heat_template_version: rocky description: > Post-deployment for the TripleO undercloud parameters: servers: type: json DeployedServerPortMap: default: {} type: json UndercloudHomeDir: description: The HOME directory where the stackrc and ssh credentials for the Undercloud will be installed. Set to /home/ to customize the location. type: string default: '/root' AdminPassword: #supplied by tripleo-undercloud-passwords.yaml type: string description: The password for the keystone admin account, used for monitoring, querying neutron etc. hidden: True SSLCertificate: description: > The content of the SSL certificate (without Key) in PEM format. type: string default: "" hidden: True PublicSSLCertificateAutogenerated: default: false description: > Whether the public SSL certificate was autogenerated or not. type: boolean InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. SnmpdReadonlyUserPassword: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true DnsServers: default: [] description: > DNS servers to use for the Overcloud (2 max for some implementations). If not set the nameservers configured in the ctlplane subnet's dns_nameservers attribute will be used. type: comma_delimited_list CtlplaneLocalPhysicalNetwork: default: ctlplane type: string description: Physical network name for the ctlplane network local to the undercloud UndercloudCtlplaneSubnets: description: > Dictionary of subnets to configure on the Undercloud ctlplan network default: {} type: json UndercloudCtlplaneLocalSubnet: description: The subnet local to the undercloud on the ctlplane network default: ctlplane-subnet type: string UndercloudEnableRoutedNetworks: description: Enable support for routed ctlplane networks. default: False type: boolean UndercloudLocalMtu: # Override this via parameter_defaults default: 1500 description: MTU to use for the Undercloud local_interface. type: number constraints: - range: { min: 1000, max: 65536 } conditions: tls_enabled: or: - not: equals: - {get_param: SSLCertificate} - "" - equals: - {get_param: PublicSSLCertificateAutogenerated} - true ca_file_enabled: and: - not: equals: - {get_param: InternalTLSCAFile} - "" - tls_enabled resources: UndercloudPostConfig: type: OS::Heat::SoftwareConfig properties: group: script inputs: - name: deploy_identifier - name: admin_password - name: auth_url - name: internal_tls_ca_file config: {get_file: ./undercloud_post.sh} UndercloudPostDeployment: type: OS::Heat::SoftwareDeployments properties: name: UndercloudPostDeployment servers: {get_param: servers} config: {get_resource: UndercloudPostConfig} input_values: ssl_certificate: {get_param: SSLCertificate} homedir: {get_param: UndercloudHomeDir} admin_password: {get_param: AdminPassword} internal_tls_ca_file: if: - ca_file_enabled - {get_param: InternalTLSCAFile} - '' # if SSL is enabled we use the public virtual ip as the stackrc endpoint auth_url: if: - tls_enabled - make_url: scheme: https host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]} port: 13000 path: / - make_url: scheme: http host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} port: 5000 path: / UndercloudPostPyConfig: type: OS::Heat::SoftwareConfig properties: group: script inputs: - name: admin_password - name: auth_url - name: config config: {get_file: ./undercloud_post.py} UndercloudPostPyDeployment: type: OS::Heat::SoftwareDeployments depends_on: UndercloudPostDeployment properties: name: UndercloudPostPyDeployment servers: {get_param: servers} config: {get_resource: UndercloudPostPyConfig} input_values: admin_password: {get_param: AdminPassword} auth_url: if: - tls_enabled - make_url: scheme: https host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]} port: 13000 path: / - make_url: scheme: http host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} port: 5000 path: / config: str_replace: template: JSON params: JSON: home_dir: {get_param: UndercloudHomeDir} snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} UndercloudCtlplaneNetworkConfig: type: OS::Heat::SoftwareConfig properties: group: script inputs: - name: admin_password - name: auth_url - name: config config: {get_file: ./undercloud_ctlplane_network.py} UndercloudCtlplaneNetworkDeployment: type: OS::Heat::SoftwareDeployments depends_on: UndercloudPostDeployment properties: name: UndercloudCtlplaneNetworkDeployment servers: {get_param: servers} config: {get_resource: UndercloudCtlplaneNetworkConfig} input_values: admin_password: {get_param: AdminPassword} # if SSL is enabled we use the public virtual ip as the stackrc endpoint auth_url: if: - tls_enabled - make_url: scheme: https host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]} port: 13000 path: / - make_url: scheme: http host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} port: 5000 path: / config: str_replace: template: JSON params: JSON: local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} local_subnet: {get_param: UndercloudCtlplaneLocalSubnet} nameservers: {get_param: DnsServers} physical_network: {get_param: CtlplaneLocalPhysicalNetwork} subnets: {get_param: UndercloudCtlplaneSubnets} enable_routed_networks: {get_param: UndercloudEnableRoutedNetworks} mtu: {get_param: UndercloudLocalMtu}