external bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network scripts or be sure to keep 'datacentre' as a mapping network name. type: string default: "datacentre:br-ex" NeutronNetworkVLANRanges: default: 'datacentre' description: | The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the Neutron documentation for permitted values. Defaults to permitting any VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). type: string NeutronPassword: default: unset description: The password for the neutron service account, used by neutron agents. type: string hidden: true CeilometerComputeAgent: description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly type: string default: '' constraints: - allowed_values: ['', Present] CeilometerMeteringSecret: default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: default: unset description: The password for the ceilometer service account. type: string hidden: true SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true CloudName: default: '' description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string NovaComputeDriver: default: libvirt.LibvirtDriver type: string NovaComputeLibvirtType: default: '' type: string NovaImage: type: string default: overcloud-compute NovaPassword: default: unset description: The password for the nova service account, used by nova-api. type: string hidden: true NeutronFlatNetworks: type: string default: 'datacentre' description: | If set, flat networks to configure in neutron plugins. Defaults to 'datacentre' to permit external network creation. HypervisorNeutronPhysicalBridge: default: 'br-ex' description: | An OVS bridge to create on each hypervisor. This defaults to br-ex the same as the control plane nodes, as we have a uniform configuration of the openvswitch agent. Typically should not need to be changed. type: string HypervisorNeutronPublicInterface: default: 'eth0' description: What interface to add to the HypervisorNeutronPhysicalBridge. type: string NeutronPublicInterface: default: eth0 description: What interface to bridge onto br-ex for network nodes. type: string NeutronPublicInterfaceDefaultRoute: default: '' description: A custom default route for the NeutronPublicInterface. type: string NeutronPublicInterfaceIP: default: '' description: A custom IP address to put onto the NeutronPublicInterface. type: string NeutronPublicInterfaceRawDevice: default: '' description: If set, the public interface is a vlan with this device as the raw device. type: string NeutronControlPlaneID: default: '' type: string description: Neutron ID for ctlplane network. NeutronDnsmasqOptions: default: 'dhcp-option-force=26,1400' description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. type: string controllerImage: type: string default: overcloud-control NtpServer: type: string default: '' RabbitUserName: default: guest description: The username for RabbitMQ type: string RabbitPassword: default: guest description: The password for RabbitMQ type: string hidden: true RabbitCookieSalt: type: string default: unset description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. HeatStackDomainAdminPassword: description: Password for heat_domain_admin user. type: string default: '' hidden: true LiveUpdateUserName: type: string description: The live-update username for the undercloud Glance API. default: '' LiveUpdateTenantName: type: string description: The live-update tenant name for the undercloud Glance API. default: '' LiveUpdateHost: type: string description: The IP address for the undercloud Glance API. default: '' LiveUpdatePassword: type: string default: '' description: The live-update password for the undercloud Glance API. hidden: true LiveUpdateComputeImage: type: string description: The image ID for live-updates to the overcloud compute nodes. default: '' MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to zero should be interpreted as "no value" and will defer to the lower level default. type: number default: 0 ControlVirtualInterface: default: 'br-ex' description: Interface where virtual ip will be assigned. type: string ControlFixedIPs: default: [] description: Should be used for arbitrary ips. type: json PublicVirtualFixedIPs: default: [] description: | Control