tripleo-heat-templates/puppet/controller.yaml

1144 lines
50 KiB
YAML

heat_template_version: 2016-04-08
description: >
OpenStack controller node configured by Puppet.
parameters:
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
AodhPassword:
description: The password for the aodh services.
type: string
hidden: true
#TODO(composable Redis): Remove the Redis password param
#As is used by ceilometer
CeilometerBackend:
default: 'mongodb'
description: The ceilometer backend type.
type: string
CeilometerMeteringSecret:
description: Secret shared by the ceilometer services.
type: string
hidden: true
CeilometerPassword:
description: The password for the ceilometer service and db account.
type: string
hidden: true
CeilometerStoreEvents:
default: false
description: Whether to store events in ceilometer.
type: boolean
CeilometerMeterDispatcher:
default: 'database'
description: Dispatcher to process meter data
type: string
constraints:
- allowed_values: ['gnocchi', 'database']
CeilometerWorkers:
default: 0
description: Number of workers for Ceilometer service.
type: number
controllerExtraConfig:
default: {}
description: |
Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
type: json
ControllerExtraConfig:
default: {}
description: |
Controller specific hiera configuration data to inject into the cluster.
type: json
ControllerIPs:
default: {}
description: >
A network mapped list of IPs to assign to Controllers in the following form:
{
"internal_api": ["a.b.c.d", "e.f.g.h"],
...
}
type: json
ControlVirtualInterface:
default: 'br-ex'
description: Interface where virtual ip will be assigned.
type: string
CorosyncIPv6:
default: false
description: Enable IPv6 in Corosync
type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
EnableFencing:
default: false
description: Whether to enable fencing in Pacemaker or not.
type: boolean
EnableGalera:
default: true
description: Whether to use Galera instead of regular MariaDB.
type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
type: boolean
ExtraConfig:
default: {}
description: |
Additional hieradata to inject into the cluster, note that
ControllerExtraConfig takes precedence over ExtraConfig.
type: json
FencingConfig:
default: {}
description: |
Pacemaker fencing configuration. The JSON should have
the following structure:
{
"devices": [
{
"agent": "AGENT_NAME",
"host_mac": "HOST_MAC_ADDRESS",
"params": {"PARAM_NAME": "PARAM_VALUE"}
}
]
}
For instance:
{
"devices": [
{
"agent": "fence_xvm",
"host_mac": "52:54:00:aa:bb:cc",
"params": {
"multicast_address": "225.0.0.12",
"port": "baremetal_0",
"manage_fw": true,
"manage_key_file": true,
"key_file": "/etc/fence_xvm.key",
"key_file_password": "abcdef"
}
}
]
}
type: json
Flavor:
description: Flavor for control nodes to request when deploying.
type: string
constraints:
- custom_constraint: nova.flavor
GnocchiBackend:
default: file
description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
GnocchiIndexerBackend:
default: 'mysql'
description: The short name of the Gnocchi indexer backend to use.
type: string
GnocchiPassword:
description: The password for the gnocchi service and db account.
type: string
hidden: true
HAProxyStatsPassword:
description: Password for HAProxy stats endpoint
type: string
HAProxyStatsUser:
description: User for HAProxy stats endpoint
default: admin
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
hidden: true
HorizonAllowedHosts:
default: '*'
description: A list of IP/Hostname allowed to connect to horizon
type: comma_delimited_list
HorizonSecret:
description: Secret key for Django
type: string
hidden: true
Image:
type: string
default: overcloud-control
constraints:
- custom_constraint: glance.image
ImageUpdatePolicy:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
InstanceNameTemplate:
default: 'instance-%08x'
description: Template string to be used to generate instance names
type: string
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
constraints:
- custom_constraint: nova.keypair
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
ManageFirewall:
default: false
description: Whether to manage IPtables rules.
type: boolean
MemcachedIPv6:
default: false
description: Enable IPv6 features in Memcached.
