OpenStack Resource Types

OpenStack Resource Types

OS::Aodh::CompositeAlarm

Available since 8.0.0 (Ocata)

A resource that implements Aodh composite alarm.

Allows to specify multiple rules when creating a composite alarm, and the rules combined with logical operators: and, or.

Required Properties

composite_rule
Composite threshold rules in JSON format.
Map value expected.
Can be updated without replacement.
Map properties:
operator
Required.
The operator indicates how to combine the rules.
String value expected.
Can be updated without replacement.
Allowed values: or, and
rules
Rules list. Basic threshold/gnocchi rules and nested dict which combine threshold/gnocchi rules by “and” or “or” are allowed. For example, the form is like: [RULE1, RULE2, {“and”: [RULE3, RULE4]}], the basic threshold/gnocchi rules must include a “type” field.
List value expected.
Can be updated without replacement.
The length must be at least 2.

Optional Properties

alarm_actions
A list of URLs (webhooks) to invoke when state transitions to alarm.
List value expected.
Can be updated without replacement.
alarm_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to alarm.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
description
Description for the alarm.
String value expected.
Can be updated without replacement.
enabled
True if alarm evaluation/actioning is enabled.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
insufficient_data_actions
A list of URLs (webhooks) to invoke when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
insufficient_data_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
ok_actions
A list of URLs (webhooks) to invoke when state transitions to ok.
List value expected.
Can be updated without replacement.
ok_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to ok.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
repeat_actions
False to trigger actions when the threshold is reached AND the alarm’s state has changed. By default, actions are called each time the threshold is reached.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
severity

Available since 5.0.0 (Liberty)

Severity of the alarm.
String value expected.
Can be updated without replacement.
Defaults to "low"
Allowed values: low, moderate, critical
time_constraints

Available since 5.0.0 (Liberty)

Describe time constraints for the alarm. Only evaluate the alarm if the time at evaluation is within this time constraint. Start point(s) of the constraint are specified with a cron expression, whereas its duration is given in seconds.
List value expected.
Updates cause replacement.
Defaults to []
List contents:
Map value expected.
Updates cause replacement.
Map properties:
description
Optional.
Description for the time constraint.
String value expected.
Updates cause replacement.
duration
Required.
Duration for the time constraint.
Integer value expected.
Updates cause replacement.
The value must be at least 0.
name
Required.
Name for the time constraint.
String value expected.
Updates cause replacement.
start
Required.
Start time for the time constraint. A CRON expression property.
String value expected.
Updates cause replacement.
Value must be of type cron_expression
timezone
Optional.
Timezone for the time constraint (eg. ‘Asia/Taipei’, ‘Europe/Amsterdam’).
String value expected.
Updates cause replacement.
Value must be of type timezone

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Aodh::CompositeAlarm
    properties:
      alarm_actions: [Value, Value, ...]
      alarm_queues: [String, String, ...]
      composite_rule: {"rules": [Value, Value, ...], "operator": String}
      description: String
      enabled: Boolean
      insufficient_data_actions: [Value, Value, ...]
      insufficient_data_queues: [String, String, ...]
      ok_actions: [Value, Value, ...]
      ok_queues: [String, String, ...]
      repeat_actions: Boolean
      severity: String
      time_constraints: [{"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, {"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, ...]

OS::Aodh::EventAlarm

Available since 8.0.0 (Ocata)

A resource that implements event alarms.

Allows users to define alarms which can be evaluated based on events passed from other OpenStack services. The events can be emitted when the resources from other OpenStack services have been updated, created or deleted, such as ‘compute.instance.reboot.end’, ‘scheduler.select_destinations.end’.

Optional Properties

alarm_actions
A list of URLs (webhooks) to invoke when state transitions to alarm.
List value expected.
Can be updated without replacement.
alarm_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to alarm.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
description
Description for the alarm.
String value expected.
Can be updated without replacement.
enabled
True if alarm evaluation/actioning is enabled.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
event_type
Event type to evaluate against. If not specified will match all events.
String value expected.
Can be updated without replacement.
Defaults to "*"
insufficient_data_actions
A list of URLs (webhooks) to invoke when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
insufficient_data_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
ok_actions
A list of URLs (webhooks) to invoke when state transitions to ok.
List value expected.
Can be updated without replacement.
ok_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to ok.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
query
A list for filtering events. Query conditions used to filter specific events when evaluating the alarm.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
field
Optional.
Name of attribute to compare.
String value expected.
Can be updated without replacement.
op
Optional.
Comparison operator.
String value expected.
Can be updated without replacement.
Allowed values: le, ge, eq, lt, gt, ne
type
Optional.
The type of the attribute.
String value expected.
Can be updated without replacement.
Defaults to "string"
Allowed values: integer, float, string, boolean, datetime
value
Optional.
String value with which to compare.
String value expected.
Can be updated without replacement.
repeat_actions
False to trigger actions when the threshold is reached AND the alarm’s state has changed. By default, actions are called each time the threshold is reached.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
severity

Available since 5.0.0 (Liberty)

Severity of the alarm.
String value expected.
Can be updated without replacement.
Defaults to "low"
Allowed values: low, moderate, critical
time_constraints

Available since 5.0.0 (Liberty)

Describe time constraints for the alarm. Only evaluate the alarm if the time at evaluation is within this time constraint. Start point(s) of the constraint are specified with a cron expression, whereas its duration is given in seconds.
List value expected.
Updates cause replacement.
Defaults to []
List contents:
Map value expected.
Updates cause replacement.
Map properties:
description
Optional.
Description for the time constraint.
String value expected.
Updates cause replacement.
duration
Required.
Duration for the time constraint.
Integer value expected.
Updates cause replacement.
The value must be at least 0.
name
Required.
Name for the time constraint.
String value expected.
Updates cause replacement.
start
Required.
Start time for the time constraint. A CRON expression property.
String value expected.
Updates cause replacement.
Value must be of type cron_expression
timezone
Optional.
Timezone for the time constraint (eg. ‘Asia/Taipei’, ‘Europe/Amsterdam’).
String value expected.
Updates cause replacement.
Value must be of type timezone

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Aodh::EventAlarm
    properties:
      alarm_actions: [Value, Value, ...]
      alarm_queues: [String, String, ...]
      description: String
      enabled: Boolean
      event_type: String
      insufficient_data_actions: [Value, Value, ...]
      insufficient_data_queues: [String, String, ...]
      ok_actions: [Value, Value, ...]
      ok_queues: [String, String, ...]
      query: [{"op": String, "value": String, "type": String, "field": String}, {"op": String, "value": String, "type": String, "field": String}, ...]
      repeat_actions: Boolean
      severity: String
      time_constraints: [{"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, {"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, ...]

OS::Aodh::GnocchiAggregationByMetricsAlarm

Available since 2015.1 (Kilo)

A resource that implements alarm with specified metrics.

A resource that implements alarm which allows to use specified by user metrics in metrics list.

Required Properties

metrics
A list of metric ids.
List value expected.
Can be updated without replacement.
threshold
Threshold to evaluate against.
Number value expected.
Can be updated without replacement.

Optional Properties

aggregation_method
The aggregation method to compare to the threshold.
String value expected.
Can be updated without replacement.
alarm_actions
A list of URLs (webhooks) to invoke when state transitions to alarm.
List value expected.
Can be updated without replacement.
alarm_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to alarm.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
comparison_operator
Operator used to compare specified statistic with threshold.
String value expected.
Can be updated without replacement.
Allowed values: le, ge, eq, lt, gt, ne
description
Description for the alarm.
String value expected.
Can be updated without replacement.
enabled
True if alarm evaluation/actioning is enabled.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
evaluation_periods
Number of periods to evaluate over.
Integer value expected.
Can be updated without replacement.
granularity
The time range in seconds.
Integer value expected.
Can be updated without replacement.
insufficient_data_actions
A list of URLs (webhooks) to invoke when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
insufficient_data_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
ok_actions
A list of URLs (webhooks) to invoke when state transitions to ok.
List value expected.
Can be updated without replacement.
ok_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to ok.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
repeat_actions
False to trigger actions when the threshold is reached AND the alarm’s state has changed. By default, actions are called each time the threshold is reached.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
severity

Available since 5.0.0 (Liberty)

Severity of the alarm.
String value expected.
Can be updated without replacement.
Defaults to "low"
Allowed values: low, moderate, critical
time_constraints

Available since 5.0.0 (Liberty)

Describe time constraints for the alarm. Only evaluate the alarm if the time at evaluation is within this time constraint. Start point(s) of the constraint are specified with a cron expression, whereas its duration is given in seconds.
List value expected.
Updates cause replacement.
Defaults to []
List contents:
Map value expected.
Updates cause replacement.
Map properties:
description
Optional.
Description for the time constraint.
String value expected.
Updates cause replacement.
duration
Required.
Duration for the time constraint.
Integer value expected.
Updates cause replacement.
The value must be at least 0.
name
Required.
Name for the time constraint.
String value expected.
Updates cause replacement.
start
Required.
Start time for the time constraint. A CRON expression property.
String value expected.
Updates cause replacement.
Value must be of type cron_expression
timezone
Optional.
Timezone for the time constraint (eg. ‘Asia/Taipei’, ‘Europe/Amsterdam’).
String value expected.
Updates cause replacement.
Value must be of type timezone

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Aodh::GnocchiAggregationByMetricsAlarm
    properties:
      aggregation_method: String
      alarm_actions: [Value, Value, ...]
      alarm_queues: [String, String, ...]
      comparison_operator: String
      description: String
      enabled: Boolean
      evaluation_periods: Integer
      granularity: Integer
      insufficient_data_actions: [Value, Value, ...]
      insufficient_data_queues: [String, String, ...]
      metrics: [Value, Value, ...]
      ok_actions: [Value, Value, ...]
      ok_queues: [String, String, ...]
      repeat_actions: Boolean
      severity: String
      threshold: Number
      time_constraints: [{"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, {"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, ...]

OS::Aodh::GnocchiAggregationByResourcesAlarm

Available since 2015.1 (Kilo)

A resource that implements alarm as an aggregation of resources alarms.

A resource that implements alarm which uses aggregation of resources alarms with some condition. If state of a system is satisfied alarm condition, alarm is activated.

Required Properties

metric
Metric name watched by the alarm.
String value expected.
Can be updated without replacement.
query
The query to filter the metrics.
String value expected.
Can be updated without replacement.
resource_type
Resource type.
String value expected.
Can be updated without replacement.
threshold
Threshold to evaluate against.
Number value expected.
Can be updated without replacement.

Optional Properties

aggregation_method
The aggregation method to compare to the threshold.
String value expected.
Can be updated without replacement.
alarm_actions
A list of URLs (webhooks) to invoke when state transitions to alarm.
List value expected.
Can be updated without replacement.
alarm_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to alarm.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
comparison_operator
Operator used to compare specified statistic with threshold.
String value expected.
Can be updated without replacement.
Allowed values: le, ge, eq, lt, gt, ne
description
Description for the alarm.
String value expected.
Can be updated without replacement.
enabled
True if alarm evaluation/actioning is enabled.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
evaluation_periods
Number of periods to evaluate over.
Integer value expected.
Can be updated without replacement.
granularity
The time range in seconds.
Integer value expected.
Can be updated without replacement.
insufficient_data_actions
A list of URLs (webhooks) to invoke when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
insufficient_data_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
ok_actions
A list of URLs (webhooks) to invoke when state transitions to ok.
List value expected.
Can be updated without replacement.
ok_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to ok.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
repeat_actions
False to trigger actions when the threshold is reached AND the alarm’s state has changed. By default, actions are called each time the threshold is reached.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
severity

Available since 5.0.0 (Liberty)

Severity of the alarm.
String value expected.
Can be updated without replacement.
Defaults to "low"
Allowed values: low, moderate, critical
time_constraints

Available since 5.0.0 (Liberty)

Describe time constraints for the alarm. Only evaluate the alarm if the time at evaluation is within this time constraint. Start point(s) of the constraint are specified with a cron expression, whereas its duration is given in seconds.
List value expected.
Updates cause replacement.
Defaults to []
List contents:
Map value expected.
Updates cause replacement.
Map properties:
description
Optional.
Description for the time constraint.
String value expected.
Updates cause replacement.
duration
Required.
Duration for the time constraint.
Integer value expected.
Updates cause replacement.
The value must be at least 0.
name
Required.
Name for the time constraint.
String value expected.
Updates cause replacement.
start
Required.
Start time for the time constraint. A CRON expression property.
String value expected.
Updates cause replacement.
Value must be of type cron_expression
timezone
Optional.
Timezone for the time constraint (eg. ‘Asia/Taipei’, ‘Europe/Amsterdam’).
String value expected.
Updates cause replacement.
Value must be of type timezone

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Aodh::GnocchiAggregationByResourcesAlarm
    properties:
      aggregation_method: String
      alarm_actions: [Value, Value, ...]
      alarm_queues: [String, String, ...]
      comparison_operator: String
      description: String
      enabled: Boolean
      evaluation_periods: Integer
      granularity: Integer
      insufficient_data_actions: [Value, Value, ...]
      insufficient_data_queues: [String, String, ...]
      metric: String
      ok_actions: [Value, Value, ...]
      ok_queues: [String, String, ...]
      query: String
      repeat_actions: Boolean
      resource_type: String
      severity: String
      threshold: Number
      time_constraints: [{"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, {"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, ...]

OS::Aodh::GnocchiResourcesAlarm

Available since 2015.1 (Kilo)

A resource allowing for the watch of some specified resource.

An alarm that evaluates threshold based on some metric for the specified resource.

Required Properties

metric
Metric name watched by the alarm.
String value expected.
Can be updated without replacement.
resource_id
Id of a resource.
String value expected.
Can be updated without replacement.
resource_type
Resource type.
String value expected.
Can be updated without replacement.
threshold
Threshold to evaluate against.
Number value expected.
Can be updated without replacement.

Optional Properties

aggregation_method
The aggregation method to compare to the threshold.
String value expected.
Can be updated without replacement.
alarm_actions
A list of URLs (webhooks) to invoke when state transitions to alarm.
List value expected.
Can be updated without replacement.
alarm_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to alarm.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
comparison_operator
Operator used to compare specified statistic with threshold.
String value expected.
Can be updated without replacement.
Allowed values: le, ge, eq, lt, gt, ne
description
Description for the alarm.
String value expected.
Can be updated without replacement.
enabled
True if alarm evaluation/actioning is enabled.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
evaluation_periods
Number of periods to evaluate over.
Integer value expected.
Can be updated without replacement.
granularity
The time range in seconds.
Integer value expected.
Can be updated without replacement.
insufficient_data_actions
A list of URLs (webhooks) to invoke when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
insufficient_data_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to insufficient-data.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
ok_actions
A list of URLs (webhooks) to invoke when state transitions to ok.
List value expected.
Can be updated without replacement.
ok_queues

Available since 8.0.0 (Ocata)

A list of Zaqar queues to post to when state transitions to ok.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type zaqar.queue
repeat_actions
False to trigger actions when the threshold is reached AND the alarm’s state has changed. By default, actions are called each time the threshold is reached.
Boolean value expected.
Can be updated without replacement.
Defaults to "true"
severity

Available since 5.0.0 (Liberty)

Severity of the alarm.
String value expected.
Can be updated without replacement.
Defaults to "low"
Allowed values: low, moderate, critical
time_constraints

Available since 5.0.0 (Liberty)

Describe time constraints for the alarm. Only evaluate the alarm if the time at evaluation is within this time constraint. Start point(s) of the constraint are specified with a cron expression, whereas its duration is given in seconds.
List value expected.
Updates cause replacement.
Defaults to []
List contents:
Map value expected.
Updates cause replacement.
Map properties:
description
Optional.
Description for the time constraint.
String value expected.
Updates cause replacement.
duration
Required.
Duration for the time constraint.
Integer value expected.
Updates cause replacement.
The value must be at least 0.
name
Required.
Name for the time constraint.
String value expected.
Updates cause replacement.
start
Required.
Start time for the time constraint. A CRON expression property.
String value expected.
Updates cause replacement.
Value must be of type cron_expression
timezone
Optional.
Timezone for the time constraint (eg. ‘Asia/Taipei’, ‘Europe/Amsterdam’).
String value expected.
Updates cause replacement.
Value must be of type timezone

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Aodh::GnocchiResourcesAlarm
    properties:
      aggregation_method: String
      alarm_actions: [Value, Value, ...]
      alarm_queues: [String, String, ...]
      comparison_operator: String
      description: String
      enabled: Boolean
      evaluation_periods: Integer
      granularity: Integer
      insufficient_data_actions: [Value, Value, ...]
      insufficient_data_queues: [String, String, ...]
      metric: String
      ok_actions: [Value, Value, ...]
      ok_queues: [String, String, ...]
      repeat_actions: Boolean
      resource_id: String
      resource_type: String
      severity: String
      threshold: Number
      time_constraints: [{"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, {"timezone": String, "name": String, "start": String, "description": String, "duration": Integer}, ...]

OS::Barbican::CertificateContainer

Available since 6.0.0 (Mitaka)

A resource for creating barbican certificate container.

A certificate container is used for storing the secrets that are relevant to certificates.

Optional Properties

certificate_ref
Reference to certificate.
String value expected.
Updates cause replacement.
Value must be of type barbican.secret
intermediates_ref
Reference to intermediates.
String value expected.
Updates cause replacement.
Value must be of type barbican.secret
name
Human-readable name for the container.
String value expected.
Updates cause replacement.
private_key_passphrase_ref
Reference to private key passphrase.
String value expected.
Updates cause replacement.
Value must be of type barbican.secret
private_key_ref
Reference to private key.
String value expected.
Updates cause replacement.
Value must be of type barbican.secret

Attributes

consumers
The URIs to container consumers.
container_ref
The URI to the container.
secret_refs
The URIs to secrets stored in container.
show
Detailed information about resource.
status
The status of the container.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Barbican::CertificateContainer
    properties:
      certificate_ref: String
      intermediates_ref: String
      name: String
      private_key_passphrase_ref: String
      private_key_ref: String

OS::Barbican::GenericContainer

Available since 6.0.0 (Mitaka)

A resource for creating Barbican generic container.

A generic container is used for any type of secret that a user may wish to aggregate. There are no restrictions on the amount of secrets that can be held within this container.

Optional Properties

name
Human-readable name for the container.
String value expected.
Updates cause replacement.
secrets
References to secrets that will be stored in container.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
name
Required.
Name of the secret.
String value expected.
Updates cause replacement.
ref
Required.
Reference to the secret.
String value expected.
Updates cause replacement.
Value must be of type barbican.secret

Attributes

consumers
The URIs to container consumers.
container_ref
The URI to the container.
secret_refs
The URIs to secrets stored in container.
show
Detailed information about resource.
status
The status of the container.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Barbican::GenericContainer
    properties:
      name: String
      secrets: [{"name": String, "ref": String}, {"name": String, "ref": String}, ...]

OS::Barbican::Order

Available since 2014.2 (Juno)

A resource allowing for the generation secret material by Barbican.

The resource allows to generate some secret material. It can be, for example, some key or certificate. The order encapsulates the workflow and history for the creation of a secret. The time to generate a secret can vary depending on the type of secret.

Required Properties

type

Available since 5.0.0 (Liberty)

The type of the order.
String value expected.
Updates cause replacement.
Allowed values: key, asymmetric, certificate

Optional Properties

algorithm
The algorithm type used to generate the secret. Required for key and asymmetric types of order.
String value expected.
Updates cause replacement.
bit_length
The bit-length of the secret. Required for key and asymmetric types of order.
Integer value expected.
Updates cause replacement.
ca_id

Available since 5.0.0 (Liberty)

The identifier of the CA to use.
String value expected.
Updates cause replacement.
expiration
The expiration date for the secret in ISO-8601 format.
String value expected.
Updates cause replacement.
Value must be of type expiration
mode
The type/mode of the algorithm associated with the secret information.
String value expected.
Updates cause replacement.
name
Human readable name for the secret.
String value expected.
Updates cause replacement.
pass_phrase

Available since 5.0.0 (Liberty)

The passphrase of the created key. Can be set only for asymmetric type of order.
String value expected.
Updates cause replacement.
payload_content_type
The type/format the secret data is provided in.
String value expected.
Updates cause replacement.
profile

Available since 5.0.0 (Liberty)

The profile of certificate to use.
String value expected.
Updates cause replacement.
request_data

Available since 5.0.0 (Liberty)

The content of the CSR. Only for certificate orders.
String value expected.
Updates cause replacement.
request_type

Available since 5.0.0 (Liberty)

The type of the certificate request.
String value expected.
Updates cause replacement.
Allowed values: stored-key, simple-cmc, custom
source_container_ref

Available since 5.0.0 (Liberty)

The source of certificate request.
String value expected.
Updates cause replacement.
Value must be of type barbican.container
subject_dn

Available since 5.0.0 (Liberty)

The subject of the certificate request.
String value expected.
Updates cause replacement.

Attributes

certificate

Available since 5.0.0 (Liberty)

The payload of the created certificate, if available.

container_ref

Available since 5.0.0 (Liberty)

The URI to the created container.

intermediates

Available since 5.0.0 (Liberty)

The payload of the created intermediates, if available.

order_ref
The URI to the order.
private_key

Available since 5.0.0 (Liberty)

The payload of the created private key, if available.

public_key

Available since 5.0.0 (Liberty)

The payload of the created public key, if available.

secret_ref
The URI to the created secret.
show
Detailed information about resource.
status
The status of the order.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Barbican::Order
    properties:
      algorithm: String
      bit_length: Integer
      ca_id: String
      expiration: String
      mode: String
      name: String
      pass_phrase: String
      payload_content_type: String
      profile: String
      request_data: String
      request_type: String
      source_container_ref: String
      subject_dn: String
      type: String

OS::Barbican::RSAContainer

Available since 6.0.0 (Mitaka)

A resource for creating barbican RSA container.

An RSA container is used for storing RSA public keys, private keys, and private key pass phrases.

Optional Properties

name
Human-readable name for the container.
String value expected.
Updates cause replacement.
private_key_passphrase_ref
Reference to private key passphrase.
String value expected.
Updates cause replacement.
Value must be of type barbican.secret
private_key_ref
Reference to private key.
String value expected.
Updates cause replacement.
Value must be of type barbican.secret
public_key_ref
Reference to public key.
String value expected.
Updates cause replacement.
Value must be of type barbican.secret

Attributes

consumers
The URIs to container consumers.
container_ref
The URI to the container.
secret_refs
The URIs to secrets stored in container.
show
Detailed information about resource.
status
The status of the container.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Barbican::RSAContainer
    properties:
      name: String
      private_key_passphrase_ref: String
      private_key_ref: String
      public_key_ref: String

OS::Barbican::Secret

Available since 2014.2 (Juno)

The resource provides access to the secret/keying stored material.

A secret is a singular item that stored within Barbican. A secret is anything you want it to be; however, the formal use case is a key that you wish to store away from prying eyes. Secret may include private keys, passwords and so on.

