openstack/tripleo-heat-templates
Code Issues Proposed changes
63fde6c98b
tripleo-heat-templates/controller.yaml
Dan Prince ffd071417f Keystone network isolation fixes 
This patch adds explicit nested stack parameters to
help manage use of the Keystone Admin API vs. the
Keystone Public API.

We also add a new output parameter specifically for the Keystone admin
API VIP. This can be useful when configuring keystone endpoints
with network isolation.

Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
2015-09-05 07:29:13 -04:00

1168 lines
40 KiB
YAML
Raw Blame History

heat_template_version: 2015-04-30
description: >
OpenStack control plane node. Can be wrapped in a ResourceGroup for scaling.
parameters:
AdminPassword:
default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
AdminToken:
default: unset
description: The keystone auth secret and db password.
type: string
hidden: true
CeilometerBackend:
default: 'mongodb'
description: The ceilometer backend type.
type: string
CeilometerMeteringSecret:
default: unset
description: Secret shared by the ceilometer services.
type: string
hidden: true
CeilometerPassword:
default: unset
description: The password for the ceilometer service and db account.
type: string
hidden: true
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
type: boolean
CinderEnableIscsiBackend:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CinderISCSIHelper:
default: tgtadm
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
default: 5000
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderNfsMountOptions:
default: ''
description: >
Mount options for NFS mounts used by Cinder NFS backend. Effective
when CinderEnableNfsBackend is true.
type: string
CinderNfsServers:
default: ''
description: >
NFS servers used by Cinder NFS backend. Effective when
CinderEnableNfsBackend is true.
type: comma_delimited_list
CinderPassword:
default: unset
description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
CloudName:
default: ''
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
type: string
ControllerExtraConfig:
default: {}
description: |
Controller specific configuration to inject into the cluster. Same
structure as ExtraConfig.
type: json
ControlVirtualInterface:
default: 'br-ex'
description: Interface where virtual ip will be assigned.
type: string
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
EnableFencing:
default: false
description: Whether to enable fencing in Pacemaker or not.
type: boolean
EnableGalera:
default: true
description: Whether to use Galera instead of regular MariaDB.
type: boolean
EnableCephStorage:
default: false
description: Whether to deploy Ceph Storage (OSD) on the Controller
type: boolean
EnableSwiftStorage:
default: true
description: Whether to enable Swift Storage on the Controller
type: boolean
ExtraConfig:
default: {}
description: |
Additional configuration to inject into the cluster. The JSON should have
the following structure:
{"FILEKEY":
{"config":
[{"section": "SECTIONNAME",
"values":
[{"option": "OPTIONNAME",
"value": "VALUENAME"
}
]
}
]
}
}
For instance:
{"nova":
{"config":
[{"section": "default",
"values":
[{"option": "compute_manager",
"value": "ironic.nova.compute.manager.ClusterComputeManager"
}
]
},
{"section": "cells",
"values":
[{"option": "driver",
"value": "nova.cells.rpc_driver.CellsRPCDriver"
}
]
}
]
}
}
type: json
FencingConfig:
default: {}
description: |
Pacemaker fencing configuration. The JSON should have
the following structure:
{
"devices": [
{
"agent": "AGENT_NAME",
"host_mac": "HOST_MAC_ADDRESS",
"params": {"PARAM_NAME": "PARAM_VALUE"}
}
]
}
For instance:
{
"devices": [
{
"agent": "fence_xvm",
"host_mac": "52:54:00:aa:bb:cc",
"params": {
"multicast_address": "225.0.0.12",
"port": "baremetal_0",
"manage_fw": true,
"manage_key_file": true,
"key_file": "/etc/fence_xvm.key",
"key_file_password": "abcdef"
}
}
]
}
type: json
Flavor:
description: Flavor for control nodes to request when deploying.
type: string
constraints:
- custom_constraint: nova.flavor
GlanceNotifierStrategy:
description: Strategy to use for Glance notification queue
type: string
default: noop
GlanceLogFile:
description: The filepath of the file to use for logging messages from Glance.