type: boolean
PurgeFirewallRules:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
default: 'unset' # Has to be here because of the ignored empty value bug
# Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
# constraints:
# - length: {min: 4, max: 10}
MysqlInnodbBufferPoolSize:
description: >
Specifies the size of the buffer pool in megabytes. Setting to
zero should be interpreted as "no value" and will defer to the
lower level default.
type: number
default: 0
MysqlMaxConnections:
description: Configures MySQL max_connections config setting
type: number
default: 4096
MysqlClustercheckPassword:
type: string
hidden: true
MysqlRootPassword:
type: string
hidden: true
default: '' # Has to be here because of the ignored empty value bug
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
NeutronTenantMtu:
description: >
The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
be at least 50 bytes smaller than the MTU on the physical network. This
value will be used to set the MTU on the virtual Ethernet device.
This number is related to the value of NeutronDnsmasqOptions, since that
will determine the MTU that is assigned to the VM host through DHCP.
default: 1400
type: number
NovaEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Nova database.
type: boolean
NovaIPv6:
default: false
description: Enable IPv6 features in Nova
type: boolean
NovaPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
hidden: true
PublicVirtualInterface:
default: 'br-ex'
description: >
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
RabbitCookie:
type: string
default: '' # Has to be here because of the ignored empty value bug
hidden: true
RabbitPassword:
description: The password for RabbitMQ
type: string
hidden: true
RabbitUserName:
default: guest
description: The username for RabbitMQ
type: string
RabbitClientUseSSL:
default: false
description: >
Rabbit client subscriber parameter to specify
an SSL connection to the RabbitMQ host.
type: string
RabbitClientPort:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
RedisPassword:
description: The password for Redis
type: string
hidden: true
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
RedisVirtualIPUri:
type: string
default: '' # Has to be here because of the ignored empty value bug
description: An IP address which is wrapped in brackets in case of IPv6
SwiftHashSuffix:
description: A random string to be used as a salt when hashing to determine mappings
in the ring.
hidden: true
type: string
SwiftMinPartHours:
type: number
default: 1
description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
SwiftPartPower:
default: 10
description: Partition Power to use when building Swift rings
type: number
SwiftRingBuild:
default: true
description: Whether to manage Swift rings or not
type: boolean
SwiftReplicas:
type: number
default: 3
description: How many replicas to use in the swift rings.
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
MysqlVirtualIP:
type: string
default: ''
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
UpdateIdentifier:
default: ''
type: string
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
Hostname:
type: string
default: '' # Defaults to Heat created hostname
HostnameMap:
type: json
default: {}
description: Optional mapping to override hostnames
NetworkDeploymentActions:
type: comma_delimited_list
description: >
Heat action when to apply network configuration changes
default: ['CREATE']
NodeIndex:
type: number
default: 0
SoftwareConfigTransport:
default: POLL_SERVER_CFN
description: |
How the server should receive the metadata required for software configuration.
type: string
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
default: ''
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
configured in the Undercloud neutron. Defaults to localdomain.
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
the overcloud. It's accessible via the Nova metadata API.