Optional Properties

algorithm
The algorithm type used to generate the secret.
String value expected.
Updates cause replacement.
bit_length
The bit-length of the secret.
Integer value expected.
Updates cause replacement.
The value must be at least 0.
expiration
The expiration date for the secret in ISO-8601 format.
String value expected.
Updates cause replacement.
Value must be of type expiration
mode
The type/mode of the algorithm associated with the secret information.
String value expected.
Updates cause replacement.
name
Human readable name for the secret.
String value expected.
Updates cause replacement.
payload
The unencrypted plain text of the secret.
String value expected.
Updates cause replacement.
payload_content_encoding
The encoding format used to provide the payload data.
String value expected.
Updates cause replacement.
Allowed values: base64
payload_content_type
The type/format the secret data is provided in.
String value expected.
Updates cause replacement.
Allowed values: text/plain, application/octet-stream
secret_type

Available since 5.0.0 (Liberty)

The type of the secret.
String value expected.
Updates cause replacement.
Defaults to "opaque"
Allowed values: symmetric, public, private, certificate, passphrase, opaque

Attributes

decrypted_payload
The decrypted secret payload.
show
Detailed information about resource.
status
The status of the secret.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Barbican::Secret
    properties:
      algorithm: String
      bit_length: Integer
      expiration: String
      mode: String
      name: String
      payload: String
      payload_content_encoding: String
      payload_content_type: String
      secret_type: String

OS::Cinder::EncryptedVolumeType

Available since 5.0.0 (Liberty)

A resource for encrypting a cinder volume type.

A Volume Encryption Type is a collection of settings used to conduct encryption for a specific volume type.

Note that default cinder security policy usage of this resource is limited to being used by administrators only.

Required Properties

provider
The class that provides encryption support. For example, nova.volume.encryptors.luks.LuksEncryptor.
String value expected.
Can be updated without replacement.
volume_type
Name or id of volume type (OS::Cinder::VolumeType).
String value expected.
Updates cause replacement.
Value must be of type cinder.vtype

Optional Properties

cipher
The encryption algorithm or mode. For example, aes-xts-plain64.
String value expected.
Can be updated without replacement.
Allowed values: aes-xts-plain64, aes-cbc-essiv
control_location
Notional service where encryption is performed For example, front-end. For Nova.
String value expected.
Can be updated without replacement.
Defaults to "front-end"
Allowed values: front-end, back-end
key_size
Size of encryption key, in bits. For example, 128 or 256.
Integer value expected.
Can be updated without replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Cinder::EncryptedVolumeType
    properties:
      cipher: String
      control_location: String
      key_size: Integer
      provider: String
      volume_type: String

OS::Cinder::QoSAssociation

Available since 8.0.0 (Ocata)

A resource to associate cinder QoS specs with volume types.

Usage of this resource restricted to admins only by default policy.

Required Properties

qos_specs
ID or Name of the QoS specs.
String value expected.
Updates cause replacement.
Value must be of type cinder.qos_specs
volume_types
List of volume type IDs or Names to be attached to QoS specs.
List value expected.
Can be updated without replacement.
List contents:
Optional.
A volume type to attach specs.
String value expected.
Can be updated without replacement.
Value must be of type cinder.vtype

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Cinder::QoSAssociation
    properties:
      qos_specs: String
      volume_types: [String, String, ...]

OS::Cinder::QoSSpecs

Available since 7.0.0 (Newton)

A resource for creating cinder QoS specs.

Users can ask for a specific volume type. Part of that volume type is a string that defines the QoS of the volume IO (fast, normal, or slow). Backends that can handle all of the demands of the volume type become candidates for scheduling. Usage of this resource restricted to admins only by default policy.

Required Properties

specs
The specs key and value pairs of the QoS.
Map value expected.
Can be updated without replacement.

Optional Properties

name
Name of the QoS.
String value expected.
Updates cause replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Cinder::QoSSpecs
    properties:
      name: String
      specs: {...}

OS::Cinder::Quota

Available since 7.0.0 (Newton)

A resource for creating cinder quotas.

Cinder Quota is used to manage operational limits for projects. Currently, this resource can manage Cinder’s gigabytes, snapshots, and volumes quotas.

Note that default cinder security policy usage of this resource is limited to being used by administrators only. Administrators should be careful to create only one Cinder Quota resource per project, otherwise it will be hard for them to manage the quota properly.

Required Properties

project
OpenStack Keystone Project.
String value expected.
Updates cause replacement.
Value must be of type keystone.project

Optional Properties

gigabytes
Quota for the amount of disk space (in Gigabytes). Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
snapshots
Quota for the number of snapshots. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
volumes
Quota for the number of volumes. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Cinder::Quota
    properties:
      gigabytes: Integer
      project: String
      snapshots: Integer
      volumes: Integer

OS::Cinder::Volume

A resource that implements Cinder volumes.

Cinder volume is a storage in the form of block devices. It can be used, for example, for providing storage to instance. Volume supports creation from snapshot, backup or image. Also volume can be created only by size.

Optional Properties

availability_zone
The availability zone in which the volume will be created.
String value expected.
Updates cause replacement.
backup_id
If specified, the backup to create the volume from.
String value expected.
Can be updated without replacement.
Value must be of type cinder.backup
description
A description of the volume.
String value expected.
Can be updated without replacement.
image
If specified, the name or ID of the image to create the volume from.
String value expected.
Updates cause replacement.
Value must be of type glance.image
metadata
Key/value pairs to associate with the volume.
Map value expected.
Can be updated without replacement.
Defaults to {}
multiattach

Available since 6.0.0 (Mitaka)

Whether allow the volume to be attached more than once.
Boolean value expected.
Updates cause replacement.
Defaults to false
name
A name used to distinguish the volume.
String value expected.
Can be updated without replacement.
read_only

Available since 5.0.0 (Liberty)

Enables or disables read-only access mode of volume.
Boolean value expected.
Can be updated without replacement.
scheduler_hints

Available since 2015.1 (Kilo)

Arbitrary key-value pairs specified by the client to help the Cinder scheduler creating a volume.
Map value expected.
Updates cause replacement.
size
The size of the volume in GB. On update only increase in size is supported. This property is required unless property backup_id or source_volid or snapshot_id is specified.
Integer value expected.
Can be updated without replacement.
The value must be at least 1.
snapshot_id
If specified, the snapshot to create the volume from.
String value expected.
Updates cause replacement.
Value must be of type cinder.snapshot
source_volid
If specified, the volume to use as source.
String value expected.
Updates cause replacement.
Value must be of type cinder.volume
volume_type
If specified, the type of volume to use, mapping to a specific backend.
String value expected.
Can be updated without replacement.
Value must be of type cinder.vtype

Attributes

attachments

DEPRECATED since 9.0.0 (Pike) - Use property attachments_list.

Available since 2015.1 (Kilo)

A string representation of the list of attachments of the volume.

attachments_list

Available since 9.0.0 (Pike)

The list of attachments of the volume.

availability_zone
The availability zone in which the volume is located.
bootable
Boolean indicating if the volume can be booted or not.
created_at
The timestamp indicating volume creation.
display_description
Description of the volume.
display_name
Name of the volume.
encrypted
Boolean indicating if the volume is encrypted or not.
metadata
Key/value pairs associated with the volume.
metadata_values
Key/value pairs associated with the volume in raw dict form.
multiattach

Available since 6.0.0 (Mitaka)

Boolean indicating whether allow the volume to be attached more than once.

show
Detailed information about resource.
size
The size of the volume in GB.
snapshot_id
The snapshot the volume was created from, if any.
source_volid
The volume used as source, if any.
status
The current status of the volume.
volume_type
The type of the volume mapping to a backend, if any.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Cinder::Volume
    properties:
      availability_zone: String
      backup_id: String
      description: String
      image: String
      metadata: {...}
      multiattach: Boolean
      name: String
      read_only: Boolean
      scheduler_hints: {...}
      size: Integer
      snapshot_id: String
      source_volid: String
      volume_type: String

OS::Cinder::VolumeAttachment

Resource for associating volume to instance.

Resource for associating existing volume to instance. Also, the location where the volume is exposed on the instance can be specified.

Required Properties

instance_uuid
The ID of the server to which the volume attaches.
String value expected.
Can be updated without replacement.
volume_id
The ID of the volume to be attached.
String value expected.
Can be updated without replacement.
Value must be of type cinder.volume

Optional Properties

mountpoint
The location where the volume is exposed on the instance. This assignment may not be honored and it is advised that the path /dev/disk/by-id/virtio-<VolumeId> be used instead.
String value expected.
Can be updated without replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Cinder::VolumeAttachment
    properties:
      instance_uuid: String
      mountpoint: String
      volume_id: String

OS::Cinder::VolumeType

Available since 2015.1 (Kilo)

A resource for creating cinder volume types.

Volume type resource allows to define, whether volume, which will be use this type, will public and which projects are allowed to work with it. Also, there can be some user-defined metadata.

Note that default cinder security policy usage of this resource is limited to being used by administrators only.

Required Properties

name
Name of the volume type.
String value expected.
Can be updated without replacement.

Optional Properties

description

Available since 5.0.0 (Liberty)

Description of the volume type.
String value expected.
Can be updated without replacement.
is_public

Available since 5.0.0 (Liberty)

Whether the volume type is accessible to the public.
Boolean value expected.
Can be updated without replacement.
Defaults to true
metadata
The extra specs key and value pairs of the volume type.
Map value expected.
Can be updated without replacement.
projects

Available since 5.0.0 (Liberty)

Projects to add volume type access to. NOTE: This property is only supported since Cinder API V2.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type keystone.project

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Cinder::VolumeType
    properties:
      description: String
      is_public: Boolean
      metadata: {...}
      name: String
      projects: [String, String, ...]

OS::Designate::RecordSet

Available since 8.0.0 (Ocata)

Heat Template Resource for Designate RecordSet.

Designate provides DNS-as-a-Service services for OpenStack. RecordSet helps to add more than one records.

Required Properties

records
A list of data for this RecordSet. Each item will be a separate record in Designate These items should conform to the DNS spec for the record type - e.g. A records must be IPv4 addresses, CNAME records must be a hostname. DNS record data varies based on the type of record. For more details, please refer rfc 1035.
List value expected.
Can be updated without replacement.
type
DNS RecordSet type.
String value expected.
Updates cause replacement.
Allowed values: A, AAAA, CNAME, MX, SRV, TXT, SPF, NS, PTR, SSHFP, SOA
zone
DNS Zone id or name.
String value expected.
Updates cause replacement.
Value must be of type designate.zone

Optional Properties

description
Description of RecordSet.
String value expected.
Can be updated without replacement.
The length must be no greater than 160.
name
RecordSet name.
String value expected.
Updates cause replacement.
The length must be no greater than 255.
ttl
Time To Live (Seconds).
Integer value expected.
Can be updated without replacement.
The value must be in the range 1 to 2147483647.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Designate::RecordSet
    properties:
      description: String
      name: String
      records: [Value, Value, ...]
      ttl: Integer
      type: String
      zone: String

OS::Designate::Zone

Available since 8.0.0 (Ocata)

Heat Template Resource for Designate Zone.

Designate provides DNS-as-a-Service services for OpenStack. So, zone, part of domain is a realm with an identification string, unique in DNS.

Required Properties

name
DNS Name for the zone.
String value expected.
Updates cause replacement.
The length must be no greater than 255.

Optional Properties

description
Description of zone.
String value expected.
Can be updated without replacement.
The length must be no greater than 160.
email
E-mail for the zone. Used in SOA records for the zone. It is required for PRIMARY Type, otherwise ignored.
String value expected.
Can be updated without replacement.
masters
The servers to slave from to get DNS information and is mandatory for zone type SECONDARY, otherwise ignored.
List value expected.
Can be updated without replacement.
ttl
Time To Live (Seconds) for the zone.
Integer value expected.
Can be updated without replacement.
The value must be in the range 1 to 2147483647.
type
Type of zone. PRIMARY is controlled by Designate, SECONDARY zones are slaved from another DNS Server.
String value expected.
Updates cause replacement.
Defaults to "PRIMARY"
Allowed values: PRIMARY, SECONDARY

Attributes

serial
DNS zone serial number.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Designate::Zone
    properties:
      description: String
      email: String
      masters: [Value, Value, ...]
      name: String
      ttl: Integer
      type: String

OS::Heat::AccessPolicy

Resource for defining which resources can be accessed by users.

NOTE: Now this resource is actually associated with an AWS user resource, not any OS:: resource though it is registered under the OS namespace below.

Resource for defining resources that users are allowed to access by the DescribeStackResource API.

Required Properties

AllowedResources
Resources that users are allowed to access by the DescribeStackResource API.
List value expected.
Updates cause replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::AccessPolicy
    properties:
      AllowedResources: [Value, Value, ...]

OS::Heat::AutoScalingGroup

Available since 2014.1 (Icehouse)

An autoscaling group that can scale arbitrary resources.

An autoscaling group allows the creation of a desired count of similar resources, which are defined with the resource property in HOT format. If there is a need to create many of the same resources (e.g. one hundred sets of Server, WaitCondition and WaitConditionHandle or even Neutron Nets), AutoScalingGroup is a convenient and easy way to do that.

Required Properties

max_size
Maximum number of resources in the group.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
min_size
Minimum number of resources in the group.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
resource
Resource definition for the resources in the group, in HOT format. The value of this property is the definition of a resource just as if it had been declared in the template itself.
Map value expected.
Can be updated without replacement.

Optional Properties

cooldown
Cooldown period, in seconds.
Integer value expected.
Can be updated without replacement.
desired_capacity
Desired initial number of resources.
Integer value expected.
Can be updated without replacement.
rolling_updates
Policy for rolling updates for this scaling group.
Map value expected.
Can be updated without replacement.
Defaults to {"pause_time": 0, "min_in_service": 0, "max_batch_size": 1}
Map properties:
max_batch_size
Optional.
The maximum number of resources to replace at once.
Integer value expected.
Can be updated without replacement.
Defaults to 1
The value must be at least 1.
min_in_service
Optional.
The minimum number of resources in service while rolling updates are being executed.
Integer value expected.
Can be updated without replacement.
Defaults to 0
The value must be at least 0.
pause_time
Optional.
The number of seconds to wait between batches of updates.
Number value expected.
Can be updated without replacement.
Defaults to 0
The value must be at least 0.

Attributes

current_size

Available since 2015.1 (Kilo)

The current size of AutoscalingResourceGroup.

outputs

Available since 2014.2 (Juno)

A map of resource names to the specified attribute of each individual resource that is part of the AutoScalingGroup. This map specifies output parameters that are available once the AutoScalingGroup has been instantiated.

outputs_list

Available since 2014.2 (Juno)

A list of the specified attribute of each individual resource that is part of the AutoScalingGroup. This list of attributes is available as an output once the AutoScalingGroup has been instantiated.

refs

Available since 7.0.0 (Newton)

A list of resource IDs for the resources in the group.

refs_map

Available since 7.0.0 (Newton)

A map of resource names to IDs for the resources in the group.

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::AutoScalingGroup
    properties:
      cooldown: Integer
      desired_capacity: Integer
      max_size: Integer
      min_size: Integer
      resource: {...}
      rolling_updates: {"pause_time": Number, "min_in_service": Integer, "max_batch_size": Integer}

OS::Heat::CloudConfig

Available since 2014.1 (Icehouse)

A configuration resource for representing cloud-init cloud-config.

This resource allows cloud-config YAML to be defined and stored by the config API. Any intrinsic functions called in the config will be resolved before storing the result.

This resource will generally be referenced by OS::Nova::Server user_data, or OS::Heat::MultipartMime parts config. Since cloud-config is boot-only configuration, any changes to the definition will result in the replacement of all servers which reference it.

Optional Properties

cloud_config
Map representing the cloud-config data structure which will be formatted as YAML.
Map value expected.
Updates cause replacement.

Attributes

config
The config value of the software config.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::CloudConfig
    properties:
      cloud_config: {...}

OS::Heat::Delay

Available since 11.0.0 (Rocky)

A resource that pauses for a configurable delay.

By manipulating the dependency relationships between resources in the template, a delay can be inserted at an arbitrary point during e.g. stack creation or deletion. They delay will occur after any resource that it depends on during CREATE or SUSPEND, and before any resource that it depends on during DELETE or RESUME. Similarly, it will occur before any resource that depends on it during CREATE or SUSPEND, and after any resource thet depends on it during DELETE or RESUME.

If a non-zero maximum jitter is specified, a random amount of jitter - chosen with uniform probability in the range from 0 to the product of the maximum jitter value and the jitter multiplier (1s by default) - is added to the minimum delay time. This can be used, for example, in the scaled unit of a large scaling group to prevent ‘thundering herd’ issues.

Optional Properties

actions
Actions during which the delay will occur.
List value expected.
Can be updated without replacement.
Defaults to ["CREATE"]
Allowed values: CREATE, DELETE, SUSPEND, RESUME
jitter_multiplier
Number of seconds to multiply the maximum jitter value by.
Number value expected.
Can be updated without replacement.
Defaults to 1.0
The value must be at least 0.
max_jitter
Maximum jitter to add to the minimum wait time.
Number value expected.
Can be updated without replacement.
Defaults to 0
The value must be at least 0.
min_wait
Minimum time in seconds to wait during the specified actions.
Number value expected.
Can be updated without replacement.
Defaults to 0
The value must be at least 0.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::Delay
    properties:
      actions: [Value, Value, ...]
      jitter_multiplier: Number
      max_jitter: Number
      min_wait: Number

OS::Heat::DeployedServer

A resource for managing servers that are already deployed.

A DeployedServer resource manages resources for servers that have been deployed externally from OpenStack. These servers can be associated with SoftwareDeployments for further orchestration via Heat.

Optional Properties

deployment_swift_data

Available since 9.0.0 (Pike)

Swift container and object to use for storing deployment data for the server resource. The parameter is a map value with the keys “container” and “object”, and the values are the corresponding container and object names. The software_config_transport parameter must be set to POLL_TEMP_URL for swift to be used. If not specified, and software_config_transport is set to POLL_TEMP_URL, a container will be automatically created from the resource name, and the object name will be a generated uuid.
Map value expected.
Can be updated without replacement.
Defaults to {}
Map properties:
container
Optional.
Name of the container.
String value expected.
Can be updated without replacement.
The length must be at least 1.
object
Optional.
Name of the object.
String value expected.
Can be updated without replacement.
The length must be at least 1.
name
Server name.
String value expected.
Can be updated without replacement.
software_config_transport
How the server should receive the metadata required for software configuration. POLL_SERVER_CFN will allow calls to the cfn API action DescribeStackResource authenticated with the provided keypair. POLL_SERVER_HEAT will allow calls to the Heat API resource-show using the provided keystone credentials. POLL_TEMP_URL will create and populate a Swift TempURL with metadata for polling. ZAQAR_MESSAGE will create a dedicated zaqar queue and post the metadata for polling.
String value expected.
Can be updated without replacement.
Defaults to "POLL_SERVER_CFN"
Allowed values: POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE
metadata

DEPRECATED since 9.0.0 (Pike) - This property will be ignored

Available since 8.0.0 (Ocata)

Arbitrary key/value metadata to store for this server. Both keys and values must be 255 characters or less. Non-string values will be serialized to JSON (and the serialized string must be 255 characters or less).
Map value expected.
Can be updated without replacement.

Attributes

name
Name of the server.
os_collect_config

Available since 9.0.0 (Pike)

The os-collect-config configuration for the server’s local agent to be configured to connect to Heat to retrieve deployment data.

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::DeployedServer
    properties:
      deployment_swift_data: {"object": String, "container": String}
      name: String
      software_config_transport: String

OS::Heat::InstanceGroup

An instance group that can scale arbitrary instances.

A resource allowing for the creating number of defined with AWS::AutoScaling::LaunchConfiguration instances. Allows to associate scaled resources with loadbalancer resources.

Required Properties

AvailabilityZones
Not Implemented.
List value expected.
Updates cause replacement.
LaunchConfigurationName
The reference to a LaunchConfiguration resource.
String value expected.
Can be updated without replacement.
Size
Desired number of instances.
Integer value expected.
Can be updated without replacement.

Optional Properties

LoadBalancerNames
List of LoadBalancer resources.
List value expected.
Updates cause replacement.
Tags
Tags to attach to this group.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
Key
Required.
Tag key.
String value expected.
Updates cause replacement.
Value
Required.
Tag value.
String value expected.
Updates cause replacement.

Attributes

InstanceList
A comma-delimited list of server ip addresses. (Heat extension).
show
Detailed information about resource.

update_policy

RollingUpdate
Map value expected.
Updates cause replacement.
Map properties:
MaxBatchSize
Optional.
Integer value expected.
Updates cause replacement.
Defaults to 1
MinInstancesInService
Optional.
Integer value expected.
Updates cause replacement.
Defaults to 0
PauseTime
Optional.
String value expected.
Updates cause replacement.
Defaults to "PT0S"

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::InstanceGroup
    properties:
      AvailabilityZones: [Value, Value, ...]
      LaunchConfigurationName: String
      LoadBalancerNames: [Value, Value, ...]
      Size: Integer
      Tags: [{"Value": String, "Key": String}, {"Value": String, "Key": String}, ...]

OS::Heat::MultipartMime

Available since 2014.1 (Icehouse)

Assembles a collection of software configurations as a multi-part mime.

Parts in the message can be populated with inline configuration or references to other config resources. If the referenced resource is itself a valid multi-part mime message, that will be broken into parts and those parts appended to this message.

The resulting multi-part mime message will be stored by the configs API and can be referenced in properties such as OS::Nova::Server user_data.

This resource is generally used to build a list of cloud-init configuration elements including scripts and cloud-config. Since cloud-init is boot-only configuration, any changes to the definition will result in the replacement of all servers which reference it.

Optional Properties

parts
Parts belonging to this message.
List value expected.
Updates cause replacement.
Defaults to []
List contents:
Map value expected.
Updates cause replacement.
Map properties:
config
Required.
Content of part to attach, either inline or by referencing the ID of another software config resource.
String value expected.
Updates cause replacement.
filename
Optional.
Optional filename to associate with part.
String value expected.
Updates cause replacement.
subtype
Optional.
Optional subtype to specify with the type.
String value expected.
Updates cause replacement.
type
Optional.
Whether the part content is text or multipart.
String value expected.
Updates cause replacement.
Defaults to "text"
Allowed values: text, multipart

Attributes

config
The config value of the software config.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::MultipartMime
    properties:
      parts: [{"type": String, "subtype": String, "filename": String, "config": String}, {"type": String, "subtype": String, "filename": String, "config": String}, ...]

OS::Heat::None

Available since 5.0.0 (Liberty)

Enables easily disabling certain resources via the resource_registry.

It does nothing, but can effectively stub out any other resource because it will accept any properties and return any attribute (as None). Note this resource always does nothing on update (e.g it is not replaced even if a change to the stubbed resource properties would cause replacement).

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::None

OS::Heat::RandomString

Available since 2014.1 (Icehouse)

A resource which generates a random string.