type: string
default: ''
GlancePassword:
default: unset
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlancePort:
default: "9292"
description: Glance port.
type: string
GlanceProtocol:
default: http
description: Protocol to use when connecting to glance, set to https for SSL.
type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
of swift, rbd, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
HeatPassword:
default: unset
description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
description: Password for heat_domain_admin user.
type: string
default: ''
hidden: true
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
HorizonSecret:
description: Secret key for Django
type: string
Image:
type: string
default: overcloud-control
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
KeyName:
default: default
description: Name of an existing EC2 KeyPair to enable SSH access to the instances
type: string
constraints:
- custom_constraint: nova.keypair
KeystoneCACertificate:
default: ''
description: Keystone self-signed certificate authority certificate.
type: string
KeystoneSigningCertificate:
default: ''
description: Keystone certificate for verifying token validity.
type: string
KeystoneSigningKey:
default: ''
description: Keystone key for signing tokens.
type: string
hidden: true
KeystoneSSLCertificate:
default: ''
description: Keystone certificate for verifying token validity.
type: string
KeystoneSSLCertificateKey:
default: ''
description: Keystone key for signing tokens.
type: string
hidden: true
KeystoneNotificationDriver:
description: Comma-separated list of Oslo notification drivers used by Keystone
default: ['messaging']
type: comma_delimited_list
KeystoneNotificationFormat:
description: The Keystone notification format
default: 'basic'
type: string
constraints:
- allowed_values: [ 'basic', 'cadf' ]
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
default: 'unset' # Has to be here because of the ignored empty value bug
# Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
# constraints:
# - length: {min: 4, max: 10}
MysqlInnodbBufferPoolSize:
description: >
Specifies the size of the buffer pool in megabytes. Setting to
zero should be interpreted as "no value" and will defer to the
lower level default.
type: number
default: 0
MysqlMaxConnections:
description: Configures MySQL max_connections config setting
type: number
default: 4096
MysqlRootPassword:
type: string
hidden: true
default: '' # Has to be here because of the ignored empty value bug
NeutronExternalNetworkBridge:
description: Name of bridge used for external network traffic.
type: string
default: 'br-ex'
NeutronBridgeMappings:
description: >
The OVS logical->physical bridge mappings to use. See the Neutron
documentation for details. Defaults to mapping br-ex - the external
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
scripts or be sure to keep 'datacentre' as a mapping network name.
type: string
default: "datacentre:br-ex"
NeutronDnsmasqOptions:
default: 'dhcp-option-force=26,1400'
description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
type: string
NeutronAgentMode:
default: 'dvr_snat'
description: Agent mode for the neutron-l3-agent on the controller hosts
type: string
NeutronDVR:
default: 'False'
description: Whether to configure Neutron Distributed Virtual Routers
type: string
NeutronMetadataProxySharedSecret:
default: 'unset'
description: Shared secret to prevent spoofing
type: string
NeutronMechanismDrivers:
default: 'openvswitch'
description: |
The mechanism drivers for the Neutron tenant network. To specify multiple
values, use a comma separated string, like so: 'openvswitch,l2_population'
type: string
NeutronAllowL3AgentFailover:
default: 'True'
description: Allow automatic l3-agent failover
type: string
NeutronL3HA:
default: 'False'
description: Whether to enable l3-agent HA
type: string
NeutronDhcpAgentsPerNetwork:
type: number
default: 3
description: The number of neutron dhcp agents to schedule per network
NeutronEnableTunnelling:
type: string
default: "True"
NeutronFlatNetworks:
type: string
default: 'datacentre'
description: If set, flat networks to configure in neutron plugins.
