Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

undercloud.yaml 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226
  1. parameter_merge_strategies:
  2. default: overwrite
  3. UndercloudExtraConfig: deep_merge
  4. resource_registry:
  5. OS::TripleO::Services::Tmpwatch: ../deployment/logrotate/tmpwatch-install.yaml
  6. OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml
  7. OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
  8. OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml
  9. OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml
  10. OS::TripleO::Services::DockerRegistry: ../deployment/image-serve/image-serve-baremetal-ansible.yaml
  11. OS::TripleO::Services::ContainerImagePrepare: ../deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml
  12. # Allows us to control the external VIP for Undercloud SSL
  13. OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml
  14. OS::TripleO::Services::ComputeNeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
  15. OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
  16. OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml
  17. OS::TripleO::Services::NeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
  18. OS::TripleO::Services::NeutronCorePlugin: ../deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
  19. OS::TripleO::Docker::NeutronMl2PluginBase: ../deployment/neutron/neutron-plugin-ml2.yaml
  20. OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-puppet.yaml
  21. # services we disable by default on the undercloud
  22. OS::TripleO::Services::AodhApi: OS::Heat::None
  23. OS::TripleO::Services::AodhEvaluator: OS::Heat::None
  24. OS::TripleO::Services::AodhNotifier: OS::Heat::None
  25. OS::TripleO::Services::AodhListener: OS::Heat::None
  26. OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
  27. OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
  28. OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
  29. OS::TripleO::Services::GnocchiApi: OS::Heat::None
  30. OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
  31. OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
  32. OS::TripleO::Services::PankoApi: OS::Heat::None
  33. OS::TripleO::Services::Redis: OS::Heat::None
  34. OS::TripleO::Services::CinderApi: OS::Heat::None
  35. OS::TripleO::Services::CinderScheduler: OS::Heat::None
  36. OS::TripleO::Services::CinderVolume: OS::Heat::None
  37. OS::TripleO::Services::NovaMetadata: OS::Heat::None
  38. OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
  39. # Services we don't ever want configured. See LP#1824030
  40. OS::TripleO::Services::Pacemaker: OS::Heat::None
  41. OS::TripleO::Services::PacemakerRemote: OS::Heat::None
  42. OS::TripleO::Services::Clustercheck: OS::Heat::None
  43. # Ensure non-pacemaker versions. See LP#1824030
  44. # CinderVolume is set to None above and OVNdbs is currently not in the list in role_data_undercloud.yaml so
  45. # avoiding that as well until the UC switches to OVN
  46. OS::TripleO::Services::MySQL: ../deployment/database/mysql-container-puppet.yaml
  47. OS::TripleO::Services::OsloMessagingRpc: ../deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
  48. OS::TripleO::Services::OsloMessagingNotify: ../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
  49. # Enable Podman on the Undercloud.
  50. # This line will drop in Stein when it becomes the default.
  51. OS::TripleO::Services::Podman: ../deployment/podman/podman-baremetal-ansible.yaml
  52. # Undercloud HA services
  53. OS::TripleO::Services::HAproxy: OS::Heat::None
  54. OS::TripleO::Services::Keepalived: OS::Heat::None
  55. parameter_defaults:
  56. # ensure we enable ip_forward before docker gets run
  57. KernelIpForward: 1
  58. KernelIpNonLocalBind: 1
  59. KeystoneCorsAllowedOrigin: '*'
  60. KeystoneEnableMember: true
  61. # Increase the Token expiration time until we fix the actual session bug:
  62. # https://bugs.launchpad.net/tripleo/+bug/1761050
  63. TokenExpiration: 14400
  64. EnablePackageInstall: true
  65. StackAction: CREATE
  66. SoftwareConfigTransport: POLL_SERVER_HEAT
  67. NeutronTunnelTypes: []
  68. NeutronBridgeMappings: ctlplane:br-ctlplane
  69. NeutronAgentExtensions: []
  70. NeutronFlatNetworks: '*'
  71. NovaSchedulerAvailableFilters: 'tripleo_common.filters.list.tripleo_filters'
  72. NovaSchedulerDefaultFilters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
  73. NovaSchedulerMaxAttempts: 30
  74. # Disable compute auto disabling:
  75. # As part of Pike, nova introduced a change to have the nova-compute
  76. # process automatically disable the nova-compute instance in the case of
  77. # consecutive build failures. This can lead to odd errors when deploying
  78. # the ironic nodes on the undercloud as you end up with a ComputeFilter
  79. # error. This parameter disables this functionality for the undercloud since
  80. # we do not want the nova-compute instance running on the undercloud for
  81. # Ironic to be disabled in the case of multiple deployment failures.
