Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

434 lines
16 KiB

{#- ## Some variables are set to enable rendering backwards compatible templates #}
{#- ## where a few parameter/resource names don't match the expected pattern #}
{#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
{%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
heat_template_version: wallaby
description: 'OpenStack {{role.name}} node configured by Puppet'
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
UpdateIdentifier:
default: ''
type: string
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
Hostname:
type: string
default: '' # Defaults to Heat created hostname
HostnameMap:
type: json
default: {}
description: Optional mapping to override hostnames
{{role.name}}IPs:
default: {}
type: json
{%- if role.deprecated_param_ips is defined %}
{{role.deprecated_param_ips}}:
default: {}
description: DEPRECATED - use {{role.name}}IPs instead
type: json
{%- endif %}
SoftwareConfigTransport:
default: POLL_SERVER_HEAT
description: |
How the server should receive the metadata required for software configuration.
type: string
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
default: 'localdomain'
type: string
description: >
The DNS domain used for the hosts. This must match the
overcloud_domain_name configured on the undercloud.
{{role.name}}ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API. This option is
role-specific and is merged with the values given to the ServerMetadata
parameter.
type: json
{%- if role.deprecated_param_metadata is defined %}
{{role.deprecated_param_metadata}}:
default: {}
description: DEPRECATED - use {{role.name}}ServerMetadata instead
type: json
{%- endif %}
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API. This applies to
all roles and is merged with a role-specific metadata parameter.
type: json
NodeIndex:
type: number
default: 0
ServiceNames:
type: comma_delimited_list
default: []
MonitoringSubscriptions:
type: comma_delimited_list
default: []
ServiceMetadataSettings:
type: json
default: {}
OVNBridgeMappings:
type: comma_delimited_list
default: []
UpgradeInitCommand:
type: string
description: |
Command or script snippet to run on all overcloud nodes to
initialize the upgrade process. E.g. a repository switch.
default: ''
tags:
- role_specific
UpgradeInitCommonCommand:
type: string
description: |
Common commands required by the upgrades process. This should not
normally be modified by the operator and is set and unset in the
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
DeploymentServerBlacklistDict:
default: {}
type: json
description: >
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
RoleParameters:
type: json
description: Parameters specific to the role
default: {}
{{role.name}}ControlPlaneSubnet:
default: ctlplane-subnet
description: |
Name of the subnet on ctlplane network for this role.
type: string
ControlPlaneSubnetCidr:
default: ''
description: >
The subnet CIDR of the control plane network. (The parameter is
automatically resolved from the ctlplane subnet's cidr attribute.)
type: string
ServerDeletionPolicy:
description: Whether to retain or delete servers on deletion of the stack
type: string
default: delete
constraints:
- allowed_values: [delete, retain]
conditions:
server_blacklisted:
equals:
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- 1
server_not_blacklisted:
not:
equals:
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- 1
ctlplane_fixed_ip_set:
or:
- not:
equals:
- {get_param: [{{role.name}}IPs, 'ctlplane', {get_param: NodeIndex}]}
- ""
{%- if role.deprecated_param_ips %}
- not:
equals:
- {get_param: [{{role.deprecated_param_ips}}, 'ctlplane', {get_param: NodeIndex}]}
- ""
{%- endif %}
- false # NOTE(hjensas): Make sure 'or' get's 2 conditions or more
{%- for network in networks if network.enabled|default(true) and network.name in role.networks|default([]) %}
{{role.name}}_{{network.name}}_fixed_ip_set:
not:
equals:
- {get_param: [{{role.name}}IPs, '{{network.name_lower}}', {get_param: NodeIndex}]}
- ''
{%- endfor %}
resources:
{{server_resource_name}}:
type: OS::TripleO::{{role.name}}Server
deletion_policy: {get_param: ServerDeletionPolicy}
properties:
name:
yaql:
expression: $.data.hostname_map.get($.data.hostname, $.data.hostname).toLower()
data:
hostname: {get_param: Hostname}
hostname_map: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata:
map_merge:
- {get_param: ServerMetadata}
{%- if role.deprecated_param_metadata is defined %}
- {get_param: {{role.deprecated_param_metadata}}}
{%- endif %}
- {get_param: {{role.name}}ServerMetadata}
- {get_param: ServiceMetadataSettings}
{%- for network in networks %}
{%- if network.enabled|default(true) and network.name in role.networks|default([]) %}
{{network.name}}Port:
type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
properties:
PortName:
list_join:
- '_'
- - {get_attr: [{{server_resource_name}}, name]}
- {{network.name}}
DnsName: {get_attr: [{{server_resource_name}}, name]}
# TODO(hjensas): Make network isolation the default, so that we can drop
# using network/ports/noop.yaml as the default and remove this.
ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
FixedIPs:
if:
- {{role.name}}_{{network.name}}_fixed_ip_set
- [{ip_address: {get_param: [{{role.name}}IPs, '{{network.name_lower}}', {get_param: NodeIndex}]}}]
{%- if role.networks is mapping and role.networks.get(network.name) %}
{%- if network.get('service_net_map_replace') == role.networks[network.name].get('subnet').split('_subnet', -1)[0]
and role.networks[network.name].get('subnet').split('_subnet', -1)[0] not in network.get('subnets', {}).keys() %}
- [{subnet: {{network.name_lower + '_subnet'}}}]
{%- else %}
- [{subnet: {{role.networks[network.name].get('subnet', network.name_lower + '_subnet')}}}]
{%- endif %}
{%- else %}
- [{subnet: {{network.name_lower}}_subnet}]