NeutronNetworkType:
default: 'gre'
description: The tenant network type for Neutron, either gre or vxlan.
type: string
NeutronNetworkVLANRanges:
default: 'datacentre'
description: >
The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
Neutron documentation for permitted values. Defaults to permitting any
VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
type: comma_delimited_list
NeutronPassword:
default: unset
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
NeutronPublicInterfaceTag:
default: ''
description: >
VLAN tag for creating a public VLAN. The tag will be used to
create an access port on the exterior bridge for each control plane node,
and that port will be given the IP address returned by neutron from the
public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling
overcloud.yaml to include the deployment of VLAN ports to the control
plane.
type: string
NeutronPublicInterfaceDefaultRoute:
default: ''
description: A custom default route for the NeutronPublicInterface.
type: string
NeutronPublicInterfaceIP:
default: ''
description: A custom IP address to put onto the NeutronPublicInterface.
type: string
NeutronPublicInterfaceRawDevice:
default: ''
description: If set, the public interface is a vlan with this device as the raw device.
type: string
NeutronTunnelTypes:
default: 'gre'
description: |
The tunnel types for the Neutron tenant network. To specify multiple
values, use a comma separated string, like so: 'gre,vxlan'
type: string
NeutronTunnelIdRanges:
description: |
Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
of GRE tunnel IDs that are available for tenant network allocation
default: ["1:1000", ]
type: comma_delimited_list
NeutronVniRanges:
description: |
Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
of VXLAN VNI IDs that are available for tenant network allocation
default: ["1:1000", ]
type: comma_delimited_list
NovaPassword:
default: unset
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
MongoDbNoJournal:
default: false
description: Should MongoDb journaling be disabled
type: boolean
NtpServer:
type: string
default: ''
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
PublicVirtualInterface:
default: 'br-ex'
description: >
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
PublicVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
RabbitCookie:
type: string
default: '' # Has to be here because of the ignored empty value bug
hidden: true
RabbitPassword:
default: guest
description: The password for RabbitMQ
type: string
hidden: true
RabbitUserName:
default: guest
description: The username for RabbitMQ
type: string
RabbitClientUseSSL:
default: false
description: >
Rabbit client subscriber parameter to specify
an SSL connection to the RabbitMQ host.
type: string
RabbitClientPort:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserPassword:
default: unset
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
SSLCACertificate:
default: ''
description: If set, the contents of an SSL certificate authority file.
type: string
SSLCertificate:
default: ''
description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
type: string
hidden: true
SSLKey:
default: ''
description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
type: string
hidden: true
SwiftHashSuffix:
default: unset
description: A random string to be used as a salt when hashing to determine mappings
in the ring.
hidden: true
type: string
SwiftMountCheck:
default: 'false'
description: Value of mount_check in Swift account/container/object -server.conf
type: boolean
SwiftMinPartHours:
type: number
default: 1
description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
SwiftPartPower:
default: 10
description: Partition Power to use when building Swift rings
type: number
SwiftPassword:
default: unset
description: The password for the swift service account, used by the swift proxy
services.
hidden: true
type: string
SwiftReplicas:
type: number
default: 3
description: How many replicas to use in the swift rings.
VirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
HeatApiVirtualIP:
type: string
default: ''
GlanceApiVirtualIP:
type: string
default: ''
MysqlVirtualIP:
type: string
default: ''
KeystoneAdminApiVirtualIP:
type: string
default: ''
KeystonePublicApiVirtualIP:
type: string
default: ''
NeutronApiVirtualIP:
type: string
default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
UpdateIdentifier:
default: ''
type: string
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
Hostname:
type: string
default: '' # Defaults to Heat created hostname
resources:
Controller:
type: OS::Nova::Server
properties:
image: {get_param: Image}
image_update_policy: {get_param: ImageUpdatePolicy}
flavor: {get_param: Flavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
user_data: {get_resource: NodeUserData}
name: {get_param: Hostname}
NodeUserData:
type: OS::TripleO::NodeUserData
ExternalPort:
type: OS::TripleO::Controller::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
InternalApiPort:
type: OS::TripleO::Controller::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
StoragePort:
type: OS::TripleO::Controller::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
StorageMgmtPort:
type: OS::TripleO::Controller::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
TenantPort:
type: OS::TripleO::Controller::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
properties:
ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
properties:
signal_transport: NO_SIGNAL
config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
ControllerPassthroughConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config: {get_input: passthrough_config}
ControllerPassthroughConfigSpecific:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config: {get_input: passthrough_config_specific}
ControllerConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config:
admin-password: {get_input: admin_password}
admin-token: {get_input: admin_token}
bootstack:
public_interface_ip: {get_input: neutron_public_interface_ip}
bootstrap_host:
nodeid: {get_input: bootstack_nodeid}
cinder:
db: {get_input: cinder_dsn}
debug: {get_input: debug}
volume_size_mb: {get_input: cinder_lvm_loop_device_size}
service-password: {get_input: cinder_password}
iscsi-helper: {get_input: CinderISCSIHelper}
controller-address: {get_input: controller_host}
corosync:
bindnetaddr: {get_input: controller_host}
mcastport: 5577
pacemaker:
stonith_enabled : false
recheck_interval : 5
quorum_policy : ignore
db-password: unset
glance:
registry:
host: {get_input: controller_virtual_ip}
backend: swift
db: {get_input: glance_dsn}
debug: {get_input: debug}
host: {get_input: controller_virtual_ip}
port: {get_input: glance_port}
protocol: {get_input: glance_protocol}
service-password: {get_input: glance_password}
swift-store-user: service:glance
swift-store-key: {get_input: glance_password}
notifier-strategy: {get_input: glance_notifier_strategy}
log-file: {get_input: glance_log_file}
heat:
admin_password: {get_input: heat_password}
admin_tenant_name: service
admin_user: heat
auth_encryption_key: {get_input: heat_auth_encryption_key}
db: {get_input: heat_dsn}
debug: {get_input: debug}
stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
watch_server_url: {get_input: heat.watch_server_url}
metadata_server_url: {get_input: heat.metadata_server_url}
waitcondition_server_url: {get_input: heat.waitcondition_server_url}
keystone:
db: {get_input: keystone_dsn}
debug: {get_input: debug}
host: {get_input: controller_virtual_ip}
ca_certificate: {get_input: keystone_ca_certificate}
signing_key: {get_input: keystone_signing_key}
signing_certificate: {get_input: keystone_signing_certificate}
ssl:
certificate: {get_input: keystone_ssl_certificate}
certificate_key: {get_input: keystone_ssl_certificate_key}
mysql:
innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
local_bind: true
root-password: {get_input: mysql_root_password}
cluster_name: {get_input: mysql_cluster_name}
neutron:
debug: {get_input: debug}
flat-networks: {get_input: neutron_flat_networks}
host: {get_input: controller_virtual_ip}
metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
agent_mode: {get_input: neutron_agent_mode}
