heat_template_version: 2016-04-08 description: > OpenStack controller node configured by Puppet. parameters: AdminPassword: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AodhPassword: description: The password for the aodh services. type: string hidden: true controllerExtraConfig: default: {} description: | Deprecated. Use ControllerExtraConfig via parameter_defaults instead. type: json ControllerExtraConfig: default: {} description: | Controller specific hiera configuration data to inject into the cluster. type: json ControllerIPs: default: {} description: > A network mapped list of IPs to assign to Controllers in the following form: { "internal_api": ["a.b.c.d", "e.f.g.h"], ... } type: json ControlVirtualInterface: default: 'br-ex' description: Interface where virtual ip will be assigned. type: string CorosyncIPv6: default: false description: Enable IPv6 in Corosync type: boolean Debug: default: '' description: Set to True to enable debugging on all services. type: string EnableFencing: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean EnableGalera: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean EnableLoadBalancer: default: true description: Whether to deploy a LoadBalancer on the Controller type: boolean ExtraConfig: default: {} description: | Additional hieradata to inject into the cluster, note that ControllerExtraConfig takes precedence over ExtraConfig. type: json FencingConfig: default: {} description: | Pacemaker fencing configuration. The JSON should have the following structure: { "devices": [ { "agent": "AGENT_NAME", "host_mac": "HOST_MAC_ADDRESS", "params": {"PARAM_NAME": "PARAM_VALUE"} } ] } For instance: { "devices": [ { "agent": "fence_xvm", "host_mac": "52:54:00:aa:bb:cc", "params": { "multicast_address": "225.0.0.12", "port": "baremetal_0", "manage_fw": true, "manage_key_file": true, "key_file": "/etc/fence_xvm.key", "key_file_password": "abcdef" } } ] } type: json Flavor: description: Flavor for control nodes to request when deploying. type: string constraints: - custom_constraint: nova.flavor GnocchiBackend: default: file description: The short name of the Gnocchi backend to use. Should be one of swift, rbd, or file type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] GnocchiIndexerBackend: default: 'mysql' description: The short name of the Gnocchi indexer backend to use. type: string GnocchiPassword: description: The password for the gnocchi service and db account. type: string hidden: true HAProxyStatsPassword: description: Password for HAProxy stats endpoint type: string HAProxyStatsUser: description: User for HAProxy stats endpoint default: admin type: string HAProxySyslogAddress: default: /dev/log description: Syslog address where HAproxy will send its log type: string HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string hidden: true HorizonSecret: description: Secret key for Django type: string hidden: true Image: type: string default: overcloud-control constraints: - custom_constraint: glance.image ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. type: string InstanceNameTemplate: default: 'instance-%08x' description: Template string to be used to generate instance names type: string KeyName: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string constraints: - custom_constraint: nova.keypair KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint ManageFirewall: default: false description: Whether to manage IPtables rules. type: boolean MemcachedIPv6: default: false description: Enable IPv6 features in Memcached. type: boolean PurgeFirewallRules: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string default: 'unset' # Has to be here because of the ignored empty value bug # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 # constraints: # - length: {min: 4, max: 10} MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to zero should be interpreted as "no value" and will defer to the lower level default. type: number default: 0 MysqlMaxConnections: description: Configures MySQL max_connections config setting type: number default: 4096 MysqlClustercheckPassword: type: string hidden: true MysqlRootPassword: type: string hidden: true default: '' # Has to be here because of the ignored empty value bug NeutronMetadataProxySharedSecret: description: Shared secret to prevent spoofing type: string hidden: true NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true NeutronPublicInterface: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string NovaEnableDBPurge: default: true description: | Whether to create cron job for purging soft deleted rows in Nova database. type: boolean NovaIPv6: default: false description: Enable IPv6 features in Nova type: boolean NovaPassword: description: The password for the nova service and db account, used by nova-api. type: string hidden: true PcsdPassword: type: string description: The password for the 'pcsd' user. hidden: true PublicVirtualInterface: default: 'br-ex' description: > Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string RabbitCookie: type: string default: '' # Has to be here because of the ignored empty value bug hidden: true RabbitPassword: description: The password for RabbitMQ type: string hidden: true RabbitUserName: default: guest description: The username for RabbitMQ type: string RabbitClientUseSSL: default: false description: > Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host. type: string RabbitClientPort: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number RedisPassword: description: The password for Redis type: string hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug RedisVirtualIPUri: type: string default: '' # Has to be here because of the ignored empty value bug description: An IP address which is wrapped in brackets in case of IPv6 SwiftHashSuffix: description: A random string to be used as a salt when hashing to determine mappings