the IP allocation for the PublicVirtualInterface port. E.g. [{'ip_address':'1.2.3.4'}] type: json PublicVirtualInterface: default: 'br-ex' description: > Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string PublicVirtualNetwork: default: 'ctlplane' type: string description: > Neutron network to allocate public virtual IP port on. KeystoneCACertificate: default: '' description: Keystone self-signed certificate authority certificate. type: string KeystoneSigningCertificate: default: '' description: Keystone certificate for verifying token validity. type: string KeystoneSigningKey: default: '' description: Keystone key for signing tokens. type: string hidden: true DefaultSignalTransport: default: CFN_SIGNAL description: Transport to use for software-config signals. type: string constraints: - allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ] resources: ControlVirtualIP: type: OS::Neutron::Port properties: name: control_virtual_ip network_id: {get_param: NeutronControlPlaneID} fixed_ips: get_param: ControlFixedIPs MysqlClusterUniquePart: type: OS::Heat::RandomString properties: length: 10 MysqlRootPassword: type: OS::Heat::RandomString properties: length: 10 PublicVirtualIP: type: OS::Neutron::Port properties: name: public_virtual_ip network: {get_param: PublicVirtualNetwork} fixed_ips: get_param: PublicVirtualFixedIPs RabbitCookie: type: OS::Heat::RandomString properties: length: 20 salt: get_param: RabbitCookieSalt NovaCompute0Deployment: type: FileInclude Path: nova-compute-instance.yaml SubKey: resources.NovaCompute0Deployment parameters: DefaultSignalTransport: get_param: DefaultSignalTransport NovaApiHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} KeystoneHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} NovaDSN: Fn::Join: - '' - - mysql://nova:unset@ - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - /nova NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} CeilometerDSN: Fn::Join: - '' - - mysql://ceilometer:unset@ - *compute_database_host - /ceilometer NeutronDSN: Fn::Join: - '' - - mysql://neutron:unset@ - *compute_database_host - /ovs_neutron NeutronNetworkType: "gre" NeutronEnableTunnelling: "True" NeutronFlatNetworks: get_param: NeutronFlatNetworks NeutronNetworkVLANRanges: get_param: NeutronNetworkVLANRanges NeutronPhysicalBridge: get_param: HypervisorNeutronPhysicalBridge NeutronPublicInterface: get_param: HypervisorNeutronPublicInterface NeutronBridgeMappings: get_param: NeutronBridgeMappings NovaCompute0AllNodesDeployment: type: FileInclude Path: nova-compute-instance.yaml SubKey: resources.NovaCompute0AllNodesDeployment parameters: AllNodesConfig: {get_resource: allNodesConfig} NovaCompute0Passthrough: type: FileInclude Path: nova-compute-instance.yaml SubKey: resources.NovaCompute0Passthrough parameters: passthrough_config: {get_param: ExtraConfig} NovaCompute0: type: FileInclude Path: nova-compute-instance.yaml SubKey: resources.NovaCompute0 controllerConfig: type: OS::Heat::StructuredConfig properties: group: os-apply-config config: admin-password: get_param: AdminPassword admin-token: get_param: AdminToken bootstack: public_interface_ip: get_param: NeutronPublicInterfaceIP bootstrap_host: bootstrap_nodeid: Fn::Select: - 0 - Fn::Select: - 0 - Merge::Map: controller0: - Fn::Select: - name - get_attr: - controller0 - show nodeid: {get_input: bootstack_nodeid} database: host: &database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} cinder: db: Fn::Join: - '' - - mysql://cinder:unset@ - *database_host - /cinder volume_size_mb: get_param: CinderLVMLoopDeviceSize service-password: get_param: CinderPassword iscsi-helper: get_param: CinderISCSIHelper controller-address: get_input: controller_host corosync: bindnetaddr: {get_input: controller_host} mcastport: 5577 nodes: Merge::Map: controller0: ip: {get_attr: [controller0, networks, ctlplane, 0]} pacemaker: stonith_enabled : false recheck_interval : 5 quorum_policy : ignore db-password: unset glance: registry: host: {get_input: controller_virtual_ip} backend: swift db: Fn::Join: - '' - - mysql://glance:unset@ - *database_host - /glance host: get_input: controller_virtual_ip port: get_param: GlancePort protocol: get_param: GlanceProtocol service-password: get_param: GlancePassword swift-store-user: service:glance swift-store-key: get_param: GlancePassword notifier-strategy: get_param: GlanceNotifierStrategy log-file: get_param: GlanceLogFile heat: admin_password: get_param: HeatPassword admin_tenant_name: service admin_user: heat auth_encryption_key: unset___________ db: Fn::Join: - '' - - mysql://heat:unset@ - *database_host - /heat stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} watch_server_url: {get_input: heat.watch_server_url} metadata_server_url: {get_input: heat.metadata_server_url} waitcondition_server_url: {get_input: heat.waitcondition_server_url} horizon: caches: memcached: nodes: Merge::Map: controller0: {get_attr: [controller0, show, name]} keystone: db: Fn::Join: - '' - - mysql://keystone:unset@ - *database_host - /keystone host: get_input: controller_virtual_ip ca_certificate: {get_param: KeystoneCACertificate} signing_key: {get_param: KeystoneSigningKey} signing_certificate: {get_param: KeystoneSigningCertificate} mysql: innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} local_bind: true root-password: {get_resource: MysqlRootPassword} nodes: Merge::Map: controller0: ip: {get_attr: [controller0, networks, ctlplane, 0]} cluster_name: Fn::Join: - '-' - - 'tripleo' - {get_resource: MysqlClusterUniquePart} neutron: flat-networks: {get_param: NeutronFlatNetworks} host: {get_input: controller_virtual_ip} metadata_proxy_shared_secret: unset ovs: enable_tunneling: 'True' local_ip: get_input: controller_host network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} bridge_mappings: {get_param: NeutronBridgeMappings} public_interface: get_param: NeutronPublicInterface public_interface_raw_device: get_param: NeutronPublicInterfaceRawDevice public_interface_route: get_param: NeutronPublicInterfaceDefaultRoute physical_bridge: br-ex tenant_network_type: gre ovs_db: Fn::Join: - '' - - mysql://neutron:unset@ - *database_host - /ovs_neutron?charset=utf8 service-password: get_param: NeutronPassword dnsmasq-options: get_param: NeutronDnsmasqOptions ceilometer: db: Fn::Join: - '' - - mysql://ceilometer:unset@ - *database_host - /ceilometer metering_secret: {get_param: CeilometerMeteringSecret} service-password: get_param: CeilometerPassword snmpd: export_MIB: UCD-SNMP-MIB readonly_user_name: get_param: SnmpdReadonlyUserName readonly_user_password: get_param: SnmpdReadonlyUserPassword nova: compute_driver: libvirt.LibvirtDriver db: Fn::Join: - '' - - mysql://nova:unset@ - *database_host - /nova default_floating_pool: ext-net host: {get_input: controller_virtual_ip} metadata-proxy: true service-password: get_param: NovaPassword rabbit: host: {get_input: controller_virtual_ip} username: get_param: RabbitUserName password: get_param: RabbitPassword cookie: get_attr: - RabbitCookie - value ntp: servers: - {server: {get_param: NtpServer}, fudge: "stratum 0"} virtual_interfaces: instances: - vrrp_instance_name: VI_CONTROL virtual_router_id: 51 keepalive_interface: get_param: ControlVirtualInterface priority: 101 virtual_ips: - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} interface: get_param: ControlVirtualInterface - vrrp_instance_name: VI_PUBLIC virtual_router_id: 52 keepalive_interface: get_param: PublicVirtualInterface priority: 101 virtual_ips: - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} interface: get_param: PublicVirtualInterface vrrp_sync_groups: - name: VG1 members: - VI_CONTROL - VI_PUBLIC keepalived: keepalive_interface: get_param: PublicVirtualInterface priority: 101 virtual_ips: - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} interface: get_param: ControlVirtualInterface - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} interface: get_param: PublicVirtualInterface haproxy: nodes: Merge::Map: controller0: ip: {get_attr: [controller0, networks, ctlplane, 0]} name: {get_attr: [controller0, show, name]} net_binds: - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} services: - name: keystone_admin port: 35357 net_binds: &public_binds - ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ip: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]} - name: keystone_public port: 5000 net_binds: *public_binds - name: horizon port: 80 net_binds: *public_binds - name: neutron port: 9696 