This is useful for configuring passwords and secrets on services. Random string can be generated from specified character sequences, which means that all characters will be randomly chosen from specified sequences, or with some classes, e.g. letterdigits, which means that all character will be randomly chosen from union of ascii letters and digits. Output string will be randomly generated string with specified length (or with length of 32, if length property doesn’t specified).

Optional Properties

character_classes
A list of character class and their constraints to generate the random string from.
List value expected.
Updates cause replacement.
Defaults to [{"min": 1, "class": "lettersdigits"}]
List contents:
Map value expected.
Updates cause replacement.
Map properties:
class
Optional.
A character class and its corresponding min constraint to generate the random string from.
String value expected.
Updates cause replacement.
Defaults to "lettersdigits"
Allowed values: lettersdigits, letters, lowercase, uppercase, digits, hexdigits, octdigits
min
Optional.
The minimum number of characters from this character class that will be in the generated string.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be in the range 1 to 512.
character_sequences
A list of character sequences and their constraints to generate the random string from.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
min
Optional.
The minimum number of characters from this sequence that will be in the generated string.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be in the range 1 to 512.
sequence
Required.
A character sequence and its corresponding min constraint to generate the random string from.
String value expected.
Updates cause replacement.
length
Length of the string to generate.
Integer value expected.
Updates cause replacement.
Defaults to 32
The value must be in the range 1 to 512.
salt
Value which can be set or changed on stack update to trigger the resource for replacement with a new random string. The salt value itself is ignored by the random generator.
String value expected.
Updates cause replacement.

Attributes

show
Detailed information about resource.
value
The random string generated by this resource. This value is also available by referencing the resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::RandomString
    properties:
      character_classes: [{"min": Integer, "class": String}, {"min": Integer, "class": String}, ...]
      character_sequences: [{"min": Integer, "sequence": String}, {"min": Integer, "sequence": String}, ...]
      length: Integer
      salt: String

OS::Heat::ResourceChain

Available since 6.0.0 (Mitaka)

Creates one or more resources with the same configuration.

The types of resources to be created are passed into the chain through the resources property. One resource will be created for each type listed. Each is passed the configuration specified under resource_properties.

The concurrent property controls if the resources will be created concurrently. If omitted or set to false, each resource will be treated as having a dependency on the resource before it in the list.

Required Properties

resources
The list of resource types to create. This list may contain type names or aliases defined in the resource registry. Specific template names are not supported.
List value expected.
Can be updated without replacement.

Optional Properties

concurrent
If true, the resources in the chain will be created concurrently. If false or omitted, each resource will be treated as having a dependency on the previous resource in the list.
Boolean value expected.
Updates cause replacement.
Defaults to false
resource_properties
Properties to pass to each resource being created in the chain.
Map value expected.
Updates cause replacement.

Attributes

attributes
A map of resource names to the specified attribute of each individual resource.
refs
A list of resource IDs for the resources in the chain.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::ResourceChain
    properties:
      concurrent: Boolean
      resource_properties: {...}
      resources: [Value, Value, ...]

OS::Heat::ResourceGroup

Available since 2014.1 (Icehouse)

Creates one or more identically configured nested resources.

In addition to the refs attribute, this resource implements synthetic attributes that mirror those of the resources in the group. When getting an attribute from this resource, however, a list of attribute values for each resource in the group is returned. To get attribute values for a single resource in the group, synthetic attributes of the form resource.{resource index}.{attribute name} can be used. The resource ID of a particular resource in the group can be obtained via the synthetic attribute resource.{resource index}. Note, that if you get attribute without {resource index}, e.g. [resource, {attribute_name}], you’ll get a list of this attribute’s value for all resources in group.

While each resource in the group will be identically configured, this resource does allow for some index-based customization of the properties of the resources in the group. For example:

resources:
  my_indexed_group:
    type: OS::Heat::ResourceGroup
    properties:
      count: 3
      resource_def:
        type: OS::Nova::Server
        properties:
          # create a unique name for each server
          # using its index in the group
          name: my_server_%index%
          image: CentOS 6.5
          flavor: 4GB Performance

would result in a group of three servers having the same image and flavor, but names of my_server_0, my_server_1, and my_server_2. The variable used for substitution can be customized by using the index_var property.

Required Properties

resource_def
Resource definition for the resources in the group. The value of this property is the definition of a resource just as if it had been declared in the template itself.
Map value expected.
Can be updated without replacement.
Map properties:
metadata

Available since 5.0.0 (Liberty)

Supplied metadata for the resources in the group.
Map value expected.
Can be updated without replacement.
properties
Property values for the resources in the group.
Map value expected.
Can be updated without replacement.
type
Required.
The type of the resources in the group.
String value expected.
Can be updated without replacement.

Optional Properties

count
The number of resources to create.
Integer value expected.
Can be updated without replacement.
Defaults to 1
The value must be at least 0.
index_var

Available since 2014.2 (Juno)

A variable that this resource will use to replace with the current index of a given resource in the group. Can be used, for example, to customize the name property of grouped servers in order to differentiate them when listed with nova client.
String value expected.
Updates cause replacement.
Defaults to "%index%"
The length must be at least 3.
removal_policies

Available since 2015.1 (Kilo)

Policies for removal of resources on update.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Policy to be processed when doing an update which requires removal of specific resources.
Map value expected.
Can be updated without replacement.
Map properties:
resource_list
List of resources to be removed when doing an update which requires removal of specific resources. The resource may be specified several ways: (1) The resource name, as in the nested stack, (2) The resource reference returned from get_resource in a template, as available via the ‘refs’ attribute. Note this is destructive on update when specified; even if the count is not being reduced, and once a resource name is removed, its name is never reused in subsequent updates.
List value expected.
Can be updated without replacement.
Defaults to []
removal_policies_mode

Available since 10.0.0 (Queens)

How to handle changes to removal_policies on update. The default “append” mode appends to the internal list, “update” replaces it on update.
String value expected.
Can be updated without replacement.
Defaults to "append"
Allowed values: append, update

Attributes

attributes

Available since 2014.2 (Juno)

A map of resource names to the specified attribute of each individual resource. Requires heat_template_version: 2014-10-16.

refs
A list of resource IDs for the resources in the group.
refs_map

Available since 7.0.0 (Newton)

A map of resource names to IDs for the resources in the group.

removed_rsrc_list

Available since 7.0.0 (Newton)

A list of removed resource names.

show
Detailed information about resource.

update_policy

batch_create

Available since 5.0.0 (Liberty)

Map value expected.
Updates cause replacement.
Map properties:
max_batch_size
Optional.
The maximum number of resources to create at once.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be at least 1.
pause_time
Optional.
The number of seconds to wait between batches.
Number value expected.
Updates cause replacement.
Defaults to 0
The value must be at least 0.
rolling_update

Available since 5.0.0 (Liberty)

Map value expected.
Updates cause replacement.
Map properties:
max_batch_size
Optional.
The maximum number of resources to replace at once.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be at least 1.
min_in_service
Optional.
The minimum number of resources in service while rolling updates are being executed.
Integer value expected.
Updates cause replacement.
Defaults to 0
The value must be at least 0.
pause_time
Optional.
The number of seconds to wait between batches of updates.
Number value expected.
Updates cause replacement.
Defaults to 0
The value must be at least 0.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::ResourceGroup
    properties:
      count: Integer
      index_var: String
      removal_policies: [{"resource_list": [Value, Value, ...]}, {"resource_list": [Value, Value, ...]}, ...]
      removal_policies_mode: String
      resource_def: {"metadata": {...}, "type": String, "properties": {...}}

OS::Heat::ScalingPolicy

A resource to manage scaling of OS::Heat::AutoScalingGroup.

Note while it may incidentally support AWS::AutoScaling::AutoScalingGroup for now, please don’t use it for that purpose and use AWS::AutoScaling::ScalingPolicy instead.

Resource to manage scaling for OS::Heat::AutoScalingGroup, i.e. define which metric should be scaled and scaling adjustment, set cooldown etc.

Required Properties

adjustment_type
Type of adjustment (absolute or percentage).
String value expected.
Can be updated without replacement.
Allowed values: change_in_capacity, exact_capacity, percent_change_in_capacity
auto_scaling_group_id
AutoScaling group ID to apply policy to.
String value expected.
Updates cause replacement.
scaling_adjustment
Size of adjustment.
Number value expected.
Can be updated without replacement.

Optional Properties

cooldown
Cooldown period, in seconds.
Number value expected.
Can be updated without replacement.
min_adjustment_step
Minimum number of resources that are added or removed when the AutoScaling group scales up or down. This can be used only when specifying percent_change_in_capacity for the adjustment_type property.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.

Attributes

alarm_url
A signed url to handle the alarm.
show
Detailed information about resource.
signal_url

Available since 5.0.0 (Liberty)

A url to handle the alarm using native API.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::ScalingPolicy
    properties:
      adjustment_type: String
      auto_scaling_group_id: String
      cooldown: Number
      min_adjustment_step: Integer
      scaling_adjustment: Number

OS::Heat::SoftwareComponent

Available since 2014.2 (Juno)

A resource for describing and storing a software component.

This resource is similar to OS::Heat::SoftwareConfig. In contrast to SoftwareConfig which allows for storing only one configuration (e.g. one script), SoftwareComponent allows for storing multiple configurations to address handling of all lifecycle hooks (CREATE, UPDATE, SUSPEND, RESUME, DELETE) for a software component in one place.

This resource is backed by the persistence layer and the API of the SoftwareConfig resource, and only adds handling for the additional ‘configs’ property and attribute.

Required Properties

configs
The list of configurations for the different lifecycle actions of the represented software component.
List value expected.
Updates cause replacement.
The length must be at least 1.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
actions
Lifecycle actions to which the configuration applies. The string values provided for this property can include the standard resource actions CREATE, DELETE, UPDATE, SUSPEND and RESUME supported by Heat.
List value expected.
Updates cause replacement.
Defaults to ["CREATE", "UPDATE"]
The length must be at least 1.
List contents:
Optional.
String value expected.
Updates cause replacement.
config
Optional.
Configuration script or manifest which specifies what actual configuration is performed.
String value expected.
Updates cause replacement.
tool
Required.
The configuration tool used to actually apply the configuration on a server. This string property has to be understood by in-instance tools running inside deployed servers.
String value expected.
Updates cause replacement.

Optional Properties

inputs
Schema representing the inputs that this software config is expecting.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
default
Optional.
Default value for the input if none is specified.
Any value expected.
Updates cause replacement.
description
Optional.
Description of the input.
String value expected.
Updates cause replacement.
name
Required.
Name of the input.
String value expected.
Updates cause replacement.
replace_on_change
Optional.
Replace the deployment instead of updating it when the input value changes.
Boolean value expected.
Updates cause replacement.
Defaults to false
type
Optional.
Type of the value of the input.
String value expected.
Updates cause replacement.
Defaults to "String"
Allowed values: String, Number, CommaDelimitedList, Json, Boolean
options
Map containing options specific to the configuration management tool used by this resource.
Map value expected.
Updates cause replacement.
outputs
Schema representing the outputs that this software config will produce.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
description
Optional.
Description of the output.
String value expected.
Updates cause replacement.
error_output
Optional.
Denotes that the deployment is in an error state if this output has a value.
Boolean value expected.
Updates cause replacement.
Defaults to false
name
Required.
Name of the output.
String value expected.
Updates cause replacement.
type
Optional.
Type of the value of the output.
String value expected.
Updates cause replacement.
Defaults to "String"
Allowed values: String, Number, CommaDelimitedList, Json, Boolean

Attributes

config
The config value of the software config.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::SoftwareComponent
    properties:
      configs: [{"tool": String, "actions": [String, String, ...], "config": String}, {"tool": String, "actions": [String, String, ...], "config": String}, ...]
      inputs: [{"type": String, "name": String, "replace_on_change": Boolean, "description": String, "default": Any}, {"type": String, "name": String, "replace_on_change": Boolean, "description": String, "default": Any}, ...]
      options: {...}
      outputs: [{"type": String, "name": String, "description": String, "error_output": Boolean}, {"type": String, "name": String, "description": String, "error_output": Boolean}, ...]

OS::Heat::SoftwareConfig

Available since 2014.1 (Icehouse)

A resource for describing and storing software configuration.

The software_configs API which backs this resource creates immutable configs, so any change to the template resource definition will result in a new config being created, and the old one being deleted.

Configs can be defined in the same template which uses them, or they can be created in one stack, and passed to another stack via a parameter.

A config resource can be referenced in other resource properties which are config-aware. This includes the properties OS::Nova::Server user_data, OS::Heat::SoftwareDeployment config and OS::Heat::MultipartMime parts config.

Along with the config script itself, this resource can define schemas for inputs and outputs which the config script is expected to consume and produce. Inputs and outputs are optional and will map to concepts which are specific to the configuration tool being used.

Optional Properties

config
Configuration script or manifest which specifies what actual configuration is performed.
String value expected.
Updates cause replacement.
group
Namespace to group this software config by when delivered to a server. This may imply what configuration tool is going to perform the configuration.
String value expected.
Updates cause replacement.
Defaults to "Heat::Ungrouped"
inputs
Schema representing the inputs that this software config is expecting.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
default
Optional.
Default value for the input if none is specified.
Any value expected.
Updates cause replacement.
description
Optional.
Description of the input.
String value expected.
Updates cause replacement.
name
Required.
Name of the input.
String value expected.
Updates cause replacement.
replace_on_change
Optional.
Replace the deployment instead of updating it when the input value changes.
Boolean value expected.
Updates cause replacement.
Defaults to false
type
Optional.
Type of the value of the input.
String value expected.
Updates cause replacement.
Defaults to "String"
Allowed values: String, Number, CommaDelimitedList, Json, Boolean
options
Map containing options specific to the configuration management tool used by this resource.
Map value expected.
Updates cause replacement.
outputs
Schema representing the outputs that this software config will produce.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
description
Optional.
Description of the output.
String value expected.
Updates cause replacement.
error_output
Optional.
Denotes that the deployment is in an error state if this output has a value.
Boolean value expected.
Updates cause replacement.
Defaults to false
name
Required.
Name of the output.
String value expected.
Updates cause replacement.
type
Optional.
Type of the value of the output.
String value expected.
Updates cause replacement.
Defaults to "String"
Allowed values: String, Number, CommaDelimitedList, Json, Boolean

Attributes

config
The config value of the software config.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::SoftwareConfig
    properties:
      config: String
      group: String
      inputs: [{"type": String, "name": String, "replace_on_change": Boolean, "description": String, "default": Any}, {"type": String, "name": String, "replace_on_change": Boolean, "description": String, "default": Any}, ...]
      options: {...}
      outputs: [{"type": String, "name": String, "description": String, "error_output": Boolean}, {"type": String, "name": String, "description": String, "error_output": Boolean}, ...]

OS::Heat::SoftwareDeployment

Available since 2014.1 (Icehouse)

This resource associates a server with some configuration.

The configuration is to be deployed to that server.

A deployment allows input values to be specified which map to the inputs schema defined in the config resource. These input values are interpreted by the configuration tool in a tool-specific manner.

Whenever this resource goes to an IN_PROGRESS state, it creates an ephemeral config that includes the inputs values plus a number of extra inputs which have names prefixed with deploy_. The extra inputs relate to the current state of the stack, along with the information and credentials required to signal back the deployment results.

Unless signal_transport=NO_SIGNAL, this resource will remain in an IN_PROGRESS state until the server signals it with the output values for that deployment. Those output values are then available as resource attributes, along with the default attributes deploy_stdout, deploy_stderr and deploy_status_code.

Specifying actions other than the default CREATE and UPDATE will result in the deployment being triggered in those actions. For example this would allow cleanup configuration to be performed during actions SUSPEND and DELETE. A config could be designed to only work with some specific actions, or a config can read the value of the deploy_action input to allow conditional logic to perform different configuration for different actions.

Required Properties

server
ID of resource to apply configuration to. Normally this should be a Nova server ID.
String value expected.
Updates cause replacement.

Optional Properties

actions
Which lifecycle actions of the deployment resource will result in this deployment being triggered.
List value expected.
Can be updated without replacement.
Defaults to ["CREATE", "UPDATE"]
Allowed values: CREATE, UPDATE, DELETE, SUSPEND, RESUME
config
ID of software configuration resource to execute when applying to the server.
String value expected.
Can be updated without replacement.
input_values
Input values to apply to the software configuration on this server.
Map value expected.
Can be updated without replacement.
name
Name of the derived config associated with this deployment. This is used to apply a sort order to the list of configurations currently deployed to a server.
String value expected.
Can be updated without replacement.
signal_transport
How the server should signal to heat with the deployment output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL. TEMP_URL_SIGNAL will create a Swift TempURL to be signaled via HTTP PUT. HEAT_SIGNAL will allow calls to the Heat API resource-signal using the provided keystone credentials. ZAQAR_SIGNAL will create a dedicated zaqar queue to be signaled using the provided keystone credentials. NO_SIGNAL will result in the resource going to the COMPLETE state without waiting for any signal.
String value expected.
Updates cause replacement.
Defaults to "CFN_SIGNAL"
Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL, NO_SIGNAL, ZAQAR_SIGNAL

Attributes

deploy_status_code
Returned status code from the configuration execution.
deploy_stderr
Captured stderr from the configuration execution.
deploy_stdout
Captured stdout from the configuration execution.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::SoftwareDeployment
    properties:
      actions: [Value, Value, ...]
      config: String
      input_values: {...}
      name: String
      server: String
      signal_transport: String

OS::Heat::SoftwareDeploymentGroup

Available since 5.0.0 (Liberty)

This resource associates a group of servers with some configuration.

The configuration is to be deployed to all servers in the group.

The properties work in a similar way to OS::Heat::SoftwareDeployment, and in addition to the attributes documented, you may pass any attribute supported by OS::Heat::SoftwareDeployment, including those exposing arbitrary outputs, and return a map of deployment names to the specified attribute.

Required Properties

servers
A map of names and server IDs to apply configuration to. The name is arbitrary and is used as the Heat resource name for the corresponding deployment.
Map value expected.
Can be updated without replacement.

Optional Properties

actions
Which lifecycle actions of the deployment resource will result in this deployment being triggered.
List value expected.
Can be updated without replacement.
Defaults to ["CREATE", "UPDATE"]
Allowed values: CREATE, UPDATE, DELETE, SUSPEND, RESUME
config
ID of software configuration resource to execute when applying to the server.
String value expected.
Can be updated without replacement.
input_values
Input values to apply to the software configuration on this server.
Map value expected.
Can be updated without replacement.
name
Name of the derived config associated with this deployment. This is used to apply a sort order to the list of configurations currently deployed to a server.
String value expected.
Can be updated without replacement.
signal_transport
How the server should signal to heat with the deployment output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL. TEMP_URL_SIGNAL will create a Swift TempURL to be signaled via HTTP PUT. HEAT_SIGNAL will allow calls to the Heat API resource-signal using the provided keystone credentials. ZAQAR_SIGNAL will create a dedicated zaqar queue to be signaled using the provided keystone credentials. NO_SIGNAL will result in the resource going to the COMPLETE state without waiting for any signal.
String value expected.
Updates cause replacement.
Defaults to "CFN_SIGNAL"
Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL, NO_SIGNAL, ZAQAR_SIGNAL

Attributes

deploy_status_codes
A map of Nova names and returned status code from the configuration execution.
deploy_stderrs
A map of Nova names and captured stderrs from the configuration execution to each server.
deploy_stdouts
A map of Nova names and captured stdouts from the configuration execution to each server.
show
Detailed information about resource.

update_policy

batch_create

Available since 7.0.0 (Newton)

Map value expected.
Updates cause replacement.
Map properties:
max_batch_size
Optional.
The maximum number of resources to create at once.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be at least 1.
pause_time
Optional.
The number of seconds to wait between batches.
Number value expected.
Updates cause replacement.
Defaults to 0
The value must be at least 0.
rolling_update

Available since 7.0.0 (Newton)

Map value expected.
Updates cause replacement.
Map properties:
max_batch_size
Optional.
The maximum number of deployments to replace at once.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be at least 1.
pause_time
Optional.
The number of seconds to wait between batches of updates.
Number value expected.
Updates cause replacement.
Defaults to 0
The value must be at least 0.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::SoftwareDeploymentGroup
    properties:
      actions: [Value, Value, ...]
      config: String
      input_values: {...}
      name: String
      servers: {...}
      signal_transport: String

OS::Heat::Stack

A Resource representing a stack.

A resource that allowing for the creating stack, where should be defined stack template in HOT format, parameters (if template has any parameters with no default value), and timeout of creating. After creating current stack will have remote stack.

Required Properties

template
Template that specifies the stack to be created as a resource.
String value expected.
Can be updated without replacement.

Optional Properties

context
Context for this stack.
Map value expected.
Updates cause replacement.
Map properties:
region_name
Required.
Region name in which this stack will be created.
String value expected.
Updates cause replacement.
parameters
Set of parameters passed to this stack.
Map value expected.
Can be updated without replacement.
Defaults to {}
timeout
Number of minutes to wait for this stack creation.
Integer value expected.
Can be updated without replacement.

Attributes

outputs
A dict of key-value pairs output from the stack.
show
Detailed information about resource.
stack_name
Name of the stack.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::Stack
    properties:
      context: {"region_name": String}
      parameters: {...}
      template: String
      timeout: Integer

OS::Heat::StructuredConfig

Available since 2014.1 (Icehouse)

A resource which has same logic with OS::Heat::SoftwareConfig.

This resource is like OS::Heat::SoftwareConfig except that the config property is represented by a Map rather than a String.

This is useful for configuration tools which use YAML or JSON as their configuration syntax. The resulting configuration is transferred, stored and returned by the software_configs API as parsed JSON.

Optional Properties

config
Map representing the configuration data structure which will be serialized to JSON format.
Map value expected.
Updates cause replacement.
group
Namespace to group this software config by when delivered to a server. This may imply what configuration tool is going to perform the configuration.
String value expected.
Updates cause replacement.
Defaults to "Heat::Ungrouped"
inputs
Schema representing the inputs that this software config is expecting.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
default
Optional.
Default value for the input if none is specified.
Any value expected.
Updates cause replacement.
description
Optional.
Description of the input.
String value expected.
Updates cause replacement.
name
Required.
Name of the input.
String value expected.
Updates cause replacement.
replace_on_change
Optional.
Replace the deployment instead of updating it when the input value changes.
Boolean value expected.
Updates cause replacement.
Defaults to false
type
Optional.
Type of the value of the input.
String value expected.
Updates cause replacement.
Defaults to "String"
Allowed values: String, Number, CommaDelimitedList, Json, Boolean
options
Map containing options specific to the configuration management tool used by this resource.
Map value expected.
Updates cause replacement.
outputs
Schema representing the outputs that this software config will produce.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
description
Optional.
Description of the output.
String value expected.
Updates cause replacement.
error_output
Optional.
Denotes that the deployment is in an error state if this output has a value.
Boolean value expected.
Updates cause replacement.
Defaults to false
name
Required.
Name of the output.
String value expected.
Updates cause replacement.
type
Optional.
Type of the value of the output.
String value expected.
Updates cause replacement.
Defaults to "String"
Allowed values: String, Number, CommaDelimitedList, Json, Boolean

Attributes

config
The config value of the software config.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::StructuredConfig
    properties:
      config: {...}
      group: String
      inputs: [{"type": String, "name": String, "replace_on_change": Boolean, "description": String, "default": Any}, {"type": String, "name": String, "replace_on_change": Boolean, "description": String, "default": Any}, ...]
      options: {...}
      outputs: [{"type": String, "name": String, "description": String, "error_output": Boolean}, {"type": String, "name": String, "description": String, "error_output": Boolean}, ...]