{%- endif %}
# TODO(hjensas): Make network isolation the default, so that we can drop
# using network/ports/noop.yaml as the default and remove this.
ControlPlaneSubnetCidr:
# DeployedServer docs specify 'cidr: 24' in DeployedServerPortMap.
# Support both that, and 'cidr: 192.168.24.0/24'.
yaql:
expression: str("{0}".format($.data).split("/")[-1])
data: {get_attr: [{{server_resource_name}}, addresses, ctlplane, 0, subnets, 0, cidr]}
IPPool:
map_merge:
{%- if role.deprecated_param_ips is defined %}
- {get_param: {{role.deprecated_param_ips}}}
{%- endif %}
- {get_param: {{role.name}}IPs}
NodeIndex: {get_param: NodeIndex}
{%- if role.default_route_networks is defined and network.name in role.default_route_networks %}
DefaultRoute: true
{%- endif %}
Role: {{role.name}}
{%- endif %}
{%- endfor %}
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
properties:
ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
ControlPlaneSubnetCidr:
yaql:
expression: str("{0}".format($.data).split("/")[-1])
data: {get_attr: [{{server_resource_name}}, addresses, ctlplane, 0, subnets, 0, cidr]}
{%- for network in networks %}
{%- if network.enabled|default(true) and network.name in role.networks|default([]) %}
{{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
{{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]}
{%- endif %}
{%- endfor %}
NetHostMap:
type: OS::Heat::Value
properties:
type: json
value:
{%- for network in networks %}
{%- if network.enabled|default(true) and network.name in role.networks|default([]) %}
{{network.name_lower}}:
fqdn:
list_join:
- '.'
- - {get_attr: [{{server_resource_name}}, name]}
- {{network.name.lower()}}
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - {get_attr: [{{server_resource_name}}, name]}
- {{network.name.lower()}}
{%- endif %}
{%- endfor %}
ctlplane:
fqdn:
list_join:
- '.'
- - {get_attr: [{{server_resource_name}}, name]}
- ctlplane
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - {get_attr: [{{server_resource_name}}, name]}
- ctlplane
canonical:
fqdn:
list_join:
- '.'
- - {get_attr: [{{server_resource_name}}, name]}
- {get_param: CloudDomain}
short:
- {get_attr: [{{server_resource_name}}, name]}
PreNetworkConfig:
type: OS::TripleO::{{role.name}}::PreNetworkConfig
condition: server_not_blacklisted
properties:
server: {get_resource: {{server_resource_name}}}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
deployment_actions: {get_attr: [DeploymentActions, value]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
type: OS::TripleO::NodeTLSCAData
properties:
server: {get_resource: {{server_resource_name}}}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
{{role.name}}ExtraConfigPre:
type: OS::TripleO::{{role.name}}ExtraConfigPre
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: {{server_resource_name}}}
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
NodeExtraConfig:
depends_on:
- {{role.name}}ExtraConfigPre
- NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: {{server_resource_name}}}
DeploymentActions:
type: OS::Heat::Value
properties:
value:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
{{server_resource_name}}AnsibleHostVars:
type: OS::Heat::Value
properties:
type: json
value:
{%- for network in networks if network.enabled|default(true) and network.name in role.networks|default([]) %}
fqdn_{{network.name_lower}}: {get_attr: [NetHostMap, value, {{network.name_lower}}, fqdn]}
{%- endfor %}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
fqdn_canonical: {get_attr: [NetHostMap, value, canonical, fqdn]}
hostname_resolve_network: {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}
outputs:
ansible_host_vars_map:
description: |
Map of Ansible variables specific per host.
This map is used to construct the AnsibleHostVarsMap output for the
ansible vars per host in config-download.
value:
map_replace:
- host: {get_attr: [{{server_resource_name}}AnsibleHostVars, value]}
- keys:
host: {get_attr: [{{server_resource_name}}, name]}
ip_address:
description: IP address of the server in the ctlplane network
value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
blacklist_ip_address:
description: IP address of the server if the server is blacklisted, otherwise this output will be an empty string
value:
if:
- server_blacklisted
- {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
- ""
blacklist_hostname:
description: Hostname of the server if the server is blacklisted, otherwise this output will be an empty string
value:
if:
- server_blacklisted
- {get_attr: [{{server_resource_name}}, name]}
- ""
hostname:
description: Hostname of the server
value: {get_attr: [{{server_resource_name}}, name]}
hostname_map:
description: Mapping of network names to hostnames
value:
{%- for network in networks %}
{%- if network.enabled|default(true) and network.name in role.networks|default([]) %}
{{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]}
{%- endif %}
{%- endfor %}
ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
canonical: {get_attr: [NetHostMap, value, canonical, fqdn]}
hosts_entry:
value:
- str_replace:
template: PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
{%- for network in networks %}
{%- if network.enabled|default(true) and network.name in role.networks|default([]) %}
- str_replace:
template: {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST
params:
DOMAIN: {get_param: CloudDomain}
{%- for network in networks %}
{%- if network.enabled|default(true) and network.name in role.networks|default([]) %}
{{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endfor %}
- str_replace:
template: CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
DOMAIN: {get_param: CloudDomain}
CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
nova_server_resource:
description: Heat resource handle for {{role.name}} server
value:
{get_resource: {{server_resource_name}}}
condition: server_not_blacklisted
{%- for network in networks %}
{%- if network.enabled|default(true) and network.name in role.networks|default([]) %}
{{network.name_lower|default(network.name.lower())}}_ip_address:
description: IP address of the server in the {{network.name}} network
value: {get_attr: [{{network.name}}Port, ip_address]}
{%- endif %}
{%- endfor %}