router_distributed: {get_input: neutron_router_distributed}
mechanism_drivers: {get_input: neutron_mechanism_drivers}
allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
l3_ha: {get_input: neutron_l3_ha}
dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
ovs:
enable_tunneling: {get_input: neutron_enable_tunneling}
local_ip: {get_input: controller_host}
network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
bridge_mappings: {get_input: neutron_bridge_mappings}
public_interface: {get_input: neutron_public_interface}
public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
public_interface_route: {get_input: neutron_public_interface_default_route}
public_interface_tag: {get_input: neutron_public_interface_tag}
physical_bridge: br-ex
tenant_network_type: {get_input: neutron_tenant_network_type}
tunnel_types: {get_input: neutron_tunnel_types}
tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
vni_ranges: {get_input: neutron_vni_ranges}
ovs_db: {get_input: neutron_dsn}
service-password: {get_input: neutron_password}
dnsmasq-options: {get_input: neutron_dnsmasq_options}
ceilometer:
db: {get_input: ceilometer_dsn}
debug: {get_input: debug}
metering_secret: {get_input: ceilometer_metering_secret}
service-password: {get_input: ceilometer_password}
snmpd:
export_MIB: UCD-SNMP-MIB
readonly_user_name: {get_input: snmpd_readonly_user_name}
readonly_user_password: {get_input: snmpd_readonly_user_password}
nova:
compute_driver: libvirt.LibvirtDriver
db: {get_input: nova_dsn}
default_floating_pool:
ext-net
host: {get_input: controller_virtual_ip}
metadata-proxy: true
service-password: {get_input: nova_password}
mongodb:
nojournal: {get_input: mongodb_no_journal}
rabbit:
host: {get_input: controller_virtual_ip}
username: {get_input: rabbit_username}
password: {get_input: rabbit_password}
cookie: {get_input: rabbit_cookie}
rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl}
rabbit_port: {get_input: rabbit_client_port}
ntp:
servers:
- {server: {get_input: ntp_server}}
virtual_interfaces:
instances:
- vrrp_instance_name: VI_CONTROL
virtual_router_id: 51
keepalive_interface: {get_input: control_virtual_interface}
priority: 101
virtual_ips:
- ip: {get_input: controller_virtual_ip}
interface: {get_input: control_virtual_interface}
- vrrp_instance_name: VI_PUBLIC
virtual_router_id: 52
keepalive_interface: {get_input: public_virtual_interface}
priority: 101
virtual_ips:
- ip: {get_input: public_virtual_ip}
interface: {get_input: public_virtual_interface}
vrrp_sync_groups:
- name: VG1
members:
- VI_CONTROL
- VI_PUBLIC
keepalived:
keepalive_interface: {get_input: public_virtual_interface}
priority: 101
virtual_ips:
-
ip: {get_input: controller_virtual_ip}
interface: {get_input: control_virtual_interface}
-
ip: {get_input: public_virtual_ip}
interface: {get_input: public_virtual_interface}
haproxy:
net_binds:
- ip: {get_input: controller_virtual_ip}
options:
- option httpchk GET /
services:
- name: keystone_admin
port: 35357
net_binds: &public_binds
- ip: {get_input: controller_virtual_ip}
- ip: {get_input: public_virtual_ip}
- name: keystone_public
port: 5000
net_binds: *public_binds
- name: horizon
port: 80
net_binds: *public_binds
- name: neutron
port: 9696
net_binds: *public_binds
- name: cinder
port: 8776
net_binds: *public_binds
- name: glance_api
port: 9292
net_binds: *public_binds
- name: glance_registry
port: 9191
net_binds: *public_binds
options: # overwrite options as glace_reg needs auth for http req
- name: heat_api
port: 8004
net_binds: *public_binds
- name: heat_cloudwatch
port: 8003
net_binds: *public_binds
- name: heat_cfn
port: 8000
net_binds: *public_binds
- name: mysql
port: 3306
extra_server_params:
- backup
options:
- timeout client 0
- timeout server 0
- name: nova_ec2
port: 8773
- name: nova_osapi
port: 8774
net_binds: *public_binds
- name: nova_metadata
port: 8775
net_binds: *public_binds
- name: nova_novncproxy
port: 6080
net_binds: *public_binds
- name: ceilometer
port: 8777
net_binds: *public_binds
options: # overwrite options as ceil needs auth for http req
- name: swift_proxy_server
port: 8080
net_binds: *public_binds
options:
- option httpchk GET /info
- name: rabbitmq
port: 5672