OS::Heat::StructuredDeployment

Available since 2014.1 (Icehouse)

A resource which has same logic with OS::Heat::SoftwareDeployment.

A deployment resource like OS::Heat::SoftwareDeployment, but which performs input value substitution on the config defined by a OS::Heat::StructuredConfig resource.

Some configuration tools have no concept of inputs, so the input value substitution needs to occur in the deployment resource. An example of this is the JSON metadata consumed by the cfn-init tool.

Where the config contains {get_input: input_name} this will be substituted with the value of input_name in this resource’s input_values. If get_input needs to be passed through to the substituted configuration then a different input_key property value can be specified.

Required Properties

server
ID of resource to apply configuration to. Normally this should be a Nova server ID.
String value expected.
Updates cause replacement.

Optional Properties

actions
Which lifecycle actions of the deployment resource will result in this deployment being triggered.
List value expected.
Can be updated without replacement.
Defaults to ["CREATE", "UPDATE"]
Allowed values: CREATE, UPDATE, DELETE, SUSPEND, RESUME
config
ID of software configuration resource to execute when applying to the server.
String value expected.
Can be updated without replacement.
input_key
Name of key to use for substituting inputs during deployment.
String value expected.
Updates cause replacement.
Defaults to "get_input"
input_values
Input values to apply to the software configuration on this server.
Map value expected.
Can be updated without replacement.
input_values_validate
Perform a check on the input values passed to verify that each required input has a corresponding value. When the property is set to STRICT and no value is passed, an exception is raised.
String value expected.
Updates cause replacement.
Defaults to "LAX"
Allowed values: LAX, STRICT
name
Name of the derived config associated with this deployment. This is used to apply a sort order to the list of configurations currently deployed to a server.
String value expected.
Can be updated without replacement.
signal_transport
How the server should signal to heat with the deployment output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL. TEMP_URL_SIGNAL will create a Swift TempURL to be signaled via HTTP PUT. HEAT_SIGNAL will allow calls to the Heat API resource-signal using the provided keystone credentials. ZAQAR_SIGNAL will create a dedicated zaqar queue to be signaled using the provided keystone credentials. NO_SIGNAL will result in the resource going to the COMPLETE state without waiting for any signal.
String value expected.
Updates cause replacement.
Defaults to "CFN_SIGNAL"
Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL, NO_SIGNAL, ZAQAR_SIGNAL

Attributes

deploy_status_code
Returned status code from the configuration execution.
deploy_stderr
Captured stderr from the configuration execution.
deploy_stdout
Captured stdout from the configuration execution.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::StructuredDeployment
    properties:
      actions: [Value, Value, ...]
      config: String
      input_key: String
      input_values: {...}
      input_values_validate: String
      name: String
      server: String
      signal_transport: String

OS::Heat::StructuredDeploymentGroup

Available since 5.0.0 (Liberty)

This resource associates a group of servers with some configuration.

This resource works similar as OS::Heat::SoftwareDeploymentGroup, but for structured resources.

Required Properties

servers
A map of names and server IDs to apply configuration to. The name is arbitrary and is used as the Heat resource name for the corresponding deployment.
Map value expected.
Can be updated without replacement.

Optional Properties

actions
Which lifecycle actions of the deployment resource will result in this deployment being triggered.
List value expected.
Can be updated without replacement.
Defaults to ["CREATE", "UPDATE"]
Allowed values: CREATE, UPDATE, DELETE, SUSPEND, RESUME
config
ID of software configuration resource to execute when applying to the server.
String value expected.
Can be updated without replacement.
input_key
Name of key to use for substituting inputs during deployment.
String value expected.
Updates cause replacement.
Defaults to "get_input"
input_values
Input values to apply to the software configuration on this server.
Map value expected.
Can be updated without replacement.
input_values_validate
Perform a check on the input values passed to verify that each required input has a corresponding value. When the property is set to STRICT and no value is passed, an exception is raised.
String value expected.
Updates cause replacement.
Defaults to "LAX"
Allowed values: LAX, STRICT
name
Name of the derived config associated with this deployment. This is used to apply a sort order to the list of configurations currently deployed to a server.
String value expected.
Can be updated without replacement.
signal_transport
How the server should signal to heat with the deployment output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL. TEMP_URL_SIGNAL will create a Swift TempURL to be signaled via HTTP PUT. HEAT_SIGNAL will allow calls to the Heat API resource-signal using the provided keystone credentials. ZAQAR_SIGNAL will create a dedicated zaqar queue to be signaled using the provided keystone credentials. NO_SIGNAL will result in the resource going to the COMPLETE state without waiting for any signal.
String value expected.
Updates cause replacement.
Defaults to "CFN_SIGNAL"
Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL, NO_SIGNAL, ZAQAR_SIGNAL

Attributes

deploy_status_codes
A map of Nova names and returned status code from the configuration execution.
deploy_stderrs
A map of Nova names and captured stderrs from the configuration execution to each server.
deploy_stdouts
A map of Nova names and captured stdouts from the configuration execution to each server.
show
Detailed information about resource.

update_policy

batch_create

Available since 7.0.0 (Newton)

Map value expected.
Updates cause replacement.
Map properties:
max_batch_size
Optional.
The maximum number of resources to create at once.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be at least 1.
pause_time
Optional.
The number of seconds to wait between batches.
Number value expected.
Updates cause replacement.
Defaults to 0
The value must be at least 0.
rolling_update

Available since 7.0.0 (Newton)

Map value expected.
Updates cause replacement.
Map properties:
max_batch_size
Optional.
The maximum number of deployments to replace at once.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be at least 1.
pause_time
Optional.
The number of seconds to wait between batches of updates.
Number value expected.
Updates cause replacement.
Defaults to 0
The value must be at least 0.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::StructuredDeploymentGroup
    properties:
      actions: [Value, Value, ...]
      config: String
      input_key: String
      input_values: {...}
      input_values_validate: String
      name: String
      servers: {...}
      signal_transport: String

OS::Heat::SwiftSignal

Available since 2014.2 (Juno)

Resource for handling signals received by SwiftSignalHandle.

This resource handles signals received by SwiftSignalHandle and is same as WaitCondition resource.

Required Properties

handle
URL of TempURL where resource will signal completion and optionally upload data.
String value expected.
Updates cause replacement.
timeout
The maximum number of seconds to wait for the resource to signal completion. Once the timeout is reached, creation of the signal resource will fail.
Number value expected.
Updates cause replacement.
The value must be in the range 1 to 43200.

Optional Properties

count
The number of success signals that must be received before the stack creation process continues.
Integer value expected.
Updates cause replacement.
Defaults to 1
The value must be in the range 1 to 1000.

Attributes

data
JSON data that was uploaded via the SwiftSignalHandle.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::SwiftSignal
    properties:
      count: Integer
      handle: String
      timeout: Number

OS::Heat::SwiftSignalHandle

Available since 2014.2 (Juno)

Resource for managing signals from Swift resources.

This resource is same as WaitConditionHandle, but designed for using by Swift resources.

Attributes

curl_cli
Convenience attribute, provides curl CLI command prefix, which can be used for signalling handle completion or failure. You can signal success by adding –data-binary ‘{“status”: “SUCCESS”}’ , or signal failure by adding –data-binary ‘{“status”: “FAILURE”}’.
endpoint
Endpoint/url which can be used for signalling handle.
show
Detailed information about resource.
token
Tokens are not needed for Swift TempURLs. This attribute is being kept for compatibility with the OS::Heat::WaitConditionHandle resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::SwiftSignalHandle

OS::Heat::TestResource

Available since 5.0.0 (Liberty)

A resource which stores the string value that was provided.

This resource is to be used only for testing. It has control knobs such as ‘update_replace’, ‘fail’, ‘wait_secs’.

Optional Properties

action_wait_secs
Options for simulating waiting.
Map value expected.
Can be updated without replacement.
Map properties:
create
Optional.
Seconds to wait after a create. Defaults to the global wait_secs.
Number value expected.
Can be updated without replacement.
delete
Optional.
Seconds to wait after a delete. Defaults to the global wait_secs.
Number value expected.
Can be updated without replacement.
update
Optional.
Seconds to wait after an update. Defaults to the global wait_secs.
Number value expected.
Can be updated without replacement.
attr_wait_secs

Available since 6.0.0 (Mitaka)

Number value for timeout during resolving output value.
Number value expected.
Can be updated without replacement.
Defaults to 0
client_name
Client to poll.
String value expected.
Can be updated without replacement.
Defaults to ""
constraint_prop_secs

Available since 6.0.0 (Mitaka)

Number value for delay during resolve constraint.
Number value expected.
Can be updated without replacement.
Defaults to 0
Value must be of type test_constr
entity_name
Client entity to poll.
String value expected.
Can be updated without replacement.
Defaults to ""
fail
Value which can be set to fail the resource operation to test failure scenarios.
Boolean value expected.
Can be updated without replacement.
Defaults to false
update_replace
Value which can be set to trigger update replace for the particular resource.
Boolean value expected.
Can be updated without replacement.
Defaults to false
update_replace_value

Available since 7.0.0 (Newton)

Some value that can be stored but can not be updated.
String value expected.
Updates cause replacement.
value
The input string to be stored.
String value expected.
Can be updated without replacement.
Defaults to "test_string"
wait_secs
Seconds to wait after an action (-1 is infinite).
Number value expected.
Can be updated without replacement.
Defaults to 0

Attributes

output
The string that was stored. This value is also available by referencing the resource.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::TestResource
    properties:
      action_wait_secs: {"delete": Number, "create": Number, "update": Number}
      attr_wait_secs: Number
      client_name: String
      constraint_prop_secs: Number
      entity_name: String
      fail: Boolean
      update_replace: Boolean
      update_replace_value: String
      value: String
      wait_secs: Number

OS::Heat::UpdateWaitConditionHandle

Available since 2014.1 (Icehouse)

WaitConditionHandle that clears signals and changes handle on update.

This works similarly to an AWS::CloudFormation::WaitConditionHandle, except that on update it clears all signals received and changes the handle. Using this handle means that you must setup the signal senders to send their signals again any time the update handle changes. This allows us to roll out new configurations and be confident that they are rolled out once UPDATE COMPLETE is reached.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::UpdateWaitConditionHandle

OS::Heat::Value

Available since 7.0.0 (Newton)

A resource which exposes its value property as an attribute.

This is useful for exposing a value that is a simple manipulation of other template parameters and/or other resources.

Required Properties

value
The expression to generate the “value” attribute.
Any value expected.
Can be updated without replacement.

Optional Properties

type
The type of the “value” property.
String value expected.
Can be updated without replacement.
Allowed values: string, number, comma_delimited_list, json, boolean

Attributes

show
Detailed information about resource.
value
The value generated by this resource’s properties “value” expression, with type determined from the properties “type”.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::Value
    properties:
      type: String
      value: Any

OS::Heat::WaitCondition

Available since 2014.2 (Juno)

Resource for handling signals received by WaitConditionHandle.

Resource takes WaitConditionHandle and starts to create. Resource is in CREATE_IN_PROGRESS status until WaitConditionHandle doesn’t receive sufficient number of successful signals (this number can be specified with count property) and successfully creates after that, or fails due to timeout.

Required Properties

handle
A reference to the wait condition handle used to signal this wait condition.
String value expected.
Updates cause replacement.
timeout
The number of seconds to wait for the correct number of signals to arrive.
Number value expected.
Updates cause replacement.
The value must be in the range 1 to 43200.

Optional Properties

count
The number of success signals that must be received before the stack creation process continues.
Integer value expected.
Can be updated without replacement.
Defaults to 1
The value must be at least 1.

Attributes

data
JSON string containing data associated with wait condition signals sent to the handle.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::WaitCondition
    properties:
      count: Integer
      handle: String
      timeout: Number

OS::Heat::WaitConditionHandle

Available since 2014.2 (Juno)

Resource for managing instance signals.

The main points of this resource are:
  • have no dependencies (so the instance can reference it).
  • create credentials to allow for signalling from the instance.
  • handle signals from the instance, validate and store result.

Optional Properties

signal_transport

Available since 6.0.0 (Mitaka)

How the client will signal the wait condition. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL. TEMP_URL_SIGNAL will create a Swift TempURL to be signalled via HTTP PUT. HEAT_SIGNAL will allow calls to the Heat API resource-signal using the provided keystone credentials. ZAQAR_SIGNAL will create a dedicated zaqar queue to be signalled using the provided keystone credentials. TOKEN_SIGNAL will allow and HTTP POST to a Heat API endpoint with the provided keystone token. NO_SIGNAL will result in the resource going to a signalled state without waiting for any signal.
String value expected.
Updates cause replacement.
Defaults to "TOKEN_SIGNAL"
Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL, NO_SIGNAL, ZAQAR_SIGNAL, TOKEN_SIGNAL

Attributes

curl_cli
Convenience attribute, provides curl CLI command prefix, which can be used for signalling handle completion or failure when signal_transport is set to TOKEN_SIGNAL. You can signal success by adding –data-binary ‘{“status”: “SUCCESS”}’ , or signal failure by adding –data-binary ‘{“status”: “FAILURE”}’. This attribute is set to None for all other signal transports.
endpoint
Endpoint/url which can be used for signalling handle when signal_transport is set to TOKEN_SIGNAL. None for all other signal transports.
show
Detailed information about resource.
signal
JSON serialized map that includes the endpoint, token and/or other attributes the client must use for signalling this handle. The contents of this map depend on the type of signal selected in the signal_transport property.
token
Token for stack-user which can be used for signalling handle when signal_transport is set to TOKEN_SIGNAL. None for all other signal transports.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Heat::WaitConditionHandle
    properties:
      signal_transport: String

OS::Keystone::Domain

Available since 8.0.0 (Ocata) - Supported versions: keystone v3

Heat Template Resource for Keystone Domain.

This plug-in helps to create, update and delete a keystone domain. Also it can be used for enable or disable a given keystone domain.

Optional Properties

description
Description of keystone domain.
String value expected.
Can be updated without replacement.
enabled
This domain is enabled or disabled.
Boolean value expected.
Can be updated without replacement.
Defaults to true
name
The name of the domain.
String value expected.
Can be updated without replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::Domain
    properties:
      description: String
      enabled: Boolean
      name: String

OS::Keystone::Endpoint

Available since 5.0.0 (Liberty) - Supported versions: keystone v3

Heat Template Resource for Keystone Service Endpoint.

Keystone endpoint is just the URL that can be used for accessing a service within OpenStack. Endpoint can be accessed by admin, by services or public, i.e. everyone can use this endpoint.

Required Properties

interface
Interface type of keystone service endpoint.
String value expected.
Can be updated without replacement.
Allowed values: public, internal, admin
service
Name or Id of keystone service.
String value expected.
Can be updated without replacement.
Value must be of type keystone.service
url
URL of keystone service endpoint.
String value expected.
Can be updated without replacement.

Optional Properties

enabled

Available since 6.0.0 (Mitaka)

This endpoint is enabled or disabled.
Boolean value expected.
Can be updated without replacement.
Defaults to true
name
Name of keystone endpoint.
String value expected.
Can be updated without replacement.
region
Name or Id of keystone region.
String value expected.
Can be updated without replacement.
Value must be of type keystone.region

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::Endpoint
    properties:
      enabled: Boolean
      interface: String
      name: String
      region: String
      service: String
      url: String

OS::Keystone::Group

Available since 2015.1 (Kilo) - Supported versions: keystone v3

Heat Template Resource for Keystone Group.

Groups are a container representing a collection of users. A group itself must be owned by a specific domain, and hence all group names are not globally unique, but only unique to their domain.

Optional Properties

description
Description of keystone group.
String value expected.
Can be updated without replacement.
Defaults to ""
domain
Name or id of keystone domain.
String value expected.
Can be updated without replacement.
Defaults to "default"
Value must be of type keystone.domain
name
Name of keystone group.
String value expected.
Can be updated without replacement.
roles
List of role assignments.
List value expected.
Can be updated without replacement.
List contents:
Map between role with either project or domain.
Map value expected.
Can be updated without replacement.
Map properties:
domain
Optional.
Keystone domain.
String value expected.
Can be updated without replacement.
Value must be of type keystone.domain
project
Optional.
Keystone project.
String value expected.
Can be updated without replacement.
Value must be of type keystone.project
role
Required.
Keystone role.
String value expected.
Can be updated without replacement.
Value must be of type keystone.role

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::Group
    properties:
      description: String
      domain: String
      name: String
      roles: [{"role": String, "project": String, "domain": String}, {"role": String, "project": String, "domain": String}, ...]

OS::Keystone::GroupRoleAssignment

Available since 5.0.0 (Liberty) - Supported versions: keystone v3

Resource for granting roles to a group.

Resource for specifying groups and their’s roles.

Required Properties

group
Name or id of keystone group.
String value expected.
Can be updated without replacement.
Value must be of type keystone.group

Optional Properties

roles
List of role assignments.
List value expected.
Can be updated without replacement.
List contents:
Map between role with either project or domain.
Map value expected.
Can be updated without replacement.
Map properties:
domain
Optional.
Keystone domain.
String value expected.
Can be updated without replacement.
Value must be of type keystone.domain
project
Optional.
Keystone project.
String value expected.
Can be updated without replacement.
Value must be of type keystone.project
role
Required.
Keystone role.
String value expected.
Can be updated without replacement.
Value must be of type keystone.role

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::GroupRoleAssignment
    properties:
      group: String
      roles: [{"role": String, "project": String, "domain": String}, {"role": String, "project": String, "domain": String}, ...]

OS::Keystone::Project

Available since 2015.1 (Kilo) - Supported versions: keystone v3

Heat Template Resource for Keystone Project.

Projects represent the base unit of ownership in OpenStack, in that all resources in OpenStack should be owned by a specific project. A project itself must be owned by a specific domain, and hence all project names are not globally unique, but unique to their domain. If the domain for a project is not specified, then it is added to the default domain.

Optional Properties

description
Description of keystone project.
String value expected.
Can be updated without replacement.
Defaults to ""
domain
Name or id of keystone domain.
String value expected.
Can be updated without replacement.
Defaults to "default"
Value must be of type keystone.domain
enabled
This project is enabled or disabled.
Boolean value expected.
Can be updated without replacement.
Defaults to true
name
Name of keystone project.
String value expected.
Can be updated without replacement.
parent

Available since 6.0.0 (Mitaka)

The name or ID of parent of this keystone project in hierarchy.
String value expected.
Updates cause replacement.
Value must be of type keystone.project
tags

Available since 10.0.0 (Queens)

A list of tags for labeling and sorting projects.
List value expected.
Can be updated without replacement.
Defaults to []

Attributes

domain_id

Available since 10.0.0 (Queens)

Domain id for project.

enabled

Available since 10.0.0 (Queens)

Flag of enable project.

is_domain

Available since 10.0.0 (Queens)

Indicates whether the project also acts as a domain.

name

Available since 10.0.0 (Queens)

Project name.

parent_id

Available since 10.0.0 (Queens)

Parent project id.

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::Project
    properties:
      description: String
      domain: String
      enabled: Boolean
      name: String
      parent: String
      tags: [Value, Value, ...]

OS::Keystone::Region

Available since 6.0.0 (Mitaka) - Supported versions: keystone v3

Heat Template Resource for Keystone Region.

This plug-in helps to create, update and delete a keystone region. Also it can be used for enable or disable a given keystone region.

Optional Properties

description
Description of keystone region.
String value expected.
Can be updated without replacement.
enabled
This region is enabled or disabled.
Boolean value expected.
Can be updated without replacement.
Defaults to true
id
The user-defined region ID and should unique to the OpenStack deployment. While creating the region, heat will url encode this ID.
String value expected.
Updates cause replacement.
parent_region
If the region is hierarchically a child of another region, set this parameter to the ID of the parent region.
String value expected.
Can be updated without replacement.
Value must be of type keystone.region

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::Region
    properties:
      description: String
      enabled: Boolean
      id: String
      parent_region: String

OS::Keystone::Role

Available since 2015.1 (Kilo) - Supported versions: keystone v3

Heat Template Resource for Keystone Role.

Roles dictate the level of authorization the end user can obtain. Roles can be granted at either the domain or project level. Role can be assigned to the individual user or at the group level. Role name is unique within the owning domain.

Optional Properties

domain

Available since 10.0.0 (Queens)

Name or id of keystone domain.
String value expected.
Updates cause replacement.
Defaults to "default"
Value must be of type keystone.domain
name
Name of keystone role.
String value expected.
Can be updated without replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::Role
    properties:
      domain: String
      name: String

OS::Keystone::Service

Available since 5.0.0 (Liberty) - Supported versions: keystone v3

Heat Template Resource for Keystone Service.

A resource that allows to create new service and manage it by Keystone.

Required Properties

type
Type of keystone Service.
String value expected.
Can be updated without replacement.

Optional Properties

description
Description of keystone service.
String value expected.
Can be updated without replacement.
enabled

Available since 6.0.0 (Mitaka)

This service is enabled or disabled.
Boolean value expected.
Can be updated without replacement.
Defaults to true
name
Name of keystone service.
String value expected.
Can be updated without replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::Service
    properties:
      description: String
      enabled: Boolean
      name: String
      type: String

OS::Keystone::User

Available since 2015.1 (Kilo) - Supported versions: keystone v3

Heat Template Resource for Keystone User.

Users represent an individual API consumer. A user itself must be owned by a specific domain, and hence all user names are not globally unique, but only unique to their domain.

Optional Properties

default_project
Name or ID of default project of keystone user.
String value expected.
Can be updated without replacement.
Value must be of type keystone.project
description
Description of keystone user.
String value expected.
Can be updated without replacement.
Defaults to ""
domain
Name or ID of keystone domain.
String value expected.
Can be updated without replacement.
Defaults to "default"
Value must be of type keystone.domain
email
Email address of keystone user.
String value expected.
Can be updated without replacement.
enabled
Keystone user is enabled or disabled.
Boolean value expected.
Can be updated without replacement.
Defaults to true
groups
Keystone user groups.
List value expected.
Can be updated without replacement.
List contents:
Optional.
Keystone user group.
String value expected.
Can be updated without replacement.
Value must be of type keystone.group
name
Name of keystone user.
String value expected.
Can be updated without replacement.
password
Password of keystone user.
String value expected.
Can be updated without replacement.
roles
List of role assignments.
List value expected.
Can be updated without replacement.
List contents:
Map between role with either project or domain.
Map value expected.
Can be updated without replacement.
Map properties:
domain
Optional.
Keystone domain.
String value expected.
Can be updated without replacement.
Value must be of type keystone.domain
project
Optional.
Keystone project.
String value expected.
Can be updated without replacement.
Value must be of type keystone.project
role
Required.
Keystone role.
String value expected.
Can be updated without replacement.
Value must be of type keystone.role

Attributes

default_project_id

Available since 9.0.0 (Pike)

Default project id for user.

domain_id

Available since 9.0.0 (Pike)

Domain id for user.

enabled

Available since 9.0.0 (Pike)

Flag of enable user.

name

Available since 9.0.0 (Pike)

User name.

password_expires_at

Available since 9.0.0 (Pike)

Show user password expiration time.

