openstack/tripleo-heat-templates
Code Issues Proposed changes
3e879e6faa
tripleo-heat-templates/undercloud-source.yaml
Derek Higgins f5c903c896 Reuse the undercloud service passwords as db passwords. 
We need to stop using "unset" as the password for all databases. Ideally we
would add a "XxxxDSN" parameter (e.g. KeystoneDSN) but to remain consistent
with the overcloud for now we reuse the service passwords

Change-Id: I35c4fa3478eea92f81aa381fd2ab5fac5aae849f
2015-05-05 13:59:14 +01:00

413 lines
13 KiB
YAML
Raw Blame History

description: All-in-one baremetal OpenStack and all dependencies.
heat_template_version: 2013-05-23
parameters:
AdminPassword:
default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
AdminToken:
default: unset
description: The keystone auth secret.
type: string
hidden: true
BaremetalArch:
default: i386
description: The architecture to use in Nova-BM - i386 or amd64.
type: string
CeilometerMeteringSecret:
default: unset
description: Secret shared by the ceilometer services.
type: string
hidden: true
CeilometerPassword:
default: unset
description: The password for the ceilometer service account.
type: string
hidden: true
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
DefaultSignalTransport:
default: CFN_SIGNAL
description: Transport to use for software-config signals.
type: string
constraints:
- allowed_values: [ CFN_SIGNAL, HEAT_SIGNAL, NO_SIGNAL ]
ExtraConfig:
default: {}
description: |
Additional configuration to inject into the cluster. The JSON should have
the following structure:
{"FILEKEY":
{"config:
[{"section": "SECTIONNAME",
"values":
[{"option": "OPTIONNAME",
"value": "VALUENAME"
}
]
}
]
}
}
For instance:
{"nova":
{"config":
[{"section": "default",
"values":
[{"option": "compute_manager",
"value": "ironic.nova.compute.manager.ClusterComputeManager"
}
]
},
{"section": "cells",
"values":
[{"option": "driver",
"value": "nova.cells.rpc_driver.CellsRPCDriver"
}
]
}
]
}
}
type: json
Flavor:
description: Flavor to request when deploying.
type: string
constraints:
- custom_constraint: nova.flavor
GlanceLogFile:
description: The filepath of the file to use for logging messages from Glance.
type: string
default: ''
GlancePassword:
default: unset
description: The password for the glance service account, used by the glance services.
type: string
hidden: true
GlancePort:
default: 9292
description: Glance port.
type: string
GlanceProtocol:
default: http
description: Protocol to use when connecting to glance, set to https for SSL.
type: string
GlanceNotifierStrategy:
description: Strategy to use for Glance notification queue
type: string
default: noop
KeyName:
default: default
description: Name of an existing EC2 KeyPair to enable SSH access to the instances
type: string
KeystoneCACertificate:
default: ''
description: Keystone self-signed certificate authority certificate.
type: string
KeystoneSigningCertificate:
default: ''
description: Keystone certificate for verifying token validity.
type: string
KeystoneSigningKey:
default: ''
description: Keystone key for signing tokens.
type: string
hidden: true
KeystoneSSLCertificate:
default: ''
description: Keystone certificate for verifying token validity.
type: string
KeystoneSSLCertificateKey:
default: ''
description: Keystone key for signing tokens.
type: string
hidden: true
HeatPassword:
default: unset
description: The password for the Heat service account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
description: Password for heat_domain_admin user.
type: string
default: ''
hidden: true
ImageUpdatePolicy:
default: REBUILD_PRESERVE_EPHEMERAL
description: What policy to use when reconstructing instances. REBUILD for rebuilds,
REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
MysqlInnodbBufferPoolSize:
description: >
Specifies the size of the buffer pool in megabytes. Setting to
zero should be interpreted as "no value" and will defer to the
lower level default.
type: number
default: 0
NeutronPassword:
default: unset
description: The password for the neutron service account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterfaceDefaultRoute:
default: ''
description: A custom default route for the NeutronPublicInterface.
type: string
NeutronPublicInterfaceIP:
default: ''
description: >
A custom IP address to put onto the NeutronPublicInterface bridge.
See also NeutronPublicInterfaceTagIP for adding a VLAN tagging IP.
NeutronPublicInterfaceIP is deprecated in the context of deploying
underclouds - its only needed for the seed bootstrap process.
type: string
NeutronPublicInterfaceRawDevice:
default: ''
description: If set, the public interface is a vlan with this device as the raw device.
type: string
NeutronPublicInterfaceTag:
default: ''
description: >
VLAN tag for creating a public VLAN. The tag will be used to
create an access port on the exterior bridge, and that port will be
given the IP address returned by neutron from the public network.
type: string
NovaPassword:
default: unset
description: The password for the nova service account, used by nova-api.
type: string
hidden: true
NeutronDVR:
default: 'False'
type: string
NtpServer:
type: string
default: ''
RabbitCookieSalt:
type: string
default: unset
description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
RabbitUserName:
default: guest