options:
- timeout client 0
- timeout server 0
- maxconn 1500
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
properties:
signal_transport: NO_SIGNAL
config: {get_resource: ControllerConfig}
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
controller_virtual_ip: {get_param: VirtualIP}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
heat.watch_server_url:
list_join:
- ''
- - 'http://'
- {get_param: VirtualIP}
- ':8003'
heat.metadata_server_url:
list_join:
- ''
- - 'http://'
- {get_param: VirtualIP}
- ':8000'
heat.waitcondition_server_url:
list_join:
- ''
- - 'http://'
- {get_param: VirtualIP}
- ':8000/v1/waitcondition'
admin_password: {get_param: AdminPassword}
admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
debug: {get_param: Debug}
cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
cinder_password: {get_param: CinderPassword}
cinder_iscsi_helper: {get_param: CinderISCSIHelper}
cinder_dsn:
list_join:
- ''
- - 'mysql://cinder:'
- {get_param: CinderPassword}
- '@'
- {get_param: VirtualIP}
- '/cinder'
glance_port: {get_param: GlancePort}
glance_protocol: {get_param: GlanceProtocol}
glance_password: {get_param: GlancePassword}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance_dsn:
list_join:
- ''
- - 'mysql://glance:'
- {get_param: GlancePassword}
- '@'
- {get_param: VirtualIP}
- '/glance'
heat_password: {get_param: HeatPassword}
heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
heat_dsn:
list_join:
- ''
- - 'mysql://heat:'
- {get_param: HeatPassword}
- '@'
- {get_param: VirtualIP}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_signing_key: {get_param: KeystoneSigningKey}
keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone_dsn:
list_join:
- ''
- - 'mysql://keystone:'
- {get_param: AdminToken}
- '@'
- {get_param: VirtualIP}
- '/keystone'
mongodb_no_journal: {get_param: MongoDbNoJournal}
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
mysql_root_password: {get_param: MysqlRootPassword}
mysql_cluster_name:
str_replace:
template: tripleo-CLUSTER
params:
CLUSTER: {get_param: MysqlClusterUniquePart}
neutron_flat_networks: {get_param: NeutronFlatNetworks}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron_agent_mode: {get_param: NeutronAgentMode}
neutron_router_distributed: {get_param: NeutronDVR}
neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron_l3_ha: {get_param: NeutronL3HA}
neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
neutron_bridge_mappings: {get_param: NeutronBridgeMappings}
neutron_public_interface: {get_param: NeutronPublicInterface}
neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag}
neutron_tenant_network_type: {get_param: NeutronNetworkType}
neutron_tunnel_types: {get_param: NeutronTunnelTypes}
neutron_tunnel_id_ranges:
str_replace:
template: "['RANGES']"
params:
RANGES:
list_join:
- "','"
- {get_param: NeutronTunnelIdRanges}
neutron_vni_ranges:
str_replace:
template: "['RANGES']"
params:
RANGES:
list_join:
- "','"
- {get_param: NeutronVniRanges}
neutron_password: {get_param: NeutronPassword}
neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
neutron_dsn:
list_join:
- ''
- - 'mysql://neutron:'
- {get_param: NeutronPassword}
- '@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_dsn:
list_join:
- ''
- - 'mysql://ceilometer:'
- {get_param: CeilometerPassword}
- '@'
- {get_param: VirtualIP}
- '/ceilometer'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_password: {get_param: NovaPassword}
nova_dsn:
list_join:
- ''
- - 'mysql://nova:'
- {get_param: NovaPassword}
- '@'
- {get_param: VirtualIP}
- '/nova'
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
rabbit_cookie: {get_param: RabbitCookie}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
ntp_server: {get_param: NtpServer}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
public_virtual_ip: {get_param: PublicVirtualIP}
SSLConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config:
ssl:
ca_certificate: {get_input: ssl_ca_certificate}
stunnel:
cert: {get_input: ssl_certificate}
key: {get_input: ssl_key}
cacert: {get_input: ssl_ca_certificate}
ports:
- name: 'ec2'
accept: 13773
connect: 8773
connect_host: {get_input: controller_host}
- name: 'image'