type: json
SchedulerHints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
ServiceConfigSettings:
type: json
default: {}
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- controllerExtraConfig
resources:
Controller:
type: OS::TripleO::Server
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
properties:
image: {get_param: Image}
image_update_policy: {get_param: ImageUpdatePolicy}
flavor: {get_param: Flavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
user_data: {get_resource: UserData}
name:
str_replace:
template: {get_param: Hostname}
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
scheduler_hints: {get_param: SchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
UserData:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: NodeAdminUserData}
type: multipart
- config: {get_resource: NodeUserData}
type: multipart
# Creates the "heat-admin" user if configured via the environment
# Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeAdminUserData:
type: OS::TripleO::NodeAdminUserData
# For optional operator additional userdata
# Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeUserData:
type: OS::TripleO::NodeUserData
ExternalPort:
type: OS::TripleO::Controller::Ports::ExternalPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
InternalApiPort:
type: OS::TripleO::Controller::Ports::InternalApiPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
StoragePort:
type: OS::TripleO::Controller::Ports::StoragePort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
StorageMgmtPort:
type: OS::TripleO::Controller::Ports::StorageMgmtPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
TenantPort:
type: OS::TripleO::Controller::Ports::TenantPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
ManagementPort:
type: OS::TripleO::Controller::Ports::ManagementPort
properties:
IPPool: {get_param: ControllerIPs}
NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
properties:
ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
ExternalIp: {get_attr: [ExternalPort, ip_address]}
ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
StorageIp: {get_attr: [StoragePort, ip_address]}
StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
TenantIp: {get_attr: [TenantPort, ip_address]}
TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
ManagementIp: {get_attr: [ManagementPort, ip_address]}
ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
properties:
ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
depends_on: NetworkDeployment
type: OS::TripleO::NodeTLSCAData
properties:
server: {get_resource: Controller}
# Resource for site-specific passing of private keys/certificates
NodeTLSData:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeTLSData
properties:
server: {get_resource: Controller}
NodeIndex: {get_param: NodeIndex}
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: NetworkDeployment
properties:
name: ControllerDeployment
config: {get_resource: ControllerConfig}
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
ceilometer_workers: {get_param: CeilometerWorkers}
haproxy_log_address: {get_param: HAProxySyslogAddress}
haproxy_stats_password: {get_param: HAProxyStatsPassword}
haproxy_stats_user: {get_param: HAProxyStatsUser}
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
admin_password: {get_param: AdminPassword}
debug: {get_param: Debug}
cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
enable_load_balancer: {get_param: EnableLoadBalancer}
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
mysql_max_connections: {get_param: MysqlMaxConnections}
mysql_root_password: {get_param: MysqlRootPassword}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
mysql_cluster_name:
str_replace:
template: tripleo-CLUSTER
params:
CLUSTER: {get_param: MysqlClusterUniquePart}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron_password: {get_param: NeutronPassword}
neutron_tenant_mtu: {get_param: NeutronTenantMtu}
neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_store_events: {get_param: CeilometerStoreEvents}
aodh_password: {get_param: AodhPassword}
aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
gnocchi_password: {get_param: GnocchiPassword}
gnocchi_backend: {get_param: GnocchiBackend}
gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
ceilometer_coordination_url:
list_join:
- ''
- - 'redis://:'
- {get_param: RedisPassword}
- '@'
- {get_param: RedisVirtualIPUri}
- ':6379/'
ceilometer_dsn:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://ceilometer:'
- {get_param: CeilometerPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ceilometer'
gnocchi_dsn:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://gnocchi:'
- {get_param: GnocchiPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/gnocchi'
aodh_dsn:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://aodh:'
- {get_param: AodhPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/aodh'
gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova_ipv6: {get_param: NovaIPv6}
corosync_ipv6: {get_param: CorosyncIPv6}
memcached_ipv6: {get_param: MemcachedIPv6}
nova_password: {get_param: NovaPassword}
nova_dsn:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://nova:'
- {get_param: NovaPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova'
nova_api_dsn:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://nova_api:'
- {get_param: NovaPassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
instance_name_template: {get_param: InstanceNameTemplate}
nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
