openstack/tripleo-heat-templates
Code Issues Proposed changes
3cf26a7946
tripleo-heat-templates/puppet/controller.yaml
Giulio Fidente ff3924988a Move Redis, Memcached, Sahara, OVS agent out of role templates 
Change-Id: I99784b5cfbb741bfc6d1ce9b77e8acf6cf00e073
Related-Bug: 1604414
2016-08-26 04:07:21 +02:00

677 lines
25 KiB
YAML
Raw Blame History

heat_template_version: 2016-10-14
description: >
OpenStack controller node configured by Puppet.
parameters:
controllerExtraConfig:
default: {}
description: |
Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
type: json
ControllerExtraConfig:
default: {}
description: |
Controller specific hiera configuration data to inject into the cluster.
type: json
ControllerIPs:
default: {}
description: >
A network mapped list of IPs to assign to Controllers in the following form:
{
"internal_api": ["a.b.c.d", "e.f.g.h"],
...
}
type: json
CorosyncIPv6:
default: false
description: Enable IPv6 in Corosync
type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
EnableFencing:
default: false
description: Whether to enable fencing in Pacemaker or not.
type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
type: boolean
ExtraConfig:
default: {}
description: |
Additional hieradata to inject into the cluster, note that
ControllerExtraConfig takes precedence over ExtraConfig.
type: json
FencingConfig:
default: {}
description: |
Pacemaker fencing configuration. The JSON should have
the following structure:
{
"devices": [
{
"agent": "AGENT_NAME",
"host_mac": "HOST_MAC_ADDRESS",
"params": {"PARAM_NAME": "PARAM_VALUE"}
}
]
}
For instance:
{
"devices": [
{
"agent": "fence_xvm",
"host_mac": "52:54:00:aa:bb:cc",
"params": {
"multicast_address": "225.0.0.12",
"port": "baremetal_0",
"manage_fw": true,
"manage_key_file": true,
"key_file": "/etc/fence_xvm.key",
"key_file_password": "abcdef"
}
}
]
}
type: json
OvercloudControlFlavor:
description: Flavor for control nodes to request when deploying.
default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
HorizonSecret:
description: Secret key for Django
type: string
hidden: true
controllerImage:
type: string
default: overcloud-full
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
InstanceNameTemplate:
default: 'instance-%08x'
description: Template string to be used to generate instance names
type: string
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
constraints:
- custom_constraint: nova.keypair
ManageFirewall:
default: false
description: Whether to manage IPtables rules.
type: boolean
MemcachedIPv6:
default: false
description: Enable IPv6 features in Memcached.
type: boolean
PurgeFirewallRules:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
NovaEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Nova database.
type: boolean
NovaIPv6:
default: false
description: Enable IPv6 features in Nova
type: boolean
NovaPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
hidden: true
RedisPassword:
description: The password for Redis
type: string
hidden: true
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
RedisVirtualIPUri:
type: string
default: '' # Has to be here because of the ignored empty value bug
description: An IP address which is wrapped in brackets in case of IPv6
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
UpdateIdentifier:
default: ''
type: string
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
Hostname:
type: string
default: '' # Defaults to Heat created hostname
HostnameMap:
type: json
default: {}
description: Optional mapping to override hostnames
NetworkDeploymentActions:
type: comma_delimited_list
description: >
Heat action when to apply network configuration changes
default: ['CREATE']
NodeIndex:
type: number
default: 0
SoftwareConfigTransport:
default: POLL_SERVER_CFN
description: |
How the server should receive the metadata required for software configuration.
type: string
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
configured in the Undercloud neutron. Defaults to localdomain.