accept: 13292
connect: 9292
connect_host: {get_input: controller_host}
- name: 'identity'
accept: 13000
connect: 5000
connect_host: {get_input: controller_host}
- name: 'network'
accept: 13696
connect: 9696
connect_host: {get_input: controller_host}
- name: 'compute'
accept: 13774
connect: 8774
connect_host: {get_input: controller_host}
- name: 'swift-proxy'
accept: 13080
connect: 8080
connect_host: {get_input: controller_host}
- name: 'cinder'
accept: 13776
connect: 8776
connect_host: {get_input: controller_host}
- name: 'ceilometer'
accept: 13777
connect: 8777
connect_host: {get_input: controller_host}
ControllerSSLDeployment:
type: OS::Heat::StructuredDeployment
properties:
config: {get_resource: SSLConfig}
server: {get_resource: Controller}
signal_transport: NO_SIGNAL
input_values:
controller_host: {get_attr: [Controller, networks, ctlplane, 0]}
ssl_certificate: {get_param: SSLCertificate}
ssl_key: {get_param: SSLKey}
ssl_ca_certificate: {get_param: SSLCACertificate}
ControllerPassthroughDeployment:
type: OS::Heat::StructuredDeployment
properties:
config: {get_resource: ControllerPassthroughConfig}
server: {get_resource: Controller}
signal_transport: NO_SIGNAL
input_values:
passthrough_config: {get_param: ExtraConfig}
ControllerPassthroughSpecificDeployment:
depends_on: [ControllerPassthroughDeployment]
type: OS::Heat::StructuredDeployment
properties:
config: {get_resource: ControllerPassthroughConfigSpecific}
server: {get_resource: Controller}
signal_transport: NO_SIGNAL
input_values:
passthrough_config_specific: {get_param: ControllerExtraConfig}
SwiftConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config:
swift:
hash: { get_input: swift_hash_suffix }
part-power: { get_input: swift_part_power }
mount-check: { get_input: swift_mount_check }
min-part-hours: { get_input: swift_min_part_hours }
replicas: {get_input: swift_replicas }
service-password: { get_input: swift_password }
SwiftStorageDeploy:
type: OS::Heat::StructuredDeployment
properties:
server: {get_resource: Controller}
config: {get_resource: SwiftConfig}
signal_transport: NO_SIGNAL
input_values:
swift_hash_suffix: {get_param: SwiftHashSuffix}
swift_mount_check: {get_param: SwiftMountCheck}
swift_password: {get_param: SwiftPassword}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_part_power: {get_param: SwiftPartPower}
swift_replicas: { get_param: SwiftReplicas}
outputs:
ip_address:
description: IP address of the server in the ctlplane network
value: {get_attr: [Controller, networks, ctlplane, 0]}
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
internal_api_ip_address:
description: IP address of the server in the internal_api network
value: {get_attr: [InternalApiPort, ip_address]}
storage_ip_address:
description: IP address of the server in the storage network
value: {get_attr: [StoragePort, ip_address]}
storage_mgmt_ip_address:
description: IP address of the server in the storage_mgmt network
value: {get_attr: [StorageMgmtPort, ip_address]}
tenant_ip_address:
description: IP address of the server in the tenant network
value: {get_attr: [TenantPort, ip_address]}
hostname:
description: Hostname of the server
value: {get_attr: [Controller, name]}
corosync_node:
description: >
Node object in the format {ip: ..., name: ...} format that the corosync
element expects
value:
ip: {get_attr: [Controller, networks, ctlplane, 0]}
name: {get_attr: [Controller, name]}
hosts_entry:
description: >
Server's IP address and hostname in the /etc/hosts format
value:
str_replace:
template: IP HOST CLOUDNAME
params:
IP: {get_attr: [Controller, networks, ctlplane, 0]}
HOST: {get_attr: [Controller, name]}
CLOUDNAME: {get_param: CloudName}
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
swift_device:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
template: 'r1z1-IP:%PORT%/d1'
params:
IP: {get_attr: [Controller, networks, ctlplane, 0]}
swift_proxy_memcache:
description: Swift proxy-memcache value
value:
str_replace:
template: "IP:11211"
params:
IP: {get_attr: [Controller, networks, ctlplane, 0]}
config_identifier:
description: identifier which changes if the node configuration may need re-applying
value: "None - NO_SIGNAL"
View Git Blame Copy Permalink