in the ring. hidden: true type: string SwiftMinPartHours: type: number default: 1 description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. SwiftPartPower: default: 10 description: Partition Power to use when building Swift rings type: number SwiftRingBuild: default: true description: Whether to manage Swift rings or not type: boolean SwiftReplicas: type: number default: 3 description: How many replicas to use in the swift rings. UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level default: '' MysqlVirtualIP: type: string default: '' EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json UpdateIdentifier: default: '' type: string description: > Setting to a previously unused value during stack-update will trigger package update on all nodes Hostname: type: string default: '' # Defaults to Heat created hostname HostnameMap: type: json default: {} description: Optional mapping to override hostnames NetworkDeploymentActions: type: comma_delimited_list description: > Heat action when to apply network configuration changes default: ['CREATE'] NodeIndex: type: number default: 0 SoftwareConfigTransport: default: POLL_SERVER_CFN description: | How the server should receive the metadata required for software configuration. type: string constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json SchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} ServiceConfigSettings: type: json default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 parameter_groups: - label: deprecated description: Do not use deprecated params, they will be removed. parameters: - controllerExtraConfig resources: Controller: type: OS::Nova::Server metadata: os-collect-config: command: {get_param: ConfigCommand} properties: image: {get_param: Image} image_update_policy: {get_param: ImageUpdatePolicy} flavor: {get_param: Flavor} key_name: {get_param: KeyName} networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG user_data: {get_resource: UserData} name: str_replace: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} scheduler_hints: {get_param: SchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: type: OS::Heat::MultipartMime properties: parts: - config: {get_resource: NodeAdminUserData} type: multipart - config: {get_resource: NodeUserData} type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeAdminUserData: type: OS::TripleO::NodeAdminUserData # For optional operator additional userdata # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData ExternalPort: type: OS::TripleO::Controller::Ports::ExternalPort properties: IPPool: {get_param: ControllerIPs} NodeIndex: {get_param: NodeIndex} ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} InternalApiPort: type: OS::TripleO::Controller::Ports::InternalApiPort properties: IPPool: {get_param: ControllerIPs} NodeIndex: {get_param: NodeIndex} ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} StoragePort: type: OS::TripleO::Controller::Ports::StoragePort properties: IPPool: {get_param: ControllerIPs} NodeIndex: {get_param: NodeIndex} ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} StorageMgmtPort: type: OS::TripleO::Controller::Ports::StorageMgmtPort properties: IPPool: {get_param: ControllerIPs} NodeIndex: {get_param: NodeIndex} ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} TenantPort: type: OS::TripleO::Controller::Ports::TenantPort properties: IPPool: {get_param: ControllerIPs} NodeIndex: {get_param: NodeIndex} ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} ManagementPort: type: OS::TripleO::Controller::Ports::ManagementPort properties: IPPool: {get_param: ControllerIPs} NodeIndex: {get_param: NodeIndex} ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig properties: ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: Controller} actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} # Resource for site-specific injection of root certificate NodeTLSCAData: depends_on: NetworkDeployment type: OS::TripleO::NodeTLSCAData properties: server: {get_resource: Controller} # Resource for site-specific passing of private keys/certificates NodeTLSData: depends_on: NodeTLSCAData type: OS::TripleO::NodeTLSData properties: server: {get_resource: Controller} NodeIndex: {get_param: NodeIndex} ControllerDeployment: type: OS::TripleO::SoftwareDeployment depends_on: NetworkDeployment properties: name: ControllerDeployment config: {get_resource: ControllerConfig} server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_secret: {get_param: HorizonSecret} admin_password: {get_param: AdminPassword} debug: {get_param: Debug} cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} enable_load_balancer: {get_param: EnableLoadBalancer} manage_firewall: {get_param: ManageFirewall} purge_firewall_rules: {get_param: PurgeFirewallRules} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_max_connections: {get_param: MysqlMaxConnections} mysql_root_password: {get_param: MysqlRootPassword} mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} mysql_cluster_name: str_replace: template: tripleo-CLUSTER params: CLUSTER: {get_param: MysqlClusterUniquePart} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} neutron_password: {get_param: NeutronPassword} neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } aodh_password: {get_param: AodhPassword} aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } gnocchi_password: {get_param: GnocchiPassword} gnocchi_backend: {get_param: GnocchiBackend} gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} ceilometer_coordination_url: list_join: - '' - - 'redis://:' - {get_param: RedisPassword} - '@' - {get_param: RedisVirtualIPUri} - ':6379/' gnocchi_dsn: list_join: - '' - - {get_param: [EndpointMap, MysqlInternal, protocol]} - '://gnocchi:' - {get_param: GnocchiPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' aodh_dsn: list_join: - '' - - {get_param: [EndpointMap, MysqlInternal, protocol]} - '://aodh:' - {get_param: AodhPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } nova_enable_db_purge: {get_param: NovaEnableDBPurge} nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} memcached_ipv6: {get_param: MemcachedIPv6} nova_password: {get_param: NovaPassword} nova_dsn: list_join: - '' - - {get_param: [EndpointMap, MysqlInternal, protocol]} - '://nova:' - {get_param: NovaPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' nova_api_dsn: list_join: - '' - - {get_param: [EndpointMap, MysqlInternal, protocol]} - '://nova_api:' - {get_param: NovaPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} instance_name_template: {get_param: InstanceNameTemplate} nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]} nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]} nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} swift_part_power: {get_param: SwiftPartPower} swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} cinder_iscsi_network: str_replace: template: "'IP'" params: IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} keystone_region: {get_param: KeystoneRegion} mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} horizon_subnet: str_replace: template: "['SUBNET']" params: SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} mysql_virtual_ip: {get_param: MysqlVirtualIP} ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} # Map heat metadata into hiera datafiles ControllerConfig: type: OS::Heat::StructuredConfig properties: group: os-apply-config config: hiera: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} - controller_extraconfig - extraconfig - service_configs - controller - database - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - ceph_cluster # provided by CephClusterConfig - ceph - bootstrap_node # provided by BootstrapNodeConfig - all_nodes # provided by allNodesConfig - vip_data # provided by vip-config - '"%{::osfamily}"' - common - network - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - midonet_data #Optionally provided by AllNodesExtraConfig merge_behavior: deeper datafiles: service_configs: mapped_data: {get_param: ServiceConfigSettings} controller_extraconfig: mapped_data: map_merge: - {get_param: controllerExtraConfig} - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} common: raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} ceph: raw_data: {get_file: hieradata/ceph.yaml} mapped_data: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} ceph::profile::params::public_addr: {get_input: ceph_public_ip} database: raw_data: {get_file: hieradata/database.yaml} object: raw_data: {get_file: hieradata/object.yaml} controller: raw_data: {get_file: hieradata/controller.yaml} mapped_data: # data supplied directly to this deployment configuration, etc bootstack_nodeid: {get_input: bootstack_nodeid} # Pacemaker enable_fencing: {get_input: enable_fencing} enable_load_balancer: {get_input: enable_load_balancer} hacluster_pwd: {get_input: pcsd_password} corosync_ipv6: {get_input: corosync_ipv6} tripleo::fencing::config: {get_input: fencing_config} # Swift # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} swift::swift_hash_path_suffix: {get_input: swift_hash_suffix} tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} # Cinder tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network} cinder::api::bind_host: {get_input: cinder_api_network} cinder::keystone::auth::public_url: {get_input: cinder_public_url } cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } cinder::keystone::auth::password: {get_input: cinder_password } cinder::keystone::auth::region: {get_input: keystone_region} # Glance glance::api::bind_host: {get_input: glance_api_network} glance::registry::bind_host: {get_input: glance_registry_network} glance::keystone::auth::region: {get_input: keystone_region} # Heat heat::api::bind_host: {get_input: heat_api_network} heat::api_cloudwatch::bind_host: {get_input: heat_api_network} heat::api_cfn::bind_host: {get_input: heat_api_network} heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} # Keystone keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} # MySQL admin_password: {get_input: admin_password} enable_galera: {get_input: enable_galera} mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} mysql_max_connections: {get_input: mysql_max_connections} mysql::server::root_password: {get_input: mysql_root_password} mysql_clustercheck_password: {get_input: mysql_clustercheck_password} mysql_cluster_name: {get_input: mysql_cluster_name} mysql_bind_host: {get_input: mysql_network} mysql_virtual_ip: {get_input: mysql_virtual_ip} # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} neutron::keystone::auth::public_url: {get_input: neutron_public_url } neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} # Ceilometer ceilometer::api::host: {get_input: ceilometer_api_network} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Aodh aodh_mysql_conn_string: {get_input: aodh_dsn} aodh::rabbit_userid: {get_input: rabbit_username} aodh::rabbit_password: {get_input: rabbit_password} aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} aodh::rabbit_port: {get_input: rabbit_client_port} aodh::debug: {get_input: debug} aodh::wsgi::apache::ssl: false aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} aodh::api::service_name: 'httpd' aodh::api::host: {get_input: aodh_api_network} aodh::api::keystone_password: {get_input: aodh_password} aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri} aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri} aodh::auth::auth_url: {get_input: keystone_auth_uri} aodh::auth::auth_password: {get_input: aodh_password} aodh::db::mysql::password: {get_input: aodh_password} # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} aodh::keystone::auth::public_url: {get_input: aodh_public_url } aodh::keystone::auth::internal_url: {get_input: aodh_internal_url } aodh::keystone::auth::admin_url: {get_input: aodh_admin_url } aodh::keystone::auth::password: {get_input: aodh_password } aodh::keystone::auth::region: {get_input: keystone_region} # Gnocchi gnocchi_backend: {get_input: gnocchi_backend} gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend} gnocchi_mysql_conn_string: {get_input: gnocchi_dsn} gnocchi::debug: {get_input: debug} gnocchi::wsgi::apache::ssl: false gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} gnocchi::api::service_name: 'httpd' gnocchi::api::host: {get_input: gnocchi_api_network} gnocchi::api::keystone_password: {get_input: gnocchi_password} gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri} gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri} gnocchi::db::mysql::password: {get_input: gnocchi_password} gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} gnocchi::storage::swift::swift_key: {get_input: gnocchi_password} gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url } gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url } gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url } gnocchi::keystone::auth::password: {get_input: gnocchi_password } gnocchi::keystone::auth::region: {get_input: keystone_region} # Nova nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} nova::use_ipv6: {get_input: nova_ipv6} nova::api::auth_uri: {get_input: keystone_auth_uri} nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: nova_api_network} nova::api::metadata_listen: {get_input: nova_metadata_network} nova::api::admin_password: {get_input: nova_password} nova::database_connection: {get_input: nova_dsn} nova::api_database_connection: {get_input: nova_api_dsn} nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::api::instance_name_template: {get_input: instance_name_template} nova::network::neutron::neutron_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} nova::db::mysql_api::password: {get_input: nova_password} nova_enable_db_purge: {get_input: nova_enable_db_purge} nova::keystone::auth::public_url: {get_input: nova_public_url} nova::keystone::auth::internal_url: {get_input: nova_internal_url} nova::keystone::auth::admin_url: {get_input: nova_admin_url} nova::keystone::auth::password: {get_input: nova_password } nova::keystone::auth::region: {get_input: keystone_region} # Horizon apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} apache::ip: {get_input: horizon_network} horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} control_virtual_interface: {get_input: control_virtual_interface} public_virtual_interface: {get_input: public_virtual_interface} tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface} tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface} tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface} tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface} tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address} tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user} tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password} tripleo::haproxy::redis_password: {get_input: redis_password} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: depends_on: ControllerDeployment type: OS::TripleO::ControllerExtraConfigPre properties: server: {get_resource: Controller} # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig properties: server: {get_resource: Controller} UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate UpdateDeployment: type: OS::Heat::SoftwareDeployment properties: name: UpdateDeployment config: {get_resource: UpdateConfig} server: {get_resource: Controller} input_values: update_identifier: get_param: UpdateIdentifier outputs: ip_address: description: IP address of the server in the ctlplane network value: {get_attr: [Controller, networks, ctlplane, 0]} external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} internal_api_ip_address: description: IP address of the server in the internal_api network value: {get_attr: [InternalApiPort, ip_address]} storage_ip_address: description: IP address of the server in the storage network value: {get_attr: [StoragePort, ip_address]} storage_mgmt_ip_address: description: IP address of the server in the storage_mgmt network value: {get_attr: [StorageMgmtPort, ip_address]} tenant_ip_address: description: IP address of the server in the tenant network value: {get_attr: [TenantPort, ip_address]} management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} hostname: description: Hostname of the server value: {get_attr: [Controller, name]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format value: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST TENANTIP TENANTHOST.DOMAIN TENANTHOST MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [Controller, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - '.' - - {get_attr: [Controller, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - '.' - - {get_attr: [Controller, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - '.' - - {get_attr: [Controller, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - '.' - - {get_attr: [Controller, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - '.' - - {get_attr: [Controller, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - '.' - - {get_attr: [Controller, name]} - management nova_server_resource: description: Heat resource handle for the Nova compute server value: {get_resource: Controller} swift_device: description: Swift device formatted for swift-ring-builder value: str_replace: template: 'r1z1-IP:%PORT%/d1' params: IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} swift_proxy_memcache: description: Swift proxy-memcache value value: str_replace: template: "IP:11211" params: IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} tls_cert_modulus_md5: description: MD5 checksum of the TLS Certificate Modulus value: {get_attr: [NodeTLSData, cert_modulus_md5]}