rabbit_cookie: {get_param: RabbitCookie}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
swift_part_power: {get_param: SwiftPartPower}
swift_ring_build: {get_param: SwiftRingBuild}
swift_replicas: {get_param: SwiftReplicas}
swift_min_part_hours: {get_param: SwiftMinPartHours}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
cinder_iscsi_network:
str_replace:
template: "'IP'"
params:
IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
keystone_region: {get_param: KeystoneRegion}
mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
horizon_subnet:
str_replace:
template: "['SUBNET']"
params:
SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
mysql_virtual_ip: {get_param: MysqlVirtualIP}
ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
ControllerConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config:
hiera:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- controller_extraconfig
- extraconfig
- service_configs
- controller
- database
- object
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- ceph_cluster # provided by CephClusterConfig
- ceph
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by vip-config
- '"%{::osfamily}"'
- common
- network
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
merge_behavior: deeper
datafiles:
service_configs:
mapped_data: {get_param: ServiceConfigSettings}
controller_extraconfig:
mapped_data:
map_merge:
- {get_param: controllerExtraConfig}
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
common:
raw_data: {get_file: hieradata/common.yaml}
network:
mapped_data:
net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
ceph:
raw_data: {get_file: hieradata/ceph.yaml}
mapped_data:
ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
ceph::profile::params::public_network: {get_input: ceph_public_network}
ceph::profile::params::public_addr: {get_input: ceph_public_ip}
database:
raw_data: {get_file: hieradata/database.yaml}
object:
raw_data: {get_file: hieradata/object.yaml}
controller:
raw_data: {get_file: hieradata/controller.yaml}
mapped_data: # data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
# Pacemaker
enable_fencing: {get_input: enable_fencing}
enable_load_balancer: {get_input: enable_load_balancer}
hacluster_pwd: {get_input: pcsd_password}
corosync_ipv6: {get_input: corosync_ipv6}
tripleo::fencing::config: {get_input: fencing_config}
# Swift
# FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
tripleo::ringbuilder::part_power: {get_input: swift_part_power}
tripleo::ringbuilder::replicas: {get_input: swift_replicas}
tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
# Cinder
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
cinder::api::bind_host: {get_input: cinder_api_network}
cinder::keystone::auth::public_url: {get_input: cinder_public_url }
cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
cinder::keystone::auth::password: {get_input: cinder_password }
cinder::keystone::auth::region: {get_input: keystone_region}
# Glance
glance::api::bind_host: {get_input: glance_api_network}
glance::registry::bind_host: {get_input: glance_registry_network}
glance::keystone::auth::region: {get_input: keystone_region}
# Heat
heat::api::bind_host: {get_input: heat_api_network}
heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
heat::api_cfn::bind_host: {get_input: heat_api_network}
heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
# Keystone
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::public_bind_host: {get_input: keystone_public_api_network}
keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
# MySQL
admin_password: {get_input: admin_password}
enable_galera: {get_input: enable_galera}
mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
mysql_max_connections: {get_input: mysql_max_connections}
mysql::server::root_password: {get_input: mysql_root_password}
mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
mysql_cluster_name: {get_input: mysql_cluster_name}
mysql_bind_host: {get_input: mysql_network}
mysql_virtual_ip: {get_input: mysql_virtual_ip}
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
neutron::keystone::auth::public_url: {get_input: neutron_public_url }
neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
neutron::keystone::auth::password: {get_input: neutron_password }
neutron::keystone::auth::region: {get_input: keystone_region}
# Ceilometer
ceilometer_backend: {get_input: ceilometer_backend}
ceilometer_mysql_conn_string: {get_input: ceilometer_dsn}
ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
ceilometer::rabbit_userid: {get_input: rabbit_username}
ceilometer::rabbit_password: {get_input: rabbit_password}
ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
ceilometer::rabbit_port: {get_input: rabbit_client_port}
ceilometer::debug: {get_input: debug}
ceilometer::api::host: {get_input: ceilometer_api_network}
ceilometer::api::keystone_password: {get_input: ceilometer_password}
ceilometer::api::auth_uri: {get_input: keystone_auth_uri}
ceilometer::api::identity_uri: {get_input: keystone_identity_uri}
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
ceilometer::keystone::auth::password: {get_input: ceilometer_password }
ceilometer::keystone::auth::region: {get_input: keystone_region}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
# Aodh
aodh_mysql_conn_string: {get_input: aodh_dsn}
aodh::rabbit_userid: {get_input: rabbit_username}
aodh::rabbit_password: {get_input: rabbit_password}
aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
aodh::rabbit_port: {get_input: rabbit_client_port}
