Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

227 lines
8.6KB

  1. heat_template_version: queens
  2. description: >
  3. Configuration of Octavia as-a-service resources in the overcloud.
  4. parameters:
  5. ServiceData:
  6. default: {}
  7. description: Dictionary packing service data
  8. type: json
  9. ServiceNetMap:
  10. default: {}
  11. description: Mapping of service_name -> network name. Typically set
  12. via parameter_defaults in the resource registry. This
  13. mapping overrides those in ServiceNetMapDefaults.
  14. type: json
  15. DefaultPasswords:
  16. default: {}
  17. type: json
  18. RoleName:
  19. default: ''
  20. description: Role name on which the service is applied
  21. type: string
  22. RoleParameters:
  23. default: {}
  24. description: Parameters specific to the role
  25. type: json
  26. EndpointMap:
  27. default: {}
  28. description: Mapping of service endpoint -> protocol. Typically set
  29. via parameter_defaults in the resource registry.
  30. type: json
  31. StackAction:
  32. type: string
  33. description: >
  34. Heat action on performed top-level stack. Note StackUpdateType is
  35. set to UPGRADE when a major-version upgrade is in progress.
  36. constraints:
  37. - allowed_values: ['CREATE', 'UPDATE']
  38. OctaviaPostWorkflowName:
  39. description: Mistral workflow name for octavia configuration steps
  40. once the overcloud is ready.
  41. type: string
  42. default: 'tripleo.octavia_post.v1.octavia_post_deploy'
  43. OctaviaAmphoraImageName:
  44. description: The glance image name used when spawning amphorae. Default
  45. is an empty string which will use the file name as the image
  46. name.
  47. type: string
  48. default: ''
  49. OctaviaAmphoraImageFilename:
  50. description: Filename for the amphora image. Using the default of an empty
  51. string will cause a distro specific default to be used. (e.g.
  52. /usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2
  53. on CentOS and /usr/share/rhosp-director-images/octavia-amphora.qcow2
  54. on Red Hat Enterprise Linux).
  55. type: string
  56. default: ''
  57. OctaviaAmphoraImageTag:
  58. default: 'amphora-image'
  59. description: Glance image tag for identifying the amphora image.
  60. type: string
  61. OctaviaAmphoraSshKeyName:
  62. type: string
  63. default: 'octavia-ssh-key'
  64. description: SSH key name.
  65. OctaviaAmphoraSshKeyFile:
  66. type: string
  67. default: ''
  68. description: Public key file path. User will be able to SSH into amphorae
  69. with the provided key. User may, in most cases, also elevate to root
  70. from user 'centos' (CentOS), 'ubuntu' (Ubuntu) or 'cloud-user' (RHEL)
  71. (depends on how amphora image was created). Logging in to amphorae
  72. provides a convenient way to e.g. debug load balancing services.
  73. NovaEnableRbdBackend:
  74. default: false
  75. description: Whether to enable the Rbd backend for Nova ephemeral storage.
  76. type: boolean
  77. tags:
  78. - role_specific
  79. OctaviaControlNetwork:
  80. description: The name for the neutron network used for the amphora
  81. control network
  82. type: string
  83. default: 'lb-mgmt-net'
  84. OctaviaControlSubnet:
  85. description: The name for the neutron subnet used for the amphora
  86. control network
  87. type: string
  88. default: 'lb-mgmt-subnet'
  89. OctaviaControlSecurityGroup:
  90. description: The name for the neutron security group used to
  91. control access on the amphora control network
  92. type: string
  93. default: 'lb-mgmt-sec-group'
  94. OctaviaControlSubnetCidr:
  95. description: Subnet for amphora control subnet in CIDR form.
  96. type: string
  97. default: '192.168.199.0/24'
  98. OctaviaControlSubnetGateway:
  99. description: IP address for control network gateway
  100. type: string
  101. default: '192.168.199.1'
  102. OctaviaControlSubnetPoolStart:
  103. description: First address in amphora control subnet address
  104. pool.
  105. type: string
  106. default: '192.168.199.50'
  107. OctaviaControlSubnetPoolEnd:
  108. description: First address in amphora control subnet address
  109. pool.