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::User
    properties:
      default_project: String
      description: String
      domain: String
      email: String
      enabled: Boolean
      groups: [String, String, ...]
      name: String
      password: String
      roles: [{"role": String, "project": String, "domain": String}, {"role": String, "project": String, "domain": String}, ...]

OS::Keystone::UserRoleAssignment

Available since 5.0.0 (Liberty) - Supported versions: keystone v3

Resource for granting roles to a user.

Resource for specifying users and their’s roles.

Required Properties

user
Name or id of keystone user.
String value expected.
Can be updated without replacement.
Value must be of type keystone.user

Optional Properties

roles
List of role assignments.
List value expected.
Can be updated without replacement.
List contents:
Map between role with either project or domain.
Map value expected.
Can be updated without replacement.
Map properties:
domain
Optional.
Keystone domain.
String value expected.
Can be updated without replacement.
Value must be of type keystone.domain
project
Optional.
Keystone project.
String value expected.
Can be updated without replacement.
Value must be of type keystone.project
role
Required.
Keystone role.
String value expected.
Can be updated without replacement.
Value must be of type keystone.role

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Keystone::UserRoleAssignment
    properties:
      roles: [{"role": String, "project": String, "domain": String}, {"role": String, "project": String, "domain": String}, ...]
      user: String

OS::Magnum::Cluster

Available since 9.0.0 (Pike)

A resource that creates a magnum cluster.

This resource creates a magnum cluster, which is a collection of node objects where work is scheduled.

Required Properties

cluster_template
The name or ID of the cluster template.
String value expected.
Updates cause replacement.
Value must be of type magnum.cluster_template

Optional Properties

create_timeout
Timeout for creating the cluster in minutes. Set to 0 for no timeout.
Integer value expected.
Can be updated without replacement.
Defaults to 60
The value must be at least 0.
discovery_url
Specifies a custom discovery url for node discovery.
String value expected.
Can be updated without replacement.
keypair
The name of the keypair. If not presented, use keypair in cluster template.
String value expected.
Updates cause replacement.
Value must be of type nova.keypair
master_count
The number of master nodes for this cluster.
Integer value expected.
Can be updated without replacement.
Defaults to 1
The value must be at least 1.
name
The cluster name.
String value expected.
Updates cause replacement.
node_count
The node count for this cluster.
Integer value expected.
Can be updated without replacement.
Defaults to 1
The value must be at least 1.

Attributes

api_address
The endpoint URL of COE API exposed to end-users.
cluster_template_id
The UUID of the cluster template.
coe_version
Version info of chosen COE in cluster for helping client in picking the right version of client.
container_version
Version info of constainer engine in the chosen COE in cluster for helping client in picking the right version of client.
create_timeout
The timeout for cluster creation in minutes.
discovery_url
The custom discovery url for node discovery.
keypair
The name of the keypair.
master_addresses
List of floating IP of all master nodes.
master_count
The number of servers that will serve as master for the cluster.
name
Name of the resource.
node_addresses
List of floating IP of all servers that serve as node.
node_count
The number of servers that will serve as node in the cluster.
show
Detailed information about resource.
stack_id
The reference UUID of orchestration stack for this COE cluster.
status
The status for this COE cluster.
status_reason
The reason of cluster current status.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Magnum::Cluster
    properties:
      cluster_template: String
      create_timeout: Integer
      discovery_url: String
      keypair: String
      master_count: Integer
      name: String
      node_count: Integer

OS::Magnum::ClusterTemplate

Available since 9.0.0 (Pike)

A resource for the ClusterTemplate in Magnum.

ClusterTemplate is an object that stores template information about the cluster which is used to create new clusters consistently.

Required Properties

coe
The Container Orchestration Engine for cluster.
String value expected.
Updates cause replacement.
Allowed values: kubernetes, swarm, mesos
external_network
The external neutron network name or UUID to attach the Cluster.
String value expected.
Updates cause replacement.
Value must be of type neutron.network
image
The image name or UUID to use as a base image for cluster.
String value expected.
Updates cause replacement.
Value must be of type glance.image

Optional Properties

dns_nameserver
The DNS nameserver address.
String value expected.
Updates cause replacement.
Value must be of type ip_addr
docker_storage_driver
Select a docker storage driver.
String value expected.
Updates cause replacement.
Defaults to "devicemapper"
Allowed values: devicemapper, overlay
docker_volume_size
The size in GB of the docker volume.
Integer value expected.
Updates cause replacement.
The value must be at least 1.
fixed_network
The fixed neutron network name or UUID to attach the Cluster.
String value expected.
Updates cause replacement.
Value must be of type neutron.network
fixed_subnet
The fixed neutron subnet name or UUID to attach the Cluster.
String value expected.
Updates cause replacement.
Value must be of type neutron.subnet
flavor
The nova flavor name or UUID to use when launching the cluster.
String value expected.
Updates cause replacement.
Value must be of type nova.flavor
floating_ip_enabled
Indicates whether created clusters should have a floating ip or not.
Boolean value expected.
Updates cause replacement.
Defaults to true
http_proxy
The http_proxy address to use for nodes in cluster.
String value expected.
Updates cause replacement.
https_proxy
The https_proxy address to use for nodes in cluster.
String value expected.
Updates cause replacement.
keypair
The name of the SSH keypair to load into the cluster nodes.
String value expected.
Updates cause replacement.
Value must be of type nova.keypair
labels
Arbitrary labels in the form of key=value pairs to associate with cluster.
Map value expected.
Updates cause replacement.
master_flavor
The nova flavor name or UUID to use when launching the master node of the cluster.
String value expected.
Updates cause replacement.
Value must be of type nova.flavor
master_lb_enabled
Indicates whether created clusters should have a load balancer for master nodes or not.
Boolean value expected.
Updates cause replacement.
Defaults to true
name
The cluster template name.
String value expected.
Updates cause replacement.
network_driver
The name of the driver used for instantiating container networks. By default, Magnum will choose the pre-configured network driver based on COE type.
String value expected.
Updates cause replacement.
no_proxy
A comma separated list of addresses for which proxies should not be used in the cluster.
String value expected.
Updates cause replacement.
public
Make the cluster template public. To enable this option, you must own the right to publish in magnum. Which default set to admin only.
Boolean value expected.
Can be updated without replacement.
Defaults to false
registry_enabled
Enable the docker registry in the cluster.
Boolean value expected.
Updates cause replacement.
Defaults to false
server_type
Specify the server type to be used.
String value expected.
Updates cause replacement.
Defaults to "vm"
Allowed values: vm, bm
tls_disabled
Disable TLS in the cluster.
Boolean value expected.
Updates cause replacement.
Defaults to false
volume_driver
The volume driver name for instantiating container volume.
String value expected.
Updates cause replacement.
Allowed values: cinder, rexray

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Magnum::ClusterTemplate
    properties:
      coe: String
      dns_nameserver: String
      docker_storage_driver: String
      docker_volume_size: Integer
      external_network: String
      fixed_network: String
      fixed_subnet: String
      flavor: String
      floating_ip_enabled: Boolean
      http_proxy: String
      https_proxy: String
      image: String
      keypair: String
      labels: {...}
      master_flavor: String
      master_lb_enabled: Boolean
      name: String
      network_driver: String
      no_proxy: String
      public: Boolean
      registry_enabled: Boolean
      server_type: String
      tls_disabled: Boolean
      volume_driver: String

OS::Manila::SecurityService

Available since 5.0.0 (Liberty)

A resource that implements security service of Manila.

A security_service is a set of options that defines a security domain for a particular shared filesystem protocol, such as an Active Directory domain or a Kerberos domain.

Required Properties

type
Security service type.
String value expected.
Updates cause replacement.
Allowed values: ldap, kerberos, active_directory

Optional Properties

description
Security service description.
String value expected.
Can be updated without replacement.
dns_ip
DNS IP address used inside tenant’s network.
String value expected.
Can be updated without replacement.
domain
Security service domain.
String value expected.
Can be updated without replacement.
name
Security service name.
String value expected.
Can be updated without replacement.
password
Password used by user.
String value expected.
Can be updated without replacement.
server
Security service IP address or hostname.
String value expected.
Can be updated without replacement.
user
Security service user or group used by tenant.
String value expected.
Can be updated without replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Manila::SecurityService
    properties:
      description: String
      dns_ip: String
      domain: String
      name: String
      password: String
      server: String
      type: String
      user: String

OS::Manila::Share

Available since 5.0.0 (Liberty)

A resource that creates shared mountable file system.

The resource creates a manila share - shared mountable filesystem that can be attached to any client(or clients) that has a network access and permission to mount filesystem. Share is a unit of storage with specific size that supports pre-defined share protocol and advanced security model (access lists, share networks and security services).

Required Properties

share_protocol
Share protocol supported by shared filesystem.
String value expected.
Updates cause replacement.
Allowed values: NFS, CIFS, GlusterFS, HDFS, CEPHFS
size
Share storage size in GB.
Integer value expected.
Updates cause replacement.

Optional Properties

access_rules
A list of access rules that define access from IP to Share.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
access_level
Optional.
Level of access that need to be provided for guest.
String value expected.
Can be updated without replacement.
Allowed values: ro, rw
access_to
Required.
IP or other address information about guest that allowed to access to Share.
String value expected.
Can be updated without replacement.
access_type
Required.
Type of access that should be provided to guest.
String value expected.
Can be updated without replacement.
Allowed values: ip, user, cert, cephx
description
Share description.
String value expected.
Can be updated without replacement.
is_public
Defines if shared filesystem is public or private.
Boolean value expected.
Can be updated without replacement.
Defaults to false
metadata
Metadata key-values defined for share.
Map value expected.
Can be updated without replacement.
name
Share name.
String value expected.
Can be updated without replacement.
share_network
Name or ID of shared network defined for shared filesystem.
String value expected.
Updates cause replacement.
Value must be of type manila.share_network
share_type
Name or ID of shared filesystem type. Types defines some share filesystem profiles that will be used for share creation.
String value expected.
Updates cause replacement.
Value must be of type manila.share_type
snapshot
Name or ID of shared file system snapshot that will be restored and created as a new share.
String value expected.
Updates cause replacement.
Value must be of type manila.share_snapshot

Attributes

availability_zone
The availability zone of shared filesystem.
created_at
Datetime when a share was created.
export_locations
Export locations of share.
host
Share host.
project_id
Share project ID.
share_server_id
ID of server (VM, etc…) on host that is used for exporting network file-system.
show
Detailed information about resource.
status
Current share status.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Manila::Share
    properties:
      access_rules: [{"access_to": String, "access_type": String, "access_level": String}, {"access_to": String, "access_type": String, "access_level": String}, ...]
      description: String
      is_public: Boolean
      metadata: {...}
      name: String
      share_network: String
      share_protocol: String
      share_type: String
      size: Integer
      snapshot: String

OS::Manila::ShareNetwork

Available since 5.0.0 (Liberty)

A resource that stores network information for share servers.

Stores network information that will be used by share servers, where shares are hosted.

Optional Properties

description
Share network description.
String value expected.
Can be updated without replacement.
name
Name of the share network.
String value expected.
Can be updated without replacement.
neutron_network
Neutron network id.
String value expected.
Can be updated without replacement.
Value must be of type neutron.network
neutron_subnet
Neutron subnet id.
String value expected.
Can be updated without replacement.
Value must be of type neutron.subnet
nova_network
Nova network id.
String value expected.
Can be updated without replacement.
security_services
A list of security services IDs or names.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.

Attributes

cidr
CIDR of subnet.
ip_version
Version of IP address.
network_type
The physical mechanism by which the virtual network is implemented.
segmentation_id
VLAN ID for VLAN networks or tunnel-id for GRE/VXLAN networks.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Manila::ShareNetwork
    properties:
      description: String
      name: String
      neutron_network: String
      neutron_subnet: String
      nova_network: String
      security_services: [String, String, ...]

OS::Manila::ShareType

Available since 5.0.0 (Liberty)

A resource for creating manila share type.

A share_type is an administrator-defined “type of service”, comprised of a tenant visible description, and a list of non-tenant-visible key/value pairs (extra_specs) which the Manila scheduler uses to make scheduling decisions for shared filesystem tasks.

Please note that share type is intended to use mostly by administrators. So it is very likely that Manila will prohibit creation of the resource without administration grants.

Required Properties

driver_handles_share_servers
Required extra specification. Defines if share drivers handles share servers.
Boolean value expected.
Updates cause replacement.
name
Name of the share type.
String value expected.
Updates cause replacement.

Optional Properties

extra_specs
Extra specs key-value pairs defined for share type.
Map value expected.
Can be updated without replacement.
is_public
Defines if share type is accessible to the public.
Boolean value expected.
Updates cause replacement.
Defaults to true
snapshot_support

Available since 6.0.0 (Mitaka)

Boolean extra spec that used for filtering of backends by their capability to create share snapshots.
Boolean value expected.
Updates cause replacement.
Defaults to true

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Manila::ShareType
    properties:
      driver_handles_share_servers: Boolean
      extra_specs: {...}
      is_public: Boolean
      name: String
      snapshot_support: Boolean

OS::Mistral::CronTrigger

Available since 5.0.0 (Liberty)

A resource implements Mistral cron trigger.

Cron trigger is an object allowing to run workflow on a schedule. User specifies what workflow with what input needs to be run and also specifies how often it should be run. Pattern property is used to describe the frequency of workflow execution.

Required Properties

workflow
Workflow to execute.
Map value expected.
Updates cause replacement.
Map properties:
input
Input values for the workflow.
Map value expected.
Updates cause replacement.
name
Required.
Name or ID of the workflow.
String value expected.
Updates cause replacement.
Value must be of type mistral.workflow

Optional Properties

count
Remaining executions.
Integer value expected.
Updates cause replacement.
first_time
Time of the first execution in format “YYYY-MM-DD HH:MM”.
String value expected.
Updates cause replacement.
name
Name of the cron trigger.
String value expected.
Updates cause replacement.
pattern
Cron expression.
String value expected.
Updates cause replacement.
Value must be of type cron_expression

Attributes

next_execution_time
Time of the next execution in format “YYYY-MM-DD HH:MM:SS”.
remaining_executions
Number of remaining executions.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Mistral::CronTrigger
    properties:
      count: Integer
      first_time: String
      name: String
      pattern: String
      workflow: {"name": String, "input": {...}}

OS::Mistral::ExternalResource

Available since 9.0.0 (Pike)

A plugin for managing user-defined resources via Mistral workflows.

This resource allows users to manage resources that are not known to Heat. The user may specify a Mistral workflow to handle each resource action, such as CREATE, UPDATE, or DELETE.

The workflows may return an output named ‘resource_id’, which will be treated as the physical ID of the resource by Heat.

Once the resource is created, subsequent workflow runs will receive the output of the last workflow execution in the ‘heat_extresource_data’ key in the workflow environment (accessible as env().heat_extresource_data in the workflow).

The template author may specify a subset of inputs as causing replacement of the resource when they change, as an alternative to running the UPDATE workflow.

Required Properties

actions
Resource action which triggers a workflow execution.
Map value expected.
Updates cause replacement.
Map properties:
CREATE
Dictionary which defines the workflow to run and its params.
Map value expected.
Updates cause replacement.
Map properties:
params
Workflow additional parameters. If workflow is reverse typed, params requires “task_name”, which defines initial task.
Map value expected.
Updates cause replacement.
Defaults to {}
workflow
Required.
Workflow to execute.
String value expected.
Updates cause replacement.
Value must be of type mistral.workflow
DELETE
Dictionary which defines the workflow to run and its params.
Map value expected.
Updates cause replacement.
Map properties:
params
Workflow additional parameters. If workflow is reverse typed, params requires “task_name”, which defines initial task.
Map value expected.
Updates cause replacement.
Defaults to {}
workflow
Required.
Workflow to execute.
String value expected.
Updates cause replacement.
Value must be of type mistral.workflow
RESUME
Dictionary which defines the workflow to run and its params.
Map value expected.
Updates cause replacement.
Map properties:
params
Workflow additional parameters. If workflow is reverse typed, params requires “task_name”, which defines initial task.
Map value expected.
Updates cause replacement.
Defaults to {}
workflow
Required.
Workflow to execute.
String value expected.
Updates cause replacement.
Value must be of type mistral.workflow
SUSPEND
Dictionary which defines the workflow to run and its params.
Map value expected.
Updates cause replacement.
Map properties:
params
Workflow additional parameters. If workflow is reverse typed, params requires “task_name”, which defines initial task.
Map value expected.
Updates cause replacement.
Defaults to {}
workflow
Required.
Workflow to execute.
String value expected.
Updates cause replacement.
Value must be of type mistral.workflow
UPDATE
Dictionary which defines the workflow to run and its params.
Map value expected.
Updates cause replacement.
Map properties:
params
Workflow additional parameters. If workflow is reverse typed, params requires “task_name”, which defines initial task.
Map value expected.
Updates cause replacement.
Defaults to {}
workflow
Required.
Workflow to execute.
String value expected.
Updates cause replacement.
Value must be of type mistral.workflow

Optional Properties

always_update
Triggers UPDATE action execution even if input is unchanged.
Boolean value expected.
Updates cause replacement.
Defaults to false
description
Workflow execution description.
String value expected.
Updates cause replacement.
Defaults to "Heat managed"
input
Dictionary which contains input for the workflows.
Map value expected.
Can be updated without replacement.
Defaults to {}
replace_on_change_inputs
A list of inputs that should cause the resource to be replaced when their values change.
List value expected.
Updates cause replacement.
Defaults to []

Attributes

output
Output from the execution.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Mistral::ExternalResource
    properties:
      actions: {"CREATE": {"workflow": String, "params": {...}}, "SUSPEND": {"workflow": String, "params": {...}}, "UPDATE": {"workflow": String, "params": {...}}, "DELETE": {"workflow": String, "params": {...}}, "RESUME": {"workflow": String, "params": {...}}}
      always_update: Boolean
      description: String
      input: {...}
      replace_on_change_inputs: [Value, Value, ...]

OS::Mistral::Workflow

Available since 2015.1 (Kilo)

A resource that implements Mistral workflow.

Workflow represents a process that can be described in a various number of ways and that can do some job interesting to the end user. Each workflow consists of tasks (at least one) describing what exact steps should be made during workflow execution.

For detailed description how to use Workflow, read Mistral documentation.

Required Properties

tasks
Dictionary containing workflow tasks.
List value expected.
Can be updated without replacement.
The length must be at least 1.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
action
Optional.
Name of the action associated with the task. Either action or workflow may be defined in the task.
String value expected.
Can be updated without replacement.
concurrency

Available since 8.0.0 (Ocata)

Optional.
Defines a max number of actions running simultaneously in a task. Applicable only for tasks that have with-items.
Integer value expected.
Can be updated without replacement.
description
Optional.
Task description.
String value expected.
Can be updated without replacement.
input
Actual input parameter values of the task.
Map value expected.
Can be updated without replacement.
join

Available since 6.0.0 (Mitaka)

Optional.
Allows to synchronize multiple parallel workflow branches and aggregate their data. Valid inputs: all - the task will run only if all upstream tasks are completed. Any numeric value - then the task will run once at least this number of upstream tasks are completed and corresponding conditions have triggered.
String value expected.
Can be updated without replacement.
keep_result

Available since 5.0.0 (Liberty)

Optional.
Allowing not to store action results after task completion.
Boolean value expected.
Can be updated without replacement.
name
Required.
Task name.
String value expected.
Can be updated without replacement.
on_error
List of tasks which will run after the task has completed with an error.
List value expected.
Can be updated without replacement.
on_success
List of tasks which will run after the task has completed successfully.
List value expected.
Can be updated without replacement.
publish
Dictionary of variables to publish to the workflow context.
Map value expected.
Can be updated without replacement.
requires
List of tasks which should be executed before this task. Used only in reverse workflows.
List value expected.
Can be updated without replacement.
retry

Available since 5.0.0 (Liberty)

Defines a pattern how task should be repeated in case of an error.
Map value expected.
Can be updated without replacement.
on_complete
List of tasks which will run after the task has completed regardless of whether it is successful or not.
List value expected.
Can be updated without replacement.
pause_before

Available since 5.0.0 (Liberty)

Optional.
Defines whether Mistral Engine should put the workflow on hold or not before starting a task.
Boolean value expected.
Can be updated without replacement.
target

Available since 5.0.0 (Liberty)

Optional.
It defines an executor to which task action should be sent to.
String value expected.
Can be updated without replacement.
timeout

Available since 5.0.0 (Liberty)

Optional.
Defines a period of time in seconds after which a task will be failed automatically by engine if hasn’t completed.
Integer value expected.
Can be updated without replacement.
wait_after

Available since 5.0.0 (Liberty)

Optional.
Defines a delay in seconds that Mistral Engine should wait after a task has completed before starting next tasks defined in on-success, on-error or on-complete.
Integer value expected.
Can be updated without replacement.
wait_before

Available since 5.0.0 (Liberty)

Optional.
Defines a delay in seconds that Mistral Engine should wait before starting a task.
Integer value expected.
Can be updated without replacement.
with_items

Available since 5.0.0 (Liberty)

Optional.
If configured, it allows to run action or workflow associated with a task multiple times on a provided list of items.
String value expected.
Can be updated without replacement.
workflow
Optional.
Name of the workflow associated with the task. Can be defined by intrinsic function get_resource or by name of the referenced workflow, i.e. { workflow: wf_name } or { workflow: { get_resource: wf_name }}. Either action or workflow may be defined in the task.
String value expected.
Can be updated without replacement.
Value must be of type mistral.workflow
type
Workflow type.
String value expected.
Can be updated without replacement.
Allowed values: direct, reverse

Optional Properties

description
Workflow description.
String value expected.
Can be updated without replacement.
input
Dictionary which contains input for workflow.
Map value expected.
Can be updated without replacement.
name
Workflow name.
String value expected.
Updates cause replacement.
output
Any data structure arbitrarily containing YAQL expressions that defines workflow output. May be nested.
Map value expected.
Can be updated without replacement.
params
Workflow additional parameters. If Workflow is reverse typed, params requires ‘task_name’, which defines initial task.
Map value expected.
Can be updated without replacement.
tags

Available since 10.0.0 (Queens)

List of tags to set on the workflow.
List value expected.
Can be updated without replacement.
task_defaults

Available since 5.0.0 (Liberty)

Default settings for some of task attributes defined at workflow level.
Map value expected.
Can be updated without replacement.
Map properties:
concurrency

Available since 8.0.0 (Ocata)

Optional.
Defines a max number of actions running simultaneously in a task. Applicable only for tasks that have with-items.
Integer value expected.
Can be updated without replacement.
on_complete
List of tasks which will run after the task has completed regardless of whether it is successful or not.
List value expected.
Can be updated without replacement.
on_error
List of tasks which will run after the task has completed with an error.
List value expected.
Can be updated without replacement.
on_success
List of tasks which will run after the task has completed successfully.
List value expected.
Can be updated without replacement.
pause_before
Optional.
Defines whether Mistral Engine should put the workflow on hold or not before starting a task.
Boolean value expected.
Can be updated without replacement.
requires
List of tasks which should be executed before this task. Used only in reverse workflows.
List value expected.
Can be updated without replacement.
retry
Defines a pattern how task should be repeated in case of an error.
Map value expected.
Can be updated without replacement.
timeout
Optional.
Defines a period of time in seconds after which a task will be failed automatically by engine if hasn’t completed.
Integer value expected.
Can be updated without replacement.
wait_after
Optional.
Defines a delay in seconds that Mistral Engine should wait after a task has completed before starting next tasks defined in on-success, on-error or on-complete.
Integer value expected.
Can be updated without replacement.
wait_before
Optional.
Defines a delay in seconds that Mistral Engine should wait before starting a task.
Integer value expected.
Can be updated without replacement.
use_request_body_as_input

Available since 6.0.0 (Mitaka)

Defines the method in which the request body for signaling a workflow would be parsed. In case this property is set to True, the body would be parsed as a simple json where each key is a workflow input, in other cases body would be parsed expecting a specific json format with two keys: “input” and “params”.
Boolean value expected.
Can be updated without replacement.