aodh::debug: {get_input: debug}
aodh::wsgi::apache::ssl: false
aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
aodh::api::service_name: 'httpd'
aodh::api::host: {get_input: aodh_api_network}
aodh::api::keystone_password: {get_input: aodh_password}
aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
aodh::auth::auth_url: {get_input: keystone_auth_uri}
aodh::auth::auth_password: {get_input: aodh_password}
aodh::db::mysql::password: {get_input: aodh_password}
# for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
aodh::keystone::auth::public_url: {get_input: aodh_public_url }
aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
aodh::keystone::auth::password: {get_input: aodh_password }
aodh::keystone::auth::region: {get_input: keystone_region}
# Gnocchi
gnocchi_backend: {get_input: gnocchi_backend}
gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
gnocchi::debug: {get_input: debug}
gnocchi::wsgi::apache::ssl: false
gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
gnocchi::api::service_name: 'httpd'
gnocchi::api::host: {get_input: gnocchi_api_network}
gnocchi::api::keystone_password: {get_input: gnocchi_password}
gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
gnocchi::db::mysql::password: {get_input: gnocchi_password}
gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
gnocchi::keystone::auth::password: {get_input: gnocchi_password }
gnocchi::keystone::auth::region: {get_input: keystone_region}
# Nova
nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova::use_ipv6: {get_input: nova_ipv6}
nova::api::auth_uri: {get_input: keystone_auth_uri}
nova::api::identity_uri: {get_input: keystone_identity_uri}
nova::api::api_bind_address: {get_input: nova_api_network}
nova::api::metadata_listen: {get_input: nova_metadata_network}
nova::api::admin_password: {get_input: nova_password}
nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
nova::database_connection: {get_input: nova_dsn}
nova::api_database_connection: {get_input: nova_api_dsn}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
nova::network::neutron::neutron_password: {get_input: neutron_password}
nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
nova::db::mysql_api::password: {get_input: nova_password}
nova_enable_db_purge: {get_input: nova_enable_db_purge}
nova::keystone::auth::public_url: {get_input: nova_public_url}
nova::keystone::auth::internal_url: {get_input: nova_internal_url}
nova::keystone::auth::admin_url: {get_input: nova_admin_url}
nova::keystone::auth::password: {get_input: nova_password }
nova::keystone::auth::region: {get_input: keystone_region}
# Horizon
apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
apache::ip: {get_input: horizon_network}
horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
horizon::bind_address: {get_input: horizon_network}
horizon::keystone_url: {get_input: keystone_auth_uri}
# RabbitMQ
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
memcached::listen_ip: {get_input: memcached_network}
control_virtual_interface: {get_input: control_virtual_interface}
public_virtual_interface: {get_input: public_virtual_interface}
tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
tripleo::haproxy::redis_password: {get_input: redis_password}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
ControllerExtraConfigPre:
depends_on: ControllerDeployment
type: OS::TripleO::ControllerExtraConfigPre
properties:
server: {get_resource: Controller}
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
NodeExtraConfig:
depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
properties:
server: {get_resource: Controller}
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
server: {get_resource: Controller}
input_values:
update_identifier:
get_param: UpdateIdentifier
outputs:
ip_address:
description: IP address of the server in the ctlplane network
value: {get_attr: [Controller, networks, ctlplane, 0]}
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
internal_api_ip_address:
description: IP address of the server in the internal_api network
value: {get_attr: [InternalApiPort, ip_address]}
storage_ip_address:
description: IP address of the server in the storage network
value: {get_attr: [StoragePort, ip_address]}
storage_mgmt_ip_address:
description: IP address of the server in the storage_mgmt network
value: {get_attr: [StorageMgmtPort, ip_address]}
tenant_ip_address:
description: IP address of the server in the tenant network
value: {get_attr: [TenantPort, ip_address]}
management_ip_address:
description: IP address of the server in the management network
value: {get_attr: [ManagementPort, ip_address]}
hostname:
description: Hostname of the server
value: {get_attr: [Controller, name]}
hosts_entry:
description: >
Server's IP address and hostname in the /etc/hosts format
value:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
PRIMARYHOST: {get_attr: [Controller, name]}
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- '.'
- - {get_attr: [Controller, name]}
- management
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
swift_device:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
template: 'r1z1-IP:%PORT%/d1'
params:
IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
swift_proxy_memcache:
description: Swift proxy-memcache value
value:
str_replace:
template: "IP:11211"
params:
IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
tls_cert_modulus_md5:
description: MD5 checksum of the TLS Certificate Modulus
value: {get_attr: [NodeTLSData, cert_modulus_md5]}