description: The username for RabbitMQ
type: string
RabbitPassword:
default: guest
description: The password for RabbitMQ
type: string
hidden: true
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserPassword:
default: unset
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
undercloudImage:
default: undercloud
type: string
resources:
RabbitCookie:
type: OS::Heat::RandomString
properties:
length: 20
salt:
get_param: RabbitCookieSalt
MysqlRootPassword:
type: OS::Heat::RandomString
properties:
length: 10
undercloudConfig:
type: OS::Heat::StructuredConfig
properties:
config:
completion-signal: {get_input: deploy_signal_id}
admin-password:
get_param: AdminPassword
admin-token:
get_param: AdminToken
bootstrap_host:
bootstrap_nodeid:
Fn::Select:
- 0
- Fn::Select:
- 0
- Merge::Map:
undercloud:
- get_attr:
- undercloud
- name
nodeid: {get_input: bootstack_nodeid}
bootstack:
public_interface_ip:
get_param: NeutronPublicInterfaceIP
controller-address:
get_input: controller_host
corosync:
bindnetaddr: {get_input: controller_host}
mcastport: 5577
nodes:
Merge::Map:
controller0:
ip: {get_attr: [undercloud, networks, ctlplane, 0]}
pacemaker:
stonith_enabled : false
recheck_interval : 5
quorum_policy : ignore
ceilometer:
db: {list_join: ['', ['mysql://ceilometer:', {get_param: CeilometerPassword}, '@localhost/ceilometer']]}
debug: {get_param: Debug}
metering_secret: {get_param: CeilometerMeteringSecret}
snmpd_readonly_user_name:
get_param: SnmpdReadonlyUserName
snmpd_readonly_user_password:
get_param: SnmpdReadonlyUserPassword
service-password:
get_param: CeilometerPassword
db-password: unset
glance:
backend: file
db: {list_join: ['', ['mysql://glance:', {get_param: GlancePassword}, '@localhost/glance']]}
debug: {get_param: Debug}
host: 127.0.0.1
port:
get_param: GlancePort
protocol:
get_param: GlanceProtocol
service-password:
get_param: GlancePassword
notifier-strategy:
get_param: GlanceNotifierStrategy
log-file:
get_param: GlanceLogFile
heat:
admin_password:
get_param: HeatPassword
admin_tenant_name: service
admin_user: heat
auth_encryption_key: unset___________
db: {list_join: ['', ['mysql://heat:', {get_param: HeatPassword}, '@localhost/heat']]}
debug: {get_param: Debug}
stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
watch_server_url: {get_input: heat.watch_server_url}
metadata_server_url: {get_input: heat.metadata_server_url}
waitcondition_server_url: {get_input: heat.waitcondition_server_url}
keystone:
db: {list_join: ['', ['mysql://keystone:', {get_param: AdminToken}, '@localhost/keystone']]}
debug: {get_param: Debug}
host: 127.0.0.1
ca_certificate: {get_param: KeystoneCACertificate}
signing_key: {get_param: KeystoneSigningKey}
signing_certificate: {get_param: KeystoneSigningCertificate}
ssl:
certificate: {get_param: KeystoneSSLCertificate}
certificate_key: {get_param: KeystoneSSLCertificateKey}
mysql:
innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
root-password: {get_resource: MysqlRootPassword}
bind_address: 127.0.0.1
neutron:
debug: {get_param: Debug}
host: 127.0.0.1
ovs_db: {list_join: ['', ['mysql://neutron:', {get_param: NeutronPassword}, '@localhost/ovs_neutron?charset=utf8']]}
ovs:
local_ip:
get_input: controller_host
public_interface:
get_param: NeutronPublicInterface
public_interface_raw_device:
get_param: NeutronPublicInterfaceRawDevice
public_interface_route:
get_param: NeutronPublicInterfaceDefaultRoute
public_interface_tag:
get_param: NeutronPublicInterfaceTag
physical_bridge: br-ctlplane
physical_network: ctlplane
network_vlan_ranges: ctlplane
bridge_mappings: ctlplane:br-ctlplane
tenant_network_type: vlan
enable_tunneling: 'False'
service-password:
get_param: NeutronPassword
rabbit:
host: 127.0.0.1
username:
get_param: RabbitUserName
password:
get_param: RabbitPassword
cookie:
get_attr:
- RabbitCookie
- value
ntp:
servers:
- {server: {get_param: NtpServer}}
undercloudPassthroughConfig:
type: OS::Heat::StructuredConfig
properties:
config: {get_input: passthrough_config}
undercloud:
type: OS::Nova::Server
properties:
image:
get_param: undercloudImage
flavor:
get_param: Flavor
key_name:
get_param: KeyName
image_update_policy:
get_param: ImageUpdatePolicy
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
undercloudDeployment:
depends_on: [undercloudPassthroughDeployment]
type: OS::Heat::StructuredDeployment
properties:
config: {get_resource: undercloudConfig}
server: {get_resource: undercloud}
signal_transport: {get_param: DefaultSignalTransport}
input_values:
bootstack_nodeid:
get_attr:
- undercloud
- name
controller_host:
get_attr:
- undercloud
- networks
- ctlplane
- 0
heat.watch_server_url:
Fn::Join:
- ''
- - 'http://'
- get_attr: [undercloud, networks, ctlplane, 0]
- ':8003'
heat.metadata_server_url:
Fn::Join:
- ''
- - 'http://'
- {get_attr: [undercloud, networks, ctlplane, 0]}
- ':8000'
heat.waitcondition_server_url:
Fn::Join:
- ''
- - 'http://'
- {get_attr: [undercloud, networks, ctlplane, 0]}
- ':8000/v1/waitcondition'
undercloudPassthroughDeployment:
depends_on: [undercloudNovaDeployment]
type: OS::Heat::StructuredDeployment
properties:
config: {get_resource: undercloudPassthroughConfig}
server: {get_resource: undercloud}
signal_transport: NO_SIGNAL
input_values:
passthrough_config: {get_param: ExtraConfig}
View Git Blame Copy Permalink