Attributes

alarm_url
A signed url to create executions for workflows specified in Workflow resource.
data
A dictionary which contains name and input of the workflow.
executions
List of workflows’ executions, each of them is a dictionary with information about execution. Each dictionary returns values for next keys: id, workflow_name, created_at, updated_at, state for current execution state, input, output.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Mistral::Workflow
    properties:
      description: String
      input: {...}
      name: String
      output: {...}
      params: {...}
      tags: [Value, Value, ...]
      task_defaults: {"on_success": [Value, Value, ...], "on_complete": [Value, Value, ...], "pause_before": Boolean, "retry": {...}, "concurrency": Integer, "wait_after": Integer, "timeout": Integer, "on_error": [Value, Value, ...], "requires": [Value, Value, ...], "wait_before": Integer}
      tasks: [{"wait_after": Integer, "on_complete": [Value, Value, ...], "policies": {...}, "action": String, "with_items": String, "name": String, "description": String, "publish": {...}, "on_error": [Value, Value, ...], "on_success": [Value, Value, ...], "join": String, "input": {...}, "keep_result": Boolean, "timeout": Integer, "retry": {...}, "concurrency": Integer, "pause_before": Boolean, "workflow": String, "target": String, "wait_before": Integer, "requires": [Value, Value, ...]}, {"wait_after": Integer, "on_complete": [Value, Value, ...], "policies": {...}, "action": String, "with_items": String, "name": String, "description": String, "publish": {...}, "on_error": [Value, Value, ...], "on_success": [Value, Value, ...], "join": String, "input": {...}, "keep_result": Boolean, "timeout": Integer, "retry": {...}, "concurrency": Integer, "pause_before": Boolean, "workflow": String, "target": String, "wait_before": Integer, "requires": [Value, Value, ...]}, ...]
      type: String
      use_request_body_as_input: Boolean

OS::Monasca::AlarmDefinition

Available since 7.0.0 (Newton)

UNSUPPORTED since 5.0.0 (Liberty)

Heat Template Resource for Monasca Alarm definition.

Monasca Alarm definition helps to define the required expression for a given alarm situation. This plugin helps to create, update and delete the alarm definition.

Alarm definitions is necessary to describe and manage alarms in a one-to-many relationship in order to avoid having to manually declare each alarm even though they may share many common attributes and differ in only one, such as hostname.

Required Properties

expression
Expression of the alarm to evaluate.
String value expected.
Updates cause replacement.

Optional Properties

actions_enabled
Whether to enable the actions or not.
Boolean value expected.
Can be updated without replacement.
Defaults to true
alarm_actions
The notification methods to use when an alarm state is ALARM.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
Monasca notification.
String value expected.
Can be updated without replacement.
Value must be of type monasca.notification
description
Description of the alarm.
String value expected.
Can be updated without replacement.
match_by
The metric dimensions to match to the alarm dimensions. One or more dimension key names separated by a comma.
List value expected.
Updates cause replacement.
Defaults to []
name
Name of the alarm. By default, physical resource name is used.
String value expected.
Can be updated without replacement.
ok_actions
The notification methods to use when an alarm state is OK.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
Monasca notification.
String value expected.
Can be updated without replacement.
Value must be of type monasca.notification
severity
Severity of the alarm.
String value expected.
Can be updated without replacement.
Defaults to "low"
Allowed values: low, medium, high, critical
undetermined_actions
The notification methods to use when an alarm state is UNDETERMINED.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
Monasca notification.
String value expected.
Can be updated without replacement.
Value must be of type monasca.notification

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Monasca::AlarmDefinition
    properties:
      actions_enabled: Boolean
      alarm_actions: [String, String, ...]
      description: String
      expression: String
      match_by: [Value, Value, ...]
      name: String
      ok_actions: [String, String, ...]
      severity: String
      undetermined_actions: [String, String, ...]

OS::Monasca::Notification

Available since 7.0.0 (Newton)

UNSUPPORTED since 5.0.0 (Liberty)

Heat Template Resource for Monasca Notification.

A resource which is used to notificate if there is some alarm. Monasca Notification helps to declare the hook points, which will be invoked once alarm is generated. This plugin helps to create, update and delete the notification.

Required Properties

address
Address of the notification. It could be a valid email address, url or service key based on notification type.
String value expected.
Can be updated without replacement.
The length must be no greater than 512.
type
Type of the notification.
String value expected.
Can be updated without replacement.
Allowed values: email, webhook, pagerduty

Optional Properties

name
Name of the notification. By default, physical resource name is used.
String value expected.
Can be updated without replacement.
period

Available since 7.0.0 (Newton)

Interval in seconds to invoke webhooks if the alarm state does not transition away from the defined trigger state. A value of 0 will disable continuous notifications. This property is only applicable for the webhook notification type and has default period interval of 60 seconds.
Integer value expected.
Can be updated without replacement.
Allowed values: 0, 60

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Monasca::Notification
    properties:
      address: String
      name: String
      period: Integer
      type: String

OS::Neutron::AddressScope

Available since 6.0.0 (Mitaka)

A resource for Neutron address scope.

This resource can be associated with multiple subnet pools in a one-to-many relationship. The subnet pools under an address scope must not overlap.

Optional Properties

ip_version
Address family of the address scope, which is 4 or 6.
Integer value expected.
Updates cause replacement.
Defaults to 4
Allowed values: 4, 6
name
The name for the address scope.
String value expected.
Can be updated without replacement.
shared
Whether the address scope should be shared to other tenants. Note that the default policy setting restricts usage of this attribute to administrative users only, and restricts changing of shared address scope to unshared with update.
Boolean value expected.
Can be updated without replacement.
Defaults to false
tenant_id
The owner tenant ID of the address scope. Only administrative users can specify a tenant ID other than their own.
String value expected.
Updates cause replacement.
Value must be of type keystone.project

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::AddressScope
    properties:
      ip_version: Integer
      name: String
      shared: Boolean
      tenant_id: String

OS::Neutron::Firewall

A resource for the Firewall resource in Neutron FWaaS.

Resource for using the Neutron firewall implementation. Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.

Required Properties

firewall_policy_id
The ID of the firewall policy that this firewall is associated with.
String value expected.
Can be updated without replacement.

Optional Properties

admin_state_up
Administrative state of the firewall. If false (down), firewall does not forward packets and will drop all traffic to/from VMs behind the firewall.
Boolean value expected.
Can be updated without replacement.
Defaults to true
description
Description for the firewall.
String value expected.
Can be updated without replacement.
name
Name for the firewall.
String value expected.
Can be updated without replacement.
value_specs

Available since 5.0.0 (Liberty)

Extra parameters to include in the request. Parameters are often specific to installed hardware or extensions.
Map value expected.
Can be updated without replacement.
Defaults to {}
shared

UNSUPPORTED since 6.0.0 (Mitaka) - There is no such option during 5.0.0, so need to make this property unsupported while it not used.

Available since 2015.1 (Kilo)

Whether this firewall should be shared across all tenants. NOTE: The default policy setting in Neutron restricts usage of this property to administrative users only.
Boolean value expected.
Can be updated without replacement.

Attributes

admin_state_up
The administrative state of the firewall.
description
Description of the firewall.
firewall_policy_id
Unique identifier of the firewall policy used to create the firewall.
name
Name for the firewall.
shared

UNSUPPORTED since 6.0.0 (Mitaka) - There is no such option during 5.0.0, so need to make this attribute unsupported, otherwise error will raised.

Shared status of this firewall.

show
Detailed information about resource.
status
The status of the firewall.
tenant_id
Id of the tenant owning the firewall.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::Firewall
    properties:
      admin_state_up: Boolean
      description: String
      firewall_policy_id: String
      name: String
      value_specs: {...}

OS::Neutron::FirewallPolicy

A resource for the FirewallPolicy resource in Neutron FWaaS.

FirewallPolicy resource is an ordered collection of firewall rules. A firewall policy can be shared across tenants.

Required Properties

firewall_rules
An ordered list of firewall rules to apply to the firewall.
List value expected.
Can be updated without replacement.

Optional Properties

audited
Whether this policy should be audited. When set to True, each time the firewall policy or the associated firewall rules are changed, this attribute will be set to False and will have to be explicitly set to True through an update operation.
Boolean value expected.
Can be updated without replacement.
Defaults to false
description
Description for the firewall policy.
String value expected.
Can be updated without replacement.
name
Name for the firewall policy.
String value expected.
Can be updated without replacement.
shared
Whether this policy should be shared across all tenants.
Boolean value expected.
Can be updated without replacement.
Defaults to false

Attributes

audited
Audit status of this firewall policy.
description
Description of the firewall policy.
firewall_rules
List of firewall rules in this firewall policy.
name
Name for the firewall policy.
shared
Shared status of this firewall policy.
show
Detailed information about resource.
tenant_id
Id of the tenant owning the firewall policy.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::FirewallPolicy
    properties:
      audited: Boolean
      description: String
      firewall_rules: [Value, Value, ...]
      name: String
      shared: Boolean

OS::Neutron::FirewallRule

A resource for the FirewallRule resource in Neutron FWaaS.

FirewallRule represents a collection of attributes like ports, ip addresses etc. which define match criteria and action (allow, or deny) that needs to be taken on the matched data traffic.

Optional Properties

action
Action to be performed on the traffic matching the rule.
String value expected.
Can be updated without replacement.
Defaults to "deny"
Allowed values: allow, deny
description
Description for the firewall rule.
String value expected.
Can be updated without replacement.
destination_ip_address
Destination IP address or CIDR.
String value expected.
Can be updated without replacement.
Value must be of type net_cidr
destination_port
Destination port number or a range.
String value expected.
Can be updated without replacement.
enabled
Whether this rule should be enabled.
Boolean value expected.
Can be updated without replacement.
Defaults to true
ip_version
Internet protocol version.
String value expected.
Can be updated without replacement.
Defaults to "4"
Allowed values: 4, 6
name
Name for the firewall rule.
String value expected.
Can be updated without replacement.
protocol
Protocol for the firewall rule.
String value expected.
Can be updated without replacement.
Defaults to "any"
Allowed values: tcp, udp, icmp, any
shared
Whether this rule should be shared across all tenants.
Boolean value expected.
Can be updated without replacement.
Defaults to false
source_ip_address
Source IP address or CIDR.
String value expected.
Can be updated without replacement.
Value must be of type net_cidr
source_port
Source port number or a range.
String value expected.
Can be updated without replacement.

Attributes

action
Allow or deny action for this firewall rule.
description
Description of the firewall rule.
destination_ip_address
Destination ip_address for this firewall rule.
destination_port
Destination port range for this firewall rule.
enabled
Indicates whether this firewall rule is enabled or not.
firewall_policy_id
Unique identifier of the firewall policy to which this firewall rule belongs.
ip_version
Ip_version for this firewall rule.
name
Name for the firewall rule.
position
Position of the rule within the firewall policy.
protocol
Protocol value for this firewall rule.
shared
Shared status of this firewall rule.
show
Detailed information about resource.
source_ip_address
Source ip_address for this firewall rule.
source_port
Source port range for this firewall rule.
tenant_id
Id of the tenant owning the firewall.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::FirewallRule
    properties:
      action: String
      description: String
      destination_ip_address: String
      destination_port: String
      enabled: Boolean
      ip_version: String
      name: String
      protocol: String
      shared: Boolean
      source_ip_address: String
      source_port: String

OS::Neutron::FloatingIP

A resource for managing Neutron floating ips.

Floating IP addresses can change their association between routers by action of the user. One of the most common use cases for floating IPs is to provide public IP addresses to a private cloud, where there are a limited number of IP addresses available. Another is for a public cloud user to have a “static” IP address that can be reassigned when an instance is upgraded or moved.

Required Properties

floating_network

Available since 2014.2 (Juno)

Network to allocate floating IP from.
String value expected.
Updates cause replacement.
Value must be of type neutron.network

Optional Properties

dns_domain

Available since 7.0.0 (Newton)

DNS domain associated with floating ip.
String value expected.
Can be updated without replacement.
Value must be of type dns_domain
dns_name

Available since 7.0.0 (Newton)

DNS name associated with floating ip.
String value expected.
Can be updated without replacement.
Value must be of type rel_dns_name
fixed_ip_address
IP address to use if the port has multiple addresses.
String value expected.
Can be updated without replacement.
Value must be of type ip_addr
floating_ip_address

Available since 5.0.0 (Liberty)

IP address of the floating IP. NOTE: The default policy setting in Neutron restricts usage of this property to administrative users only.
String value expected.
Updates cause replacement.
Value must be of type ip_addr
floating_subnet

Available since 9.0.0 (Pike)

Subnet to allocate floating IP from.
String value expected.
Updates cause replacement.
Value must be of type neutron.subnet
port_id
ID of an existing port with at least one IP address to associate with this floating IP.
String value expected.
Can be updated without replacement.
Value must be of type neutron.port
value_specs
Extra parameters to include in the “floatingip” object in the creation request. Parameters are often specific to installed hardware or extensions.
Map value expected.
Updates cause replacement.
Defaults to {}

Attributes

fixed_ip_address
IP address of the associated port, if specified.
floating_ip_address
The allocated address of this IP.
floating_network_id
ID of the network in which this IP is allocated.
port_id
ID of the port associated with this IP.
router_id
ID of the router used as gateway, set when associated with a port.
show
Detailed information about resource.
tenant_id
The tenant owning this floating IP.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::FloatingIP
    properties:
      dns_domain: String
      dns_name: String
      fixed_ip_address: String
      floating_ip_address: String
      floating_network: String
      floating_subnet: String
      port_id: String
      value_specs: {...}

OS::Neutron::FloatingIPAssociation

A resource for associating floating ips and ports.

This resource allows associating a floating IP to a port with at least one IP address to associate with this floating IP.

Required Properties

floatingip_id
ID of the floating IP to associate.
String value expected.
Can be updated without replacement.
port_id
ID of an existing port with at least one IP address to associate with this floating IP.
String value expected.
Can be updated without replacement.
Value must be of type neutron.port

Optional Properties

fixed_ip_address
IP address to use if the port has multiple addresses.
String value expected.
Can be updated without replacement.
Value must be of type ip_addr

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::FloatingIPAssociation
    properties:
      fixed_ip_address: String
      floatingip_id: String
      port_id: String

OS::Neutron::IKEPolicy

A resource for IKE policy in Neutron.

The Internet Key Exchange policy identifies the authentication and encryption algorithm used during phase one and phase two negotiation of a VPN connection.

Optional Properties

auth_algorithm
Authentication hash algorithm for the ike policy.
String value expected.
Can be updated without replacement.
Defaults to "sha1"
Allowed values: sha1, sha256, sha384, sha512
description
Description for the ike policy.
String value expected.
Can be updated without replacement.
encryption_algorithm
Encryption algorithm for the ike policy.
String value expected.
Updates cause replacement.
Defaults to "aes-128"
Allowed values: 3des, aes-128, aes-192, aes-256
ike_version
Version for the ike policy.
String value expected.
Updates cause replacement.
Defaults to "v1"
Allowed values: v1, v2
lifetime
Safety assessment lifetime configuration for the ike policy.
Map value expected.
Updates cause replacement.
Map properties:
units
Optional.
Safety assessment lifetime units.
String value expected.
Updates cause replacement.
Defaults to "seconds"
Allowed values: seconds, kilobytes
value
Optional.
Safety assessment lifetime value in specified units.
Integer value expected.
Updates cause replacement.
Defaults to 3600
name
Name for the ike policy.
String value expected.
Can be updated without replacement.
pfs
Perfect forward secrecy in lowercase for the ike policy.
String value expected.
Updates cause replacement.
Defaults to "group5"
Allowed values: group2, group5, group14
phase1_negotiation_mode
Negotiation mode for the ike policy.
String value expected.
Updates cause replacement.
Defaults to "main"
Allowed values: main

Attributes

auth_algorithm
The authentication hash algorithm used by the ike policy.
description
The description of the ike policy.
encryption_algorithm
The encryption algorithm used by the ike policy.
ike_version
The version of the ike policy.
lifetime
The safety assessment lifetime configuration for the ike policy.
name
The name of the ike policy.
pfs
The perfect forward secrecy of the ike policy.
phase1_negotiation_mode
The negotiation mode of the ike policy.
show
Detailed information about resource.
tenant_id
The unique identifier of the tenant owning the ike policy.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::IKEPolicy
    properties:
      auth_algorithm: String
      description: String
      encryption_algorithm: String
      ike_version: String
      lifetime: {"value": Integer, "units": String}
      name: String
      pfs: String
      phase1_negotiation_mode: String

OS::Neutron::IPsecPolicy

A resource for IPsec policy in Neutron.

The IP security policy specifying the authentication and encryption algorithm, and encapsulation mode used for the established VPN connection.

Optional Properties

auth_algorithm
Authentication hash algorithm for the ipsec policy.
String value expected.
Updates cause replacement.
Defaults to "sha1"
Allowed values: sha1
description
Description for the ipsec policy.
String value expected.
Can be updated without replacement.
encapsulation_mode
Encapsulation mode for the ipsec policy.
String value expected.
Updates cause replacement.
Defaults to "tunnel"
Allowed values: tunnel, transport
encryption_algorithm
Encryption algorithm for the ipsec policy.
String value expected.
Updates cause replacement.
Defaults to "aes-128"
Allowed values: 3des, aes-128, aes-192, aes-256
lifetime
Safety assessment lifetime configuration for the ipsec policy.
Map value expected.
Updates cause replacement.
Map properties:
units
Optional.
Safety assessment lifetime units.
String value expected.
Updates cause replacement.
Defaults to "seconds"
Allowed values: seconds, kilobytes
value
Optional.
Safety assessment lifetime value in specified units.
Integer value expected.
Updates cause replacement.
Defaults to 3600
name
Name for the ipsec policy.
String value expected.
Can be updated without replacement.
pfs
Perfect forward secrecy for the ipsec policy.
String value expected.
Updates cause replacement.
Defaults to "group5"
Allowed values: group2, group5, group14
transform_protocol
Transform protocol for the ipsec policy.
String value expected.
Updates cause replacement.
Defaults to "esp"
Allowed values: esp, ah, ah-esp

Attributes

auth_algorithm
The authentication hash algorithm of the ipsec policy.
description
The description of the ipsec policy.
encapsulation_mode
The encapsulation mode of the ipsec policy.
encryption_algorithm
The encryption algorithm of the ipsec policy.
lifetime
The safety assessment lifetime configuration of the ipsec policy.
name
The name of the ipsec policy.
pfs
The perfect forward secrecy of the ipsec policy.
show
Detailed information about resource.
tenant_id
The unique identifier of the tenant owning the ipsec policy.
transform_protocol
The transform protocol of the ipsec policy.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::IPsecPolicy
    properties:
      auth_algorithm: String
      description: String
      encapsulation_mode: String
      encryption_algorithm: String
      lifetime: {"value": Integer, "units": String}
      name: String
      pfs: String
      transform_protocol: String

OS::Neutron::IPsecSiteConnection

A resource for IPsec site connection in Neutron.

This resource has details for the site-to-site IPsec connection, including the peer CIDRs, MTU, peer address, DPD settings and status.

Required Properties

ikepolicy_id
Unique identifier for the ike policy associated with the ipsec site connection.
String value expected.
Updates cause replacement.
ipsecpolicy_id
Unique identifier for the ipsec policy associated with the ipsec site connection.
String value expected.
Updates cause replacement.
peer_address
Remote branch router public IPv4 address or IPv6 address or FQDN.
String value expected.
Updates cause replacement.
peer_cidrs
Remote subnet(s) in CIDR format.
List value expected.
Updates cause replacement.
List contents:
Optional.
String value expected.
Updates cause replacement.
Value must be of type net_cidr
peer_id
Remote branch router identity.
String value expected.
Updates cause replacement.
psk
Pre-shared key string for the ipsec site connection.
String value expected.
Updates cause replacement.
vpnservice_id
Unique identifier for the vpn service associated with the ipsec site connection.
String value expected.
Updates cause replacement.

Optional Properties

admin_state_up
Administrative state for the ipsec site connection.
Boolean value expected.
Can be updated without replacement.
Defaults to true
description
Description for the ipsec site connection.
String value expected.
Can be updated without replacement.
dpd
Dead Peer Detection protocol configuration for the ipsec site connection.
Map value expected.
Updates cause replacement.
Map properties:
actions
Optional.
Controls DPD protocol mode.
String value expected.
Updates cause replacement.
Defaults to "hold"
Allowed values: clear, disabled, hold, restart, restart-by-peer
interval
Optional.
Number of seconds for the DPD delay.
Integer value expected.
Updates cause replacement.
Defaults to 30
timeout
Optional.
Number of seconds for the DPD timeout.
Integer value expected.
Updates cause replacement.
Defaults to 120
initiator
Initiator state in lowercase for the ipsec site connection.
String value expected.
Updates cause replacement.
Defaults to "bi-directional"
Allowed values: bi-directional, response-only
mtu
Maximum transmission unit size (in bytes) for the ipsec site connection.
Integer value expected.
Updates cause replacement.
Defaults to 1500
name
Name for the ipsec site connection.
String value expected.
Can be updated without replacement.