  110. type: string
  111. default: '192.168.199.200'
  112. OctaviaCaCertFile:
  113. type: string
  114. default: '/etc/octavia/certs/ca_01.pem'
  115. description: Octavia CA certificate file path.
  116. OctaviaCaKeyFile:
  117. type: string
  118. default: '/etc/octavia/certs/private/cakey.pem'
  119. description: Octavia CA private key file path.
  120. OctaviaServerCertsKeyPassphrase:
  121. constraints:
  122. - length: { min: 32, max: 32}
  123. description: Passphrase for encrypting Amphora Certificates and
  124. Private Keys. Must be exactly 32 characters.
  125. type: string
  126. hidden: true
  127. OctaviaCaKeyPassphrase:
  128. description: CA private key passphrase.
  129. type: string
  130. hidden: true
  131. OctaviaClientCertFile:
  132. default: '/etc/octavia/certs/client.pem'
  133. description: client certificate for amphoras
  134. type: string
  135. OctaviaGenerateCerts:
  136. type: boolean
  137. default: false
  138. description: Enable internal generation of certificates for secure
  139. communication with amphorae for isolated private clouds or
  140. systems where security is not a concern. Otherwise, use
  141. OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase,
  142. OctaviaClientCert and OctaviaServerCertsKeyPassphrase
  143. to configure Octavia.
  144. OctaviaMgmtPortDevName:
  145. type: string
  146. default: "o-hm0"
  147. description: Name of the octavia management network interface using
  148. for communication between octavia worker/health-manager
  149. with the amphora machine.
  150. AdminPassword:
  151. description: The password for the keystone admin account, used for monitoring, querying neutron etc.
  152. type: string
  153. hidden: true
  154. OctaviaUserName:
  155. description: The username for the Octavia database and keystone accounts.
  156. type: string
  157. default: 'octavia'
  158. OctaviaPassword:
  159. description: The password for the Octavia database and keystone accounts.
  160. type: string
  161. hidden: true
  162. OctaviaProjectName:
  163. description: The project name for the keystone Octavia account.
  164. type: string
  165. default: 'service'
  166. generate_certs:
  167. and:
  168. - get_param: OctaviaGenerateCerts
  169. - equals:
  170. - get_param: StackAction
  171. - CREATE
  172. resources:
  173. default_key_pair:
  174. type: OS::Nova::KeyPair
  175. external_id: default
  176. outputs:
  177. role_data:
  178. description: Role data for the Octavia configuration service
  179. value:
  180. service_name: octavia_deployment_config
  181. upgrade_tasks: []
  182. puppet_config:
  183. config_image: ''
  184. config_volume: ''
  185. step_config: ''
  186. docker_config: {}
  187. config_settings: {}
  188. workflow_tasks:
  189. step5:
  190. - name: octavia_post_workflow
  191. workflow: { get_param: OctaviaPostWorkflowName }
  192. input:
  193. amp_image_name: { get_param: OctaviaAmphoraImageName }
  194. amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
  195. amp_image_tag: { get_param: OctaviaAmphoraImageTag }
  196. amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
  197. amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
  198. amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
  199. amp_to_raw: { get_param: NovaEnableRbdBackend }
  200. auth_username: { get_param: OctaviaUserName }
  201. auth_password: { get_param: OctaviaPassword }
  202. auth_project_name: { get_param: OctaviaProjectName }
  203. lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
  204. lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
  205. lb_sec_group_name: { get_param: OctaviaControlSubnet }
  206. lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
  207. lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
  208. lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
  209. lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
  210. ca_cert_path: { get_param: OctaviaCaCertFile }
  211. ca_private_key_path: { get_param: OctaviaCaKeyFile }
  212. ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
  213. client_cert_path: { get_param: OctaviaClientCertFile }
  214. generate_certs: {if: [generate_certs, true, false]}
  215. mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
  216. overcloud_password: { get_param: AdminPassword }
  217. overcloud_project: 'admin'
  218. overcloud_admin: 'admin'
  219. octavia_ansible_playbook: '/usr/share/tripleo-common/playbooks/octavia-files.yaml'
  220. overcloud_pub_auth_uri: { get_param: [EndpointMap, KeystoneV3Public, uri] }
  221. overcloud_int_auth_uri: { get_param: [EndpointMap, KeystoneInternal, uri] }