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
ControllerSchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
ServiceConfigSettings:
type: json
default: {}
ServiceNames:
type: comma_delimited_list
default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- controllerExtraConfig
resources:
Controller:
type: OS::TripleO::Server
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
properties:
image: {get_param: controllerImage}
image_update_policy: {get_param: ImageUpdatePolicy}
flavor: {get_param: OvercloudControlFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
user_data: {get_resource: UserData}
name:
str_replace:
template: {get_param: Hostname}
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
scheduler_hints: {get_param: ControllerSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: NodeAdminUserData}
type: multipart
- config: {get_resource: NodeUserData}
type: multipart
# Creates the "heat-admin" user if configured via the environment
# Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeAdminUserData:
type: OS::TripleO::NodeAdminUserData
# For optional operator additional userdata
# Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeUserData:
type: OS::TripleO::NodeUserData
ExternalPort:
type: OS::TripleO::Controller::Ports::ExternalPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
InternalApiPort:
type: OS::TripleO::Controller::Ports::InternalApiPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
StoragePort:
type: OS::TripleO::Controller::Ports::StoragePort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
StorageMgmtPort:
type: OS::TripleO::Controller::Ports::StorageMgmtPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
TenantPort:
type: OS::TripleO::Controller::Ports::TenantPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
ManagementPort:
type: OS::TripleO::Controller::Ports::ManagementPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
properties:
ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
ExternalIp: {get_attr: [ExternalPort, ip_address]}
ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
StorageIp: {get_attr: [StoragePort, ip_address]}
StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
TenantIp: {get_attr: [TenantPort, ip_address]}
TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
ManagementIp: {get_attr: [ManagementPort, ip_address]}
ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
properties:
ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
depends_on: NetworkDeployment
type: OS::TripleO::NodeTLSCAData
properties:
server: {get_resource: Controller}
# Resource for site-specific passing of private keys/certificates
NodeTLSData:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeTLSData
properties:
server: {get_resource: Controller}
NodeIndex: {get_param: NodeIndex}
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: NetworkDeployment
properties:
name: ControllerDeployment
config: {get_resource: ControllerConfig}
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
horizon_secret: {get_param: HorizonSecret}
debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_load_balancer: {get_param: EnableLoadBalancer}
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova_ipv6: {get_param: NovaIPv6}
corosync_ipv6: {get_param: CorosyncIPv6}
memcached_ipv6: {get_param: MemcachedIPv6}
nova_password: {get_param: NovaPassword}
upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
horizon_subnet:
str_replace:
template: "['SUBNET']"
params:
SUBNET:
get_attr:
- NetIpMap
- net_ip_map
- str_replace:
template: "NETWORK_subnet"
params:
NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
redis_vip: {get_param: RedisVirtualIP}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
ControllerConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config:
hiera:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- controller_extraconfig
- extraconfig
- service_configs
- service_names
- controller
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by vip-config
- '"%{::osfamily}"'
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
- cisco_aci_data # Optionally provided by ControllerExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
service_configs:
mapped_data:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
controller_extraconfig:
mapped_data:
map_merge:
- {get_param: controllerExtraConfig}
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
controller:
mapped_data: # data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
# Pacemaker
enable_fencing: {get_input: enable_fencing}
enable_load_balancer: {get_input: enable_load_balancer}
hacluster_pwd: {get_input: pcsd_password}
corosync_ipv6: {get_input: corosync_ipv6}
tripleo::fencing::config: {get_input: fencing_config}
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
# Nova
nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova::use_ipv6: {get_input: nova_ipv6}
nova::api::api_bind_address: {get_input: nova_api_network}
nova::api::metadata_listen: {get_input: nova_metadata_network}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
nova::vncproxy::host: {get_input: nova_api_network}
nova_enable_db_purge: {get_input: nova_enable_db_purge}
# Horizon
apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
apache::ip: {get_input: horizon_network}
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
horizon::bind_address: {get_input: horizon_network}
horizon::keystone_url: {get_input: keystone_auth_uri}
# Redis
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
ControllerExtraConfigPre:
depends_on: ControllerDeployment
type: OS::TripleO::ControllerExtraConfigPre
properties:
server: {get_resource: Controller}
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
NodeExtraConfig:
depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
properties:
server: {get_resource: Controller}
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
server: {get_resource: Controller}
input_values:
update_identifier:
get_param: UpdateIdentifier
outputs:
ip_address:
description: IP address of the server in the ctlplane network
value: {get_attr: [Controller, networks, ctlplane, 0]}
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
internal_api_ip_address:
description: IP address of the server in the internal_api network
value: {get_attr: [InternalApiPort, ip_address]}
storage_ip_address:
description: IP address of the server in the storage network
value: {get_attr: [StoragePort, ip_address]}
storage_mgmt_ip_address:
description: IP address of the server in the storage_mgmt network
value: {get_attr: [StorageMgmtPort, ip_address]}
tenant_ip_address:
description: IP address of the server in the tenant network
value: {get_attr: [TenantPort, ip_address]}
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
hostname:
description: Hostname of the server
value: {get_attr: [Controller, name]}
hosts_entry:
description: >
Server's IP address and hostname in the /etc/hosts format
value:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
PRIMARYHOST: {get_attr: [Controller, name]}
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- management
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
swift_device:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
template:
list_join:
- ','
- ['r1z1-IP:%PORT%/d1']
- repeat:
template: 'r1z1-IP:%PORT%/DEVICE'
for_each:
DEVICE: {get_param: SwiftRawDisks}
params:
IP:
get_attr:
- NetIpMap
- net_ip_map
- str_replace:
template: "NETWORK_uri"
params:
NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
swift_proxy_memcache:
description: Swift proxy-memcache value
value:
str_replace:
template: "IP:11211"
params:
IP:
get_attr:
- NetIpMap
- net_ip_map
- str_replace:
template: "NETWORK_uri"
params:
NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
tls_cert_modulus_md5:
description: MD5 checksum of the TLS Certificate Modulus
value: {get_attr: [NodeTLSData, cert_modulus_md5]}
View Git Blame Copy Permalink