Attributes

admin_state_up
The administrative state of the ipsec site connection.
auth_mode
The authentication mode of the ipsec site connection.
description
The description of the ipsec site connection.
dpd
The dead peer detection protocol configuration of the ipsec site connection.
ikepolicy_id
The unique identifier of ike policy associated with the ipsec site connection.
initiator
The initiator of the ipsec site connection.
ipsecpolicy_id
The unique identifier of ipsec policy associated with the ipsec site connection.
mtu
The maximum transmission unit size (in bytes) of the ipsec site connection.
name
The name of the ipsec site connection.
peer_address
The remote branch router public IPv4 address or IPv6 address or FQDN.
peer_cidrs
The remote subnet(s) in CIDR format of the ipsec site connection.
peer_id
The remote branch router identity of the ipsec site connection.
psk
The pre-shared key string of the ipsec site connection.
route_mode
The route mode of the ipsec site connection.
show
Detailed information about resource.
status
The status of the ipsec site connection.
tenant_id
The unique identifier of the tenant owning the ipsec site connection.
vpnservice_id
The unique identifier of vpn service associated with the ipsec site connection.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::IPsecSiteConnection
    properties:
      admin_state_up: Boolean
      description: String
      dpd: {"actions": String, "timeout": Integer, "interval": Integer}
      ikepolicy_id: String
      initiator: String
      ipsecpolicy_id: String
      mtu: Integer
      name: String
      peer_address: String
      peer_cidrs: [String, String, ...]
      peer_id: String
      psk: String
      vpnservice_id: String

OS::Neutron::LBaaS::HealthMonitor

Available since 6.0.0 (Mitaka)

A resource to handle load balancer health monitors.

This resource creates and manages Neutron LBaaS v2 healthmonitors, which watches status of the load balanced servers.

Required Properties

delay
The minimum time in milliseconds between regular connections of the member.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
max_retries
Number of permissible connection failures before changing the member status to INACTIVE.
Integer value expected.
Can be updated without replacement.
The value must be in the range 1 to 10.
pool
ID or name of the load balancing pool.
String value expected.
Updates cause replacement.
Value must be of type neutron.lbaas.pool
timeout
Maximum number of milliseconds for a monitor to wait for a connection to be established before it times out.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
type
One of predefined health monitor types.
String value expected.
Updates cause replacement.
Allowed values: PING, TCP, HTTP, HTTPS

Optional Properties

admin_state_up
The administrative state of the health monitor.
Boolean value expected.
Can be updated without replacement.
Defaults to true
expected_codes
The HTTP status codes expected in response from the member to declare it healthy. Specify one of the following values: a single value, such as 200. a list, such as 200, 202. a range, such as 200-204.
String value expected.
Can be updated without replacement.
Defaults to "200"
http_method
The HTTP method used for requests by the monitor of type HTTP.
String value expected.
Can be updated without replacement.
Defaults to "GET"
Allowed values: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, CONNECT, PATCH
tenant_id
ID of the tenant who owns the health monitor.
String value expected.
Updates cause replacement.
url_path
The HTTP path used in the HTTP request used by the monitor to test a member health. A valid value is a string the begins with a forward slash (/).
String value expected.
Can be updated without replacement.
Defaults to "/"

Attributes

pools
The list of Pools related to this monitor.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::LBaaS::HealthMonitor
    properties:
      admin_state_up: Boolean
      delay: Integer
      expected_codes: String
      http_method: String
      max_retries: Integer
      pool: String
      tenant_id: String
      timeout: Integer
      type: String
      url_path: String

OS::Neutron::LBaaS::L7Policy

Available since 7.0.0 (Newton)

A resource for managing LBaaS v2 L7Policies.

This resource manages Neutron-LBaaS v2 L7Policies, which represent a collection of L7Rules. L7Policy holds the action that should be performed when the rules are matched (Redirect to Pool, Redirect to URL, Reject). L7Policy holds a Listener id, so a Listener can evaluate a collection of L7Policies. L7Policy will return True when all of the L7Rules that belong to this L7Policy are matched. L7Policies under a specific Listener are ordered and the first l7Policy that returns a match will be executed. When none of the policies match the request gets forwarded to listener.default_pool_id.

Required Properties

action
Action type of the policy.
String value expected.
Can be updated without replacement.
Allowed values: REJECT, REDIRECT_TO_POOL, REDIRECT_TO_URL
listener
ID or name of the listener this policy belongs to.
String value expected.
Updates cause replacement.
Value must be of type neutron.lbaas.listener

Optional Properties

admin_state_up
The administrative state of the policy.
Boolean value expected.
Can be updated without replacement.
Defaults to true
description
Description of the policy.
String value expected.
Can be updated without replacement.
name
Name of the policy.
String value expected.
Can be updated without replacement.
position
L7 policy position in ordered policies list. This must be an integer starting from 1. If not specified, policy will be placed at the tail of existing policies list.
Number value expected.
Can be updated without replacement.
The value must be at least 1.
redirect_pool
ID or name of the pool for REDIRECT_TO_POOL action type.
String value expected.
Can be updated without replacement.
Value must be of type neutron.lbaas.pool
redirect_url
URL for REDIRECT_TO_URL action type. This should be a valid URL string.
String value expected.
Can be updated without replacement.

Attributes

rules
L7Rules associated with this policy.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::LBaaS::L7Policy
    properties:
      action: String
      admin_state_up: Boolean
      description: String
      listener: String
      name: String
      position: Number
      redirect_pool: String
      redirect_url: String

OS::Neutron::LBaaS::L7Rule

Available since 7.0.0 (Newton)

A resource for managing LBaaS v2 L7Rules.

This resource manages Neutron-LBaaS v2 L7Rules, which represent a set of attributes that defines which part of the request should be matched and how it should be matched.

Required Properties

compare_type
Rule compare type.
String value expected.
Can be updated without replacement.
Allowed values: REGEX, STARTS_WITH, ENDS_WITH, CONTAINS, EQUAL_TO
l7policy
ID or name of L7 policy this rule belongs to.
String value expected.
Updates cause replacement.
type
Rule type.
String value expected.
Can be updated without replacement.
Allowed values: HOST_NAME, PATH, FILE_TYPE, HEADER, COOKIE
value
Value to compare.
String value expected.
Can be updated without replacement.

Optional Properties

admin_state_up
The administrative state of the rule.
Boolean value expected.
Can be updated without replacement.
Defaults to true
invert
Invert the compare type.
Boolean value expected.
Can be updated without replacement.
Defaults to false
key
Key to compare. Relevant for HEADER and COOKIE types only.
String value expected.
Can be updated without replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::LBaaS::L7Rule
    properties:
      admin_state_up: Boolean
      compare_type: String
      invert: Boolean
      key: String
      l7policy: String
      type: String
      value: String

OS::Neutron::LBaaS::Listener

Available since 6.0.0 (Mitaka)

A resource for managing LBaaS v2 Listeners.

This resource creates and manages Neutron LBaaS v2 Listeners, which represent a listening endpoint for the vip.

Required Properties

protocol
Protocol on which to listen for the client traffic.
String value expected.
Updates cause replacement.
Allowed values: TCP, HTTP, HTTPS, TERMINATED_HTTPS
protocol_port
TCP or UDP port on which to listen for client traffic.
Integer value expected.
Updates cause replacement.
The value must be in the range 1 to 65535.

Optional Properties

admin_state_up
The administrative state of this listener.
Boolean value expected.
Can be updated without replacement.
Defaults to true
connection_limit
The maximum number of connections permitted for this load balancer. Defaults to -1, which is infinite.
Integer value expected.
Can be updated without replacement.
Defaults to -1
The value must be at least -1.
default_pool

Available since 9.0.0 (Pike)

ID or name of the default pool for the listener. Requires shared_pools service extension.
String value expected.
Can be updated without replacement.
Value must be of type neutron.lbaas.pool
default_tls_container_ref
Default TLS container reference to retrieve TLS information.
String value expected.
Can be updated without replacement.
description
Description of this listener.
String value expected.
Can be updated without replacement.
Defaults to ""
loadbalancer
ID or name of the load balancer with which listener is associated.
String value expected.
Updates cause replacement.
Value must be of type neutron.lbaas.loadbalancer
name
Name of this listener.
String value expected.
Can be updated without replacement.
sni_container_refs
List of TLS container references for SNI.
List value expected.
Can be updated without replacement.
tenant_id
The ID of the tenant who owns the listener.
String value expected.
Updates cause replacement.

Attributes

default_pool_id
ID of the default pool this listener is associated to.
loadbalancers
ID of the load balancer this listener is associated to.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::LBaaS::Listener
    properties:
      admin_state_up: Boolean
      connection_limit: Integer
      default_pool: String
      default_tls_container_ref: String
      description: String
      loadbalancer: String
      name: String
      protocol: String
      protocol_port: Integer
      sni_container_refs: [Value, Value, ...]
      tenant_id: String

OS::Neutron::LBaaS::LoadBalancer

Available since 6.0.0 (Mitaka)

A resource for creating LBaaS v2 Load Balancers.

This resource creates and manages Neutron LBaaS v2 Load Balancers, which allows traffic to be directed between servers.

Required Properties

vip_subnet
The name or ID of the subnet on which to allocate the VIP address.
String value expected.
Updates cause replacement.
Value must be of type neutron.subnet

Optional Properties

admin_state_up
The administrative state of this Load Balancer.
Boolean value expected.
Can be updated without replacement.
Defaults to true
description
Description of this Load Balancer.
String value expected.
Can be updated without replacement.
Defaults to ""
name
Name of this Load Balancer.
String value expected.
Can be updated without replacement.
provider
Provider for this Load Balancer.
String value expected.
Updates cause replacement.
Value must be of type neutron.lbaas.provider
tenant_id
The ID of the tenant who owns the Load Balancer. Only administrative users can specify a tenant ID other than their own.
String value expected.
Updates cause replacement.
Value must be of type keystone.project
vip_address
IP address for the VIP.
String value expected.
Updates cause replacement.
Value must be of type ip_addr

Attributes

pools

Available since 9.0.0 (Pike)

Pools this LoadBalancer is associated with.

show
Detailed information about resource.
vip_address
The VIP address of the LoadBalancer.
vip_port_id
The VIP port of the LoadBalancer.
vip_subnet_id
The VIP subnet of the LoadBalancer.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::LBaaS::LoadBalancer
    properties:
      admin_state_up: Boolean
      description: String
      name: String
      provider: String
      tenant_id: String
      vip_address: String
      vip_subnet: String

OS::Neutron::LBaaS::Pool

Available since 6.0.0 (Mitaka)

A resource for managing LBaaS v2 Pools.

This resources manages Neutron-LBaaS v2 Pools, which represent a group of nodes. Pools define the subnet where nodes reside, balancing algorithm, and the nodes themselves.

Required Properties

lb_algorithm
The algorithm used to distribute load between the members of the pool.
String value expected.
Can be updated without replacement.
Allowed values: ROUND_ROBIN, LEAST_CONNECTIONS, SOURCE_IP
protocol
Protocol of the pool.
String value expected.
Updates cause replacement.
Allowed values: TCP, HTTP, HTTPS

Optional Properties

admin_state_up
The administrative state of this pool.
Boolean value expected.
Can be updated without replacement.
Defaults to true
description
Description of this pool.
String value expected.
Can be updated without replacement.
Defaults to ""
listener
Listener name or ID to be associated with this pool.
String value expected.
Updates cause replacement.
Value must be of type neutron.lbaas.listener
loadbalancer

Available since 9.0.0 (Pike)

Loadbalancer name or ID to be associated with this pool. Requires shared_pools service extension.
String value expected.
Updates cause replacement.
Value must be of type neutron.lbaas.loadbalancer
name
Name of this pool.
String value expected.
Can be updated without replacement.
session_persistence
Configuration of session persistence.
Map value expected.
Updates cause replacement.
Map properties:
type
Required.
Method of implementation of session persistence feature.
String value expected.
Updates cause replacement.
Allowed values: SOURCE_IP, HTTP_COOKIE, APP_COOKIE

Attributes

healthmonitor_id
ID of the health monitor associated with this pool.
listeners
Listener associated with this pool.
members
Members associated with this pool.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::LBaaS::Pool
    properties:
      admin_state_up: Boolean
      description: String
      lb_algorithm: String
      listener: String
      loadbalancer: String
      name: String
      protocol: String
      session_persistence: {"type": String, "cookie_name": String}

OS::Neutron::LBaaS::PoolMember

Available since 6.0.0 (Mitaka)

A resource for managing LBaaS v2 Pool Members.

A pool member represents a single backend node.

Required Properties

address
IP address of the pool member on the pool network.
String value expected.
Updates cause replacement.
Value must be of type ip_addr
pool
Name or ID of the load balancing pool.
String value expected.
Updates cause replacement.
Value must be of type neutron.lbaas.pool
protocol_port
Port on which the pool member listens for requests or connections.
Integer value expected.
Updates cause replacement.
The value must be in the range 1 to 65535.
subnet
Subnet name or ID of this member.
String value expected.
Updates cause replacement.
Value must be of type neutron.subnet

Optional Properties

admin_state_up
The administrative state of the pool member.
Boolean value expected.
Can be updated without replacement.
Defaults to true
weight
Weight of pool member in the pool (default to 1).
Integer value expected.
Can be updated without replacement.
Defaults to 1
The value must be in the range 0 to 256.

Attributes

address
The IP address of the pool member.
pool_id
The ID of the pool to which the pool member belongs.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::LBaaS::PoolMember
    properties:
      address: String
      admin_state_up: Boolean
      pool: String
      protocol_port: Integer
      subnet: String
      weight: Integer

OS::Neutron::MeteringLabel

Available since 2014.1 (Icehouse)

A resource for creating neutron metering label.

The idea is to meter this at the L3 routers levels. The point is to allow operators to configure IP ranges and to assign a label to them. For example we will be able to set two labels; one for the internal traffic, and the other one for the external traffic. Each label will measure the traffic for a specific set of IP range. Then, bandwidth measurement will be sent for each label to the Oslo notification system and could be collected by Ceilometer.

Optional Properties

description
Description of the metering label.
String value expected.
Updates cause replacement.
name
Name of the metering label.
String value expected.
Updates cause replacement.
shared

Available since 2015.1 (Kilo)

Whether the metering label should be shared across all tenants.
Boolean value expected.
Updates cause replacement.
Defaults to false

Attributes

description
Description of the metering label.
name
Name of the metering label.
shared
Shared status of the metering label.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::MeteringLabel
    properties:
      description: String
      name: String
      shared: Boolean

OS::Neutron::MeteringRule

Available since 2014.1 (Icehouse)

A resource to create rule for some label.

Resource for allowing specified label to measure the traffic for a specific set of ip range.

Required Properties

metering_label_id
The metering label ID to associate with this metering rule.
String value expected.
Updates cause replacement.
remote_ip_prefix
Indicates remote IP prefix to be associated with this metering rule.
String value expected.
Updates cause replacement.

Optional Properties

direction
The direction in which metering rule is applied, either ingress or egress.
String value expected.
Updates cause replacement.
Defaults to "ingress"
Allowed values: ingress, egress
excluded
Specify whether the remote_ip_prefix will be excluded or not from traffic counters of the metering label. For example to not count the traffic of a specific IP address of a range.
Boolean value expected.
Updates cause replacement.
Defaults to "False"

Attributes

direction
The direction in which metering rule is applied.
excluded
Exclude state for cidr.
metering_label_id
The metering label ID to associate with this metering rule.
remote_ip_prefix
CIDR to be associated with this metering rule.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::MeteringRule
    properties:
      direction: String
      excluded: Boolean
      metering_label_id: String
      remote_ip_prefix: String

OS::Neutron::Net

A resource for managing Neutron net.

A network is a virtual isolated layer-2 broadcast domain which is typically reserved to the tenant who created it, unless the network has been explicitly configured to be shared.

Optional Properties

admin_state_up
A boolean value specifying the administrative status of the network.
Boolean value expected.
Can be updated without replacement.
Defaults to true
dhcp_agent_ids
The IDs of the DHCP agent to schedule the network. Note that the default policy setting in Neutron restricts usage of this property to administrative users only.
List value expected.
Can be updated without replacement.
dns_domain

Available since 7.0.0 (Newton)

DNS domain associated with this network.
String value expected.
Can be updated without replacement.
Value must be of type dns_domain
name
A string specifying a symbolic name for the network, which is not required to be unique.
String value expected.
Can be updated without replacement.
port_security_enabled

Available since 5.0.0 (Liberty)

Flag to enable/disable port security on the network. It provides the default value for the attribute of the ports created on this network.
Boolean value expected.
Can be updated without replacement.
qos_policy

Available since 6.0.0 (Mitaka)

The name or ID of QoS policy to attach to this network.
String value expected.
Can be updated without replacement.
Value must be of type neutron.qos_policy
shared
Whether this network should be shared across all tenants. Note that the default policy setting restricts usage of this attribute to administrative users only.
Boolean value expected.
Can be updated without replacement.
Defaults to false
tags

Available since 9.0.0 (Pike)

The tags to be added to the network.
List value expected.
Can be updated without replacement.
List contents:
Optional.
String value expected.
Can be updated without replacement.
tenant_id
The ID of the tenant which will own the network. Only administrative users can set the tenant identifier; this cannot be changed using authorization policies.
String value expected.
Updates cause replacement.
value_specs
Extra parameters to include in the request. Parameters are often specific to installed hardware or extensions.
Map value expected.
Can be updated without replacement.
Defaults to {}

Attributes

admin_state_up
The administrative status of the network.
l2_adjacency

Available since 9.0.0 (Pike)

A boolean value for L2 adjacency, True means that you can expect L2 connectivity throughout the Network.

mtu

Available since 5.0.0 (Liberty)

The maximum transmission unit size(in bytes) for the network.

name
The name of the network.
port_security_enabled

Available since 5.0.0 (Liberty)

Port security enabled of the network.

qos_policy_id

Available since 6.0.0 (Mitaka)

The QoS policy ID attached to this network.

segments

Available since 11.0.0 (Rocky)

The segments of this network.

show
Detailed information about resource.
status
The status of the network.
subnets
Subnets of this network.
tenant_id
The tenant owning this network.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::Net
    properties:
      admin_state_up: Boolean
      dhcp_agent_ids: [Value, Value, ...]
      dns_domain: String
      name: String
      port_security_enabled: Boolean
      qos_policy: String
      shared: Boolean
      tags: [String, String, ...]
      tenant_id: String
      value_specs: {...}

OS::Neutron::NetworkGateway

Available since 2014.1 (Icehouse)

Network Gateway resource in Neutron Network Gateway.

Resource for connecting internal networks with specified devices.

Required Properties

devices
Device info for this network gateway.
List value expected.
Can be updated without replacement.
The length must be at least 1.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
id
Required.
The device id for the network gateway.
String value expected.
Can be updated without replacement.
interface_name
Required.
The interface name for the network gateway.
String value expected.
Can be updated without replacement.

Optional Properties

connections
Connection info for this network gateway.
List value expected.
Can be updated without replacement.
Defaults to {}
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
network

Available since 2014.2 (Juno)

Required.
The internal network to connect on the network gateway.
String value expected.
Can be updated without replacement.
Value must be of type neutron.network
segmentation_id
Optional.
The id for L2 segment on the external side of the network gateway. Must be specified when using vlan.
Integer value expected.
Can be updated without replacement.
The value must be in the range 0 to 4094.
segmentation_type
Optional.
L2 segmentation strategy on the external side of the network gateway.
String value expected.
Can be updated without replacement.
Defaults to "flat"
Allowed values: flat, vlan
name
The name of the network gateway.
String value expected.
Can be updated without replacement.

Attributes

default
A boolean value of default flag.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::NetworkGateway
    properties:
      connections: [{"segmentation_id": Integer, "segmentation_type": String, "network_id": String, "network": String}, {"segmentation_id": Integer, "segmentation_type": String, "network_id": String, "network": String}, ...]
      devices: [{"id": String, "interface_name": String}, {"id": String, "interface_name": String}, ...]
      name: String

OS::Neutron::Port

A resource for managing Neutron ports.

A port represents a virtual switch port on a logical network switch. Virtual instances attach their interfaces into ports. The logical port also defines the MAC address and the IP address(es) to be assigned to the interfaces plugged into them. When IP addresses are associated to a port, this also implies the port is associated with a subnet, as the IP address was taken from the allocation pool for a specific subnet.

Required Properties

network

Available since 2014.2 (Juno)

Network this port belongs to. If you plan to use current port to assign Floating IP, you should specify fixed_ips with subnet. Note if this changes to a different network update, the port will be replaced.
String value expected.
Updates cause replacement.
Value must be of type neutron.network

Optional Properties

admin_state_up
The administrative state of this port.
Boolean value expected.
Can be updated without replacement.
Defaults to true
allowed_address_pairs
Additional MAC/IP address pairs allowed to pass through the port.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
ip_address
Required.
IP address to allow through this port.
String value expected.
Can be updated without replacement.
Value must be of type net_cidr
mac_address
Optional.
MAC address to allow through this port.
String value expected.
Can be updated without replacement.
Value must be of type mac_addr
binding:vnic_type

Available since 2015.1 (Kilo)

The vnic type to be bound on the neutron port. To support SR-IOV PCI passthrough networking, you can request that the neutron port to be realized as normal (virtual nic), direct (pci passthrough), or macvtap (virtual interface with a tap-like software interface). Note that this only works for Neutron deployments that support the bindings extension.
String value expected.
Can be updated without replacement.
Defaults to "normal"
Allowed values: normal, direct, macvtap, direct-physical, baremetal
device_id
Device ID of this port.
String value expected.
Can be updated without replacement.
Defaults to ""
device_owner
Name of the network owning the port. The value is typically network:floatingip or network:router_interface or network:dhcp.
String value expected.
Can be updated without replacement.
Defaults to ""
dns_name

Available since 7.0.0 (Newton)

DNS name associated with the port.
String value expected.
Can be updated without replacement.
Value must be of type dns_name
fixed_ips
Desired IPs for this port.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
ip_address
Optional.
IP address desired in the subnet for this port.
String value expected.
Can be updated without replacement.
Value must be of type ip_addr
subnet

Available since 2014.2 (Juno)

Optional.
Subnet in which to allocate the IP address for this port.
String value expected.
Can be updated without replacement.
Value must be of type neutron.subnet
mac_address
MAC address to give to this port. The default update policy of this property in neutron is that allow admin role only.
String value expected.
Can be updated without replacement.
Value must be of type mac_addr
name
A symbolic name for this port.
String value expected.
Can be updated without replacement.
port_security_enabled

Available since 5.0.0 (Liberty)

Flag to enable/disable port security on the port. When disable this feature(set it to False), there will be no packages filtering, like security-group and address-pairs.
Boolean value expected.
Can be updated without replacement.
qos_policy

Available since 6.0.0 (Mitaka)

The name or ID of QoS policy to attach to this port.
String value expected.
Can be updated without replacement.
Value must be of type neutron.qos_policy
security_groups
Security group IDs to associate with this port.
List value expected.
Can be updated without replacement.
tags

Available since 9.0.0 (Pike)

The tags to be added to the port.
List value expected.
Can be updated without replacement.
List contents:
Optional.
String value expected.
Can be updated without replacement.
value_specs
Extra parameters to include in the request.
Map value expected.
Can be updated without replacement.
Defaults to {}

Attributes

admin_state_up
The administrative state of this port.
allowed_address_pairs
Additional MAC/IP address pairs allowed to pass through a port.
device_id
Unique identifier for the device.
device_owner
Name of the network owning the port.
dns_assignment

Available since 7.0.0 (Newton)

The DNS assigned to this port.

fixed_ips
Fixed IP addresses.
mac_address
MAC address of the port.
name
Friendly name of the port.
network

Available since 11.0.0 (Rocky)

The attributes of the network owning the port. (The full list of response parameters can be found in the `Openstack Networking service API reference <https://developer.openstack.org/api-ref/network/>`_.) The following examples demonstrate some (not all) possible expressions. (Obtains the network, the MTU (Maximum transmission unit), the network tags and the l2_adjacency property): ``{get_attr: [<port>, network]}``, ``{get_attr: [<port>, network, mtu]}``, ``{get_attr: [<port>, network, tags]}?``, ``{get_attr: [<port>, network, l2_adjacency]}``.

network_id
Unique identifier for the network owning the port.
port_security_enabled

Available since 5.0.0 (Liberty)

Port security enabled of the port.

qos_policy_id

Available since 6.0.0 (Mitaka)

The QoS policy ID attached to this port.

security_groups
A list of security groups for the port.
show
Detailed information about resource.
status
The status of the port.
subnets
A list of all subnet attributes for the port.
tenant_id
Tenant owning the port.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::Port
    properties:
      admin_state_up: Boolean
      allowed_address_pairs: [{"mac_address": String, "ip_address": String}, {"mac_address": String, "ip_address": String}, ...]
      binding:vnic_type: String
      device_id: String
      device_owner: String
      dns_name: String
      fixed_ips: [{"subnet_id": String, "subnet": String, "ip_address": String}, {"subnet_id": String, "subnet": String, "ip_address": String}, ...]
      mac_address: String
      name: String
      network: String
      port_security_enabled: Boolean
      qos_policy: String
      security_groups: [Value, Value, ...]
      tags: [String, String, ...]
      value_specs: {...}

OS::Neutron::ProviderNet

Available since 2014.1 (Icehouse)

A resource for managing Neutron provider networks.