  82. NovaAutoDisabling: '0'
  83. NovaCorsAllowedOrigin: '*'
  84. NovaSyncPowerStateInterval: -1
  85. NeutronDhcpAgentsPerNetwork: 2
  86. HeatConvergenceEngine: true
  87. HeatCorsAllowedOrigin: '*'
  88. HeatMaxNestedStackDepth: 7
  89. HeatMaxResourcesPerStack: -1
  90. HeatMaxJsonBodySize: 4194304
  91. HeatReauthenticationAuthMethod: 'trusts'
  92. HeatYaqlLimitIterators: 10000
  93. # Disable non-lifecycle stack actions like
  94. # snapshot, resume, cancel update and stack check.
  95. HeatApiPolicies:
  96. heat-deny-action:
  97. key: 'actions:action'
  98. value: 'rule:deny_everybody'
  99. IronicCleaningDiskErase: 'metadata'
  100. IronicCorsAllowedOrigin: '*'
  101. IronicDefaultInspectInterface: 'inspector'
  102. IronicDefaultResourceClass: 'baremetal'
  103. IronicEnabledHardwareTypes: ['ipmi', 'redfish', 'idrac', 'ilo']
  104. IronicEnabledBootInterfaces: ['pxe', 'ilo-pxe']
  105. IronicEnabledConsoleInterfaces: ['ipmitool-socat', 'ilo', 'no-console']
  106. IronicEnabledDeployInterfaces: ['iscsi', 'direct', 'ansible']
  107. IronicEnabledInspectInterfaces: ['inspector', 'no-inspect']
  108. IronicEnabledManagementInterfaces: ['ipmitool', 'redfish', 'idrac', 'ilo']
  109. # NOTE(dtantsur): disabling advanced networking as it's not used (or
  110. # configured) in the undercloud
  111. IronicEnabledNetworkInterfaces: ['flat']
  112. IronicEnabledPowerInterfaces: ['ipmitool', 'redfish', 'idrac', 'ilo']
  113. # NOTE(dtantsur): disabling the "agent" RAID as our ramdisk does not contain
  114. # any vendor-specific RAID additions.