net_binds: *public_binds - name: cinder port: 8776 net_binds: *public_binds - name: glance_api port: 9292 net_binds: *public_binds - name: glance_registry port: 9191 net_binds: *public_binds - name: heat_api port: 8004 net_binds: *public_binds - name: heat_cloudwatch port: 8003 net_binds: *public_binds - name: heat_cfn port: 8000 net_binds: *public_binds - name: mysql port: 3306 extra_server_params: - backup options: - timeout client 0 - timeout server 0 - name: nova_ec2 port: 8773 - name: nova_osapi port: 8774 net_binds: *public_binds - name: nova_metadata port: 8775 net_binds: *public_binds - name: ceilometer port: 8777 net_binds: *public_binds - name: swift_proxy_server port: 8080 net_binds: *public_binds - name: rabbitmq port: 5672 options: - timeout client 0 - timeout server 0 controllerPassthrough: type: OS::Heat::StructuredConfig properties: group: os-apply-config config: {get_input: passthrough_config} controller0: type: OS::Nova::Server properties: image: get_param: controllerImage image_update_policy: get_param: ImageUpdatePolicy flavor: get_param: OvercloudControlFlavor key_name: get_param: KeyName networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG controller0AllNodesDeployment: depends_on: [controller0Deployment,controller0SSLDeployment,controller0Swift,controller0Passthrough] type: OS::Heat::StructuredDeployment properties: signal_transport: {get_param: DefaultSignalTransport} config: {get_resource: allNodesConfig} server: {get_resource: controller0} controller0Deployment: type: OS::Heat::StructuredDeployment properties: signal_transport: NO_SIGNAL config: {get_resource: controllerConfig} server: {get_resource: controller0} input_values: bootstack_nodeid: {get_attr: [controller0, show, name]} controller_host: {get_attr: [controller0, networks, ctlplane, 0]} controller_virtual_ip: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} heat.watch_server_url: Fn::Join: - '' - - 'http://' - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ':8003' heat.metadata_server_url: Fn::Join: - '' - - 'http://' - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ':8000' heat.waitcondition_server_url: Fn::Join: - '' - - 'http://' - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - ':8000/v1/waitcondition' allNodesConfig: type: OS::Heat::StructuredConfig properties: config: completion-signal: {get_input: deploy_signal_id} hosts: Fn::Join: - "\n" - - Fn::Join: - "\n" - Merge::Map: NovaCompute0: Fn::Join: - ' ' - - {get_attr: [NovaCompute0, networks, ctlplane, 0]} - {get_attr: [NovaCompute0, show, name]} - Fn::Join: - '.' - - {get_attr: [NovaCompute0, show, name]} - 'novalocal' - Fn::Join: - "\n" - Merge::Map: BlockStorage0: Fn::Join: - ' ' - - {get_attr: [BlockStorage0, networks, ctlplane, 0]} - {get_attr: [BlockStorage0, show, name]} - Fn::Join: - '.' - - {get_attr: [BlockStorage0, show, name]} - 'novalocal' - Fn::Join: - "\n" - Merge::Map: SwiftStorage0: Fn::Join: - ' ' - - {get_attr: [SwiftStorage0, networks, ctlplane, 0]} - {get_attr: [SwiftStorage0, show, name]} - Fn::Join: - '.' - - {get_attr: [SwiftStorage0, show, name]} - 'novalocal' - Fn::Join: - "\n" - Merge::Map: controller0: Fn::Join: - ' ' - - {get_attr: [controller0, networks, ctlplane, 0]} - {get_attr: [controller0, show, name]} - Fn::Join: - '.' - - {get_attr: [controller0, show, name]} - 'novalocal' - {get_param: CloudName} rabbit: nodes: Fn::Join: - ',' - Merge::Map: controller0: {get_attr: [controller0, show, name]} controller0SSLDeployment: type: OS::Heat::StructuredDeployment properties: config: {get_resource: SSLConfig} server: {get_resource: controller0} signal_transport: NO_SIGNAL input_values: controller_host: {get_attr: [controller0, networks, ctlplane, 0]} ssl_certificate: {get_param: SSLCertificate} ssl_key: {get_param: SSLKey} ssl_ca_certificate: {get_param: SSLCACertificate} controller0Passthrough: type: OS::Heat::StructuredDeployment properties: config: {get_resource: controllerPassthrough} server: {get_resource: controller0} signal_transport: NO_SIGNAL input_values: passthrough_config: {get_param: ExtraConfig} outputs: KeystoneURL: description: URL for the Overcloud Keystone service value: Fn::Join: - '' - - http:// - {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - :5000/v2.0/