  115. IronicEnabledRaidInterfaces: ['no-raid']
  116. # NOTE(dtantsur): we don't use boot-from-cinder on the undercloud
  117. IronicEnabledStorageInterfaces: ['noop']
  118. IronicEnabledVendorInterfaces: ['ipmitool', 'idrac', 'no-vendor']
  119. IronicEnableStagingDrivers: true
  120. IronicCleaningNetwork: 'ctlplane'
  121. IronicForcePowerStateDuringSync: false
  122. IronicInspectorCollectors: default,extra-hardware,numa-topology,logs
  123. IronicInspectorInterface: br-ctlplane
  124. # IronicInspectorSubnets:
  125. # - ip_range: '192.168.24.100,192.168.24.200'
  126. IronicProvisioningNetwork: 'ctlplane'
  127. IronicRescuingNetwork: 'ctlplane'
  128. ZaqarMessageStore: 'swift'
  129. ZaqarManagementStore: 'sqlalchemy'
  130. MistralCorsAllowedOrigin: '*'
  131. MistralExecutionFieldSizeLimit: 16384
  132. MistralExecutorVolumes:
  133. - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
  134. NeutronServicePlugins: router,segments
  135. NeutronMechanismDrivers: ['openvswitch', 'baremetal']
  136. NeutronNetworkVLANRanges: 'physnet1:1000:2999'
  137. NeutronPluginExtensions: 'port_security'
  138. NeutronFirewallDriver: ''
  139. NeutronNetworkType: ['local','flat','vlan','gre','vxlan']
  140. NeutronTunnelIdRanges: '20:100'
  141. NeutronTypeDrivers: ['local','flat','vlan','gre','vxlan']
  142. NeutronVniRanges: '10:100'
  143. NeutronEnableDVR: false
  144. NeutronPortQuota: '-1'
  145. # This allows MTU > 1500 for the overcloud if local_mtu is set to 1500
  146. # See LP#1826729
  147. TenantNetPhysnetMtu: 0
  148. SwiftCorsAllowedOrigin: '*'
  149. SwiftReplicas: 1
  150. SwiftWorkers: 2
  151. SwiftAccountWorkers: 2
  152. SwiftContainerWorkers: 2
  153. SwiftObjectWorkers: 2
  154. # A list of static routes for the control plane network. Ensure traffic to
  155. # nodes on remote control plane networks use the correct network path.
  156. # Example:
  157. # ControlPlaneStaticRoutes:
  158. # - ip_netmask: 192.168.25.0/24
  159. # next_hop: 192.168.24.1
  160. # - ip_netmask: 192.168.26.0/24
  161. # next_hop: 192.168.24.1
  162. ControlPlaneStaticRoutes: []
  163. # A dictionary of Undercloud ctlplane subnets.
  164. # NOTE(hjensas): This should be {} in this environment file, otherwise it may
  165. # results in values set here being merged with the values set in
  166. # undercloud.conf. See Bug: https://bugs.launchpad.net/tripleo/+bug/1820330
  167. # Example:
  168. # UndercloudCtlplaneSubnets:
  169. # ctlplane-subnet:
  170. # NetworkCidr: '192.168.24.0/24'
  171. # NetworkGateway: '192.168.24.1'
  172. # DhcpRangeStart: '192.168.24.5'
  173. # DhcpRangeEnd: '192.168.24.24'
  174. # HostRoutes:
  175. # - {'destination': '10.10.10.0/24', 'nexthop': '192.168.24.254'}
  176. UndercloudCtlplaneSubnets: {}
  177. UndercloudCtlplaneLocalSubnet: 'ctlplane-subnet'
  178. MistralDockerGroup: true
  179. PasswordAuthentication: 'yes'
  180. HeatEngineOptVolumes:
  181. - /usr/lib/heat:/usr/lib/heat:ro
  182. MySQLServerOptions:
  183. mysqld:
  184. connect_timeout: 60
  185. # TODO(emilien) Remove when Keepalived 2.0.6 is out
  186. # https://bugs.launchpad.net/tripleo/+bug/1791238
  187. KeepalivedRestart: true
  188. SshFirewallAllowAll: true
  189. UndercloudExtraConfig:
  190. aodh::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  191. barbican::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  192. ceilometer::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  193. cinder::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  194. congress::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  195. ec2api::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  196. glance::api::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  197. gnocchi::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  198. heat::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  199. heat::cache::memcache_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  200. horizon::cache_server_ip: "%{hiera('memcached::listen_ip_uri')}:11211"
  201. ironic::api::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  202. ironic::inspector::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  203. keystone::cache_memcache_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  204. keystone::cache_backend: "dogpile.cache.memcached"
  205. manila::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  206. mistral::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  207. neutron::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  208. nova::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  209. nova::cache::memcache_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  210. nova::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  211. panko::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  212. sahara::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  213. swift::proxy::authtoken::memcache_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  214. swift::proxy::cache::memcache_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  215. tacker::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  216. zaqar::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"
  217. swift::objectexpirer::memcached_servers: "%{hiera('memcached::listen_ip_uri')}:11211"