Provider networks specify details of physical realisation of the existing network.

The default policy usage of this resource is limited to administrators only.

Required Properties

network_type
A string specifying the provider network type for the network.
String value expected.
Can be updated without replacement.
Allowed values: local, vlan, vxlan, gre, geneve, flat

Optional Properties

admin_state_up
A boolean value specifying the administrative status of the network.
Boolean value expected.
Can be updated without replacement.
Defaults to true
name
A string specifying a symbolic name for the network, which is not required to be unique.
String value expected.
Can be updated without replacement.
physical_network
A string specifying physical network mapping for the network.
String value expected.
Can be updated without replacement.
port_security_enabled

Available since 8.0.0 (Ocata)

Flag to enable/disable port security on the network. It provides the default value for the attribute of the ports created on this network.
Boolean value expected.
Can be updated without replacement.
router_external

Available since 6.0.0 (Mitaka)

Whether the network contains an external router.
Boolean value expected.
Can be updated without replacement.
Defaults to false
segmentation_id
A string specifying the segmentation id for the network.
String value expected.
Can be updated without replacement.
shared
Whether this network should be shared across all tenants.
Boolean value expected.
Can be updated without replacement.
Defaults to true

Attributes

show
Detailed information about resource.
status
The status of the network.
subnets
Subnets of this network.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::ProviderNet
    properties:
      admin_state_up: Boolean
      name: String
      network_type: String
      physical_network: String
      port_security_enabled: Boolean
      router_external: Boolean
      segmentation_id: String
      shared: Boolean

OS::Neutron::QoSBandwidthLimitRule

Available since 6.0.0 (Mitaka)

A resource for Neutron QoS bandwidth limit rule.

This rule can be associated with QoS policy, and then the policy can be used by neutron port and network, to provide bandwidth limit QoS capabilities.

The default policy usage of this resource is limited to administrators only.

Required Properties

max_kbps
Max bandwidth in kbps.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
policy
ID or name of the QoS policy.
String value expected.
Updates cause replacement.
Value must be of type neutron.qos_policy

Optional Properties

max_burst_kbps
Max burst bandwidth in kbps.
Integer value expected.
Can be updated without replacement.
Defaults to 0
The value must be at least 0.
tenant_id
The owner tenant ID of this rule.
String value expected.
Updates cause replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::QoSBandwidthLimitRule
    properties:
      max_burst_kbps: Integer
      max_kbps: Integer
      policy: String
      tenant_id: String

OS::Neutron::QoSDscpMarkingRule

Available since 7.0.0 (Newton)

A resource for Neutron QoS DSCP marking rule.

This rule can be associated with QoS policy, and then the policy can be used by neutron port and network, to provide DSCP marking QoS capabilities.

The default policy usage of this resource is limited to administrators only.

Required Properties

dscp_mark
DSCP mark between 0 and 56, except 2-6, 42, 44, and 50-54.
Integer value expected.
Can be updated without replacement.
Allowed values: 0, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 46, 48, 56
policy
ID or name of the QoS policy.
String value expected.
Updates cause replacement.
Value must be of type neutron.qos_policy

Optional Properties

tenant_id
The owner tenant ID of this rule.
String value expected.
Updates cause replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::QoSDscpMarkingRule
    properties:
      dscp_mark: Integer
      policy: String
      tenant_id: String

OS::Neutron::QoSPolicy

Available since 6.0.0 (Mitaka)

A resource for Neutron QoS Policy.

This QoS policy can be associated with neutron resources, such as port and network, to provide QoS capabilities.

The default policy usage of this resource is limited to administrators only.

Optional Properties

description
The description for the QoS policy.
String value expected.
Can be updated without replacement.
name
The name for the QoS policy.
String value expected.
Can be updated without replacement.
shared
Whether this QoS policy should be shared to other tenants.
Boolean value expected.
Can be updated without replacement.
Defaults to false
tenant_id
The owner tenant ID of this QoS policy.
String value expected.
Updates cause replacement.

Attributes

rules
A list of all rules for the QoS policy.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::QoSPolicy
    properties:
      description: String
      name: String
      shared: Boolean
      tenant_id: String

OS::Neutron::Quota

Available since 8.0.0 (Ocata)

A resource for managing neutron quotas.

Neutron Quota is used to manage operational limits for projects. Currently, this resource can manage Neutron’s quotas for:

  • subnet
  • network
  • floatingip
  • security_group_rule
  • security_group
  • router
  • port

Note that default neutron security policy usage of this resource is limited to being used by administrators only. Administrators should be careful to create only one Neutron Quota resource per project, otherwise it will be hard for them to manage the quota properly.

Required Properties

project
Name or id of the project to set the quota for.
String value expected.
Updates cause replacement.
Value must be of type keystone.project

Optional Properties

floatingip
Quota for the number of floating IPs. Setting -1 means unlimited.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
network
Quota for the number of networks. Setting -1 means unlimited.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
port
Quota for the number of ports. Setting -1 means unlimited.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
router
Quota for the number of routers. Setting -1 means unlimited.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
security_group
Quota for the number of security groups. Setting -1 means unlimited.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
security_group_rule
Quota for the number of security group rules. Setting -1 means unlimited.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
subnet
Quota for the number of subnets. Setting -1 means unlimited.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::Quota
    properties:
      floatingip: Integer
      network: Integer
      port: Integer
      project: String
      router: Integer
      security_group: Integer
      security_group_rule: Integer
      subnet: Integer

OS::Neutron::RBACPolicy

Available since 6.0.0 (Mitaka)

A Resource for managing RBAC policy in Neutron.

This resource creates and manages Neutron RBAC policy, which allows to share Neutron networks and qos-policies to subsets of tenants.

Required Properties

action
Action for the RBAC policy. The allowed actions differ for different object types - only network objects can have an access_as_external action.
String value expected.
Updates cause replacement.
Allowed values: access_as_shared, access_as_external
object_id
ID or name of the RBAC object.
String value expected.
Updates cause replacement.
object_type
Type of the object that RBAC policy affects.
String value expected.
Updates cause replacement.
Allowed values: network, qos_policy
target_tenant
ID of the tenant to which the RBAC policy will be enforced.
String value expected.
Can be updated without replacement.

Optional Properties

tenant_id
The owner tenant ID. Only required if the caller has an administrative role and wants to create a RBAC for another tenant.
String value expected.
Updates cause replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::RBACPolicy
    properties:
      action: String
      object_id: String
      object_type: String
      target_tenant: String
      tenant_id: String

OS::Neutron::Router

A resource that implements Neutron router.

Router is a physical or virtual network device that passes network traffic between different networks.

Optional Properties

admin_state_up
The administrative state of the router.
Boolean value expected.
Can be updated without replacement.
Defaults to true
distributed

Available since 2015.1 (Kilo)

Indicates whether or not to create a distributed router. NOTE: The default policy setting in Neutron restricts usage of this property to administrative users only. This property can not be used in conjunction with the L3 agent ID.
Boolean value expected.
Updates cause replacement.
external_gateway_info
External network gateway configuration for a router.
Map value expected.
Can be updated without replacement.
Map properties:
enable_snat
Optional.
Enables Source NAT on the router gateway. NOTE: The default policy setting in Neutron restricts usage of this property to administrative users only.
Boolean value expected.
Can be updated without replacement.
external_fixed_ips

Available since 6.0.0 (Mitaka)

External fixed IP addresses for the gateway.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
ip_address
Optional.
External fixed IP address.
String value expected.
Can be updated without replacement.
Value must be of type ip_addr
subnet
Optional.
Subnet of external fixed IP address.
String value expected.
Can be updated without replacement.
Value must be of type neutron.subnet
network
Required.
ID or name of the external network for the gateway.
String value expected.
Can be updated without replacement.
ha

Available since 2015.1 (Kilo)

Indicates whether or not to create a highly available router. NOTE: The default policy setting in Neutron restricts usage of this property to administrative users only. And now neutron do not support distributed and ha at the same time.
Boolean value expected.
Updates cause replacement.
l3_agent_ids

Available since 2015.1 (Kilo)

ID list of the L3 agent. User can specify multi-agents for highly available router. NOTE: The default policy setting in Neutron restricts usage of this property to administrative users only.
List value expected.
Can be updated without replacement.
List contents:
Optional.
String value expected.
Can be updated without replacement.
name
The name of the router.
String value expected.
Can be updated without replacement.
tags

Available since 9.0.0 (Pike)

The tags to be added to the router.
List value expected.
Can be updated without replacement.
List contents:
Optional.
String value expected.
Can be updated without replacement.
value_specs
Extra parameters to include in the creation request.
Map value expected.
Can be updated without replacement.
Defaults to {}

Attributes

admin_state_up
Administrative state of the router.
external_gateway_info
Gateway network for the router.
name
Friendly name of the router.
show
Detailed information about resource.
status
The status of the router.
tenant_id
Tenant owning the router.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::Router
    properties:
      admin_state_up: Boolean
      distributed: Boolean
      external_gateway_info: {"enable_snat": Boolean, "external_fixed_ips": [{"subnet": String, "ip_address": String}, {"subnet": String, "ip_address": String}, ...], "network": String}
      ha: Boolean
      l3_agent_ids: [String, String, ...]
      name: String
      tags: [String, String, ...]
      value_specs: {...}

OS::Neutron::RouterInterface

A resource for managing Neutron router interfaces.

Router interfaces associate routers with existing subnets or ports.

Required Properties

router
The router.
String value expected.
Updates cause replacement.
Value must be of type neutron.router

Optional Properties

port

Available since 2015.1 (Kilo)

The port, either subnet or port should be specified.
String value expected.
Updates cause replacement.
Value must be of type neutron.port
subnet
The subnet, either subnet or port should be specified.
String value expected.
Updates cause replacement.
Value must be of type neutron.subnet

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::RouterInterface
    properties:
      port: String
      router: String
      subnet: String

OS::Neutron::SecurityGroup

Available since 2014.1 (Icehouse)

A resource for managing Neutron security groups.

Security groups are sets of IP filter rules that are applied to an instance’s networking. They are project specific, and project members can edit the default rules for their group and add new rules sets. All projects have a “default” security group, which is applied to instances that have no other security group defined.

Optional Properties

description
Description of the security group.
String value expected.
Can be updated without replacement.
name
A string specifying a symbolic name for the security group, which is not required to be unique.
String value expected.
Can be updated without replacement.
rules
List of security group rules.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
direction
Optional.
The direction in which the security group rule is applied. For a compute instance, an ingress security group rule matches traffic that is incoming (ingress) for that instance. An egress rule is applied to traffic leaving the instance.
String value expected.
Can be updated without replacement.
Defaults to "ingress"
Allowed values: ingress, egress
ethertype
Optional.
Ethertype of the traffic.
String value expected.
Can be updated without replacement.
Defaults to "IPv4"
Allowed values: IPv4, IPv6
port_range_max
Optional.
The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
Integer value expected.
Can be updated without replacement.
The value must be in the range 0 to 65535.
port_range_min
Optional.
The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the value of the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
Integer value expected.
Can be updated without replacement.
The value must be in the range 0 to 65535.
protocol
Optional.
The protocol that is matched by the security group rule. Valid values include tcp, udp, and icmp.
String value expected.
Can be updated without replacement.
remote_group_id
Optional.
The remote group ID to be associated with this security group rule. If no value is specified then this rule will use this security group for the remote_group_id. The remote mode parameter must be set to “remote_group_id”.
String value expected.
Can be updated without replacement.
Value must be of type neutron.security_group
remote_ip_prefix
Optional.
The remote IP prefix (CIDR) to be associated with this security group rule.
String value expected.
Can be updated without replacement.
Value must be of type net_cidr
remote_mode
Optional.
Whether to specify a remote group or a remote IP prefix.
String value expected.
Can be updated without replacement.
Defaults to "remote_ip_prefix"
Allowed values: remote_ip_prefix, remote_group_id

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::SecurityGroup
    properties:
      description: String
      name: String
      rules: [{"remote_mode": String, "remote_ip_prefix": String, "protocol": String, "direction": String, "remote_group_id": String, "port_range_max": Integer, "port_range_min": Integer, "ethertype": String}, {"remote_mode": String, "remote_ip_prefix": String, "protocol": String, "direction": String, "remote_group_id": String, "port_range_max": Integer, "port_range_min": Integer, "ethertype": String}, ...]

OS::Neutron::SecurityGroupRule

Available since 7.0.0 (Newton)

A resource for managing Neutron security group rules.

Rules to use in security group resource.

Required Properties

security_group
Security group name or ID to add rule.
String value expected.
Updates cause replacement.
Value must be of type neutron.security_group

Optional Properties

description
Description of the security group rule.
String value expected.
Updates cause replacement.
direction
The direction in which the security group rule is applied. For a compute instance, an ingress security group rule matches traffic that is incoming (ingress) for that instance. An egress rule is applied to traffic leaving the instance.
String value expected.
Updates cause replacement.
Defaults to "ingress"
Allowed values: ingress, egress
ethertype
Ethertype of the traffic.
String value expected.
Updates cause replacement.
Defaults to "IPv4"
Allowed values: IPv4, IPv6
port_range_max
The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP code.
Integer value expected.
Updates cause replacement.
The value must be in the range 0 to 65535.
port_range_min
The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the value of the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
Integer value expected.
Updates cause replacement.
The value must be in the range 0 to 65535.
protocol
The protocol that is matched by the security group rule. Allowed values are ah, dccp, egp, esp, gre, icmp, icmpv6, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255].
String value expected.
Updates cause replacement.
Defaults to "tcp"
Allowed values: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, ah, dccp, egp, esp, gre, icmp, icmpv6, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp
remote_group
The remote group name or ID to be associated with this security group rule.
String value expected.
Updates cause replacement.
Value must be of type neutron.security_group
remote_ip_prefix
The remote IP prefix (CIDR) to be associated with this security group rule.
String value expected.
Updates cause replacement.
Value must be of type net_cidr

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::SecurityGroupRule
    properties:
      description: String
      direction: String
      ethertype: String
      port_range_max: Integer
      port_range_min: Integer
      protocol: String
      remote_group: String
      remote_ip_prefix: String
      security_group: String

OS::Neutron::Segment

Available since 9.0.0 (Pike)

A resource for Neutron Segment.

This requires enabling the segments service plug-in by appending ‘segments’ to the list of service_plugins in the neutron.conf.

The default policy usage of this resource is limited to administrators only.

Required Properties

network
The name/id of network to associate with this segment.
String value expected.
Updates cause replacement.
Value must be of type neutron.network
network_type
Type of network to associate with this segment.
String value expected.
Updates cause replacement.
Allowed values: local, vlan, vxlan, gre, geneve, flat

Optional Properties

description
Description of the segment.
String value expected.
Can be updated without replacement.
name
Name of the segment.
String value expected.
Can be updated without replacement.
physical_network
Name of physical network to associate with this segment.
String value expected.
Updates cause replacement.
segmentation_id
Segmentation ID for this segment.
Integer value expected.
Updates cause replacement.
The value must be at least 1.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::Segment
    properties:
      description: String
      name: String
      network: String
      network_type: String
      physical_network: String
      segmentation_id: Integer

OS::Neutron::Subnet

A resource for managing Neutron subnets.

A subnet represents an IP address block that can be used for assigning IP addresses to virtual instances. Each subnet must have a CIDR and must be associated with a network. IPs can be either selected from the whole subnet CIDR, or from “allocation pools” that can be specified by the user.

Required Properties

network

Available since 2014.2 (Juno)

The ID of the attached network.
String value expected.
Updates cause replacement.
Value must be of type neutron.network

Optional Properties

allocation_pools
The start and end addresses for the allocation pools.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
end
Required.
End address for the allocation pool.
String value expected.
Can be updated without replacement.
Value must be of type ip_addr
start
Required.
Start address for the allocation pool.
String value expected.
Can be updated without replacement.
Value must be of type ip_addr
cidr
The CIDR.
String value expected.
Updates cause replacement.
Value must be of type net_cidr
dns_nameservers
A specified set of DNS name servers to be used.
List value expected.
Can be updated without replacement.
Defaults to []
enable_dhcp
Set to true if DHCP is enabled and false if DHCP is disabled.
Boolean value expected.
Can be updated without replacement.
Defaults to true
gateway_ip
The gateway IP address. Set to any of [ null | ~ | “” ] to create/update a subnet without a gateway. If omitted when creation, neutron will assign the first free IP address within the subnet to the gateway automatically. If remove this from template when update, the old gateway IP address will be detached.
String value expected.
Can be updated without replacement.
host_routes
A list of host route dictionaries for the subnet.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
destination
Required.
The destination for static route.
String value expected.
Can be updated without replacement.
Value must be of type net_cidr
nexthop
Required.
The next hop for the destination.
String value expected.
Can be updated without replacement.
Value must be of type ip_addr
ip_version
The IP version, which is 4 or 6.
Integer value expected.
Updates cause replacement.
Defaults to 4
Allowed values: 4, 6
ipv6_address_mode

Available since 2015.1 (Kilo)

IPv6 address mode.
String value expected.
Updates cause replacement.
Allowed values: dhcpv6-stateful, dhcpv6-stateless, slaac
ipv6_ra_mode

Available since 2015.1 (Kilo)

IPv6 RA (Router Advertisement) mode.
String value expected.
Updates cause replacement.
Allowed values: dhcpv6-stateful, dhcpv6-stateless, slaac
name
The name of the subnet.
String value expected.
Can be updated without replacement.
prefixlen

Available since 6.0.0 (Mitaka)

Prefix length for subnet allocation from subnet pool.
Integer value expected.
Updates cause replacement.
The value must be at least 0.
segment

Available since 11.0.0 (Rocky) - Update allowed since version 11.0.0.

Available since 9.0.0 (Pike)

The name/ID of the segment to associate.
String value expected.
Can be updated without replacement.
Value must be of type neutron.segment
subnetpool

Available since 6.0.0 (Mitaka)

The name or ID of the subnet pool.
String value expected.
Updates cause replacement.
Value must be of type neutron.subnetpool
tags

Available since 9.0.0 (Pike)

The tags to be added to the subnet.
List value expected.
Can be updated without replacement.
List contents:
Optional.
String value expected.
Can be updated without replacement.
tenant_id
The ID of the tenant who owns the network. Only administrative users can specify a tenant ID other than their own.
String value expected.
Updates cause replacement.
value_specs
Extra parameters to include in the request.
Map value expected.
Can be updated without replacement.
Defaults to {}

Attributes

allocation_pools
Ip allocation pools and their ranges.
cidr
CIDR block notation for this subnet.
dns_nameservers
List of dns nameservers.
enable_dhcp
‘true’ if DHCP is enabled for this subnet; ‘false’ otherwise.
gateway_ip
Ip of the subnet’s gateway.
host_routes
Additional routes for this subnet.
ip_version
Ip version for the subnet.
name
Friendly name of the subnet.
network_id
Parent network of the subnet.
show
Detailed information about resource.
tenant_id
Tenant owning the subnet.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::Subnet
    properties:
      allocation_pools: [{"end": String, "start": String}, {"end": String, "start": String}, ...]
      cidr: String
      dns_nameservers: [Value, Value, ...]
      enable_dhcp: Boolean
      gateway_ip: String
      host_routes: [{"nexthop": String, "destination": String}, {"nexthop": String, "destination": String}, ...]
      ip_version: Integer
      ipv6_address_mode: String
      ipv6_ra_mode: String
      name: String
      network: String
      prefixlen: Integer
      segment: String
      subnetpool: String
      tags: [String, String, ...]
      tenant_id: String
      value_specs: {...}

OS::Neutron::SubnetPool

Available since 6.0.0 (Mitaka)

A resource that implements neutron subnet pool.

This resource can be used to create a subnet pool with a large block of addresses and create subnets from it.

Required Properties

prefixes
List of subnet prefixes to assign.
List value expected.
Can be updated without replacement.
The length must be at least 1.
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type net_cidr

Optional Properties

address_scope
An address scope ID to assign to the subnet pool.
String value expected.
Can be updated without replacement.
Value must be of type neutron.address_scope
default_prefixlen
The size of the prefix to allocate when the cidr or prefixlen attributes are not specified while creating a subnet.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
default_quota
A per-tenant quota on the prefix space that can be allocated from the subnet pool for tenant subnets.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
is_default
Whether this is default IPv4/IPv6 subnet pool. There can only be one default subnet pool for each IP family. Note that the default policy setting restricts administrative users to set this to True.
Boolean value expected.
Can be updated without replacement.
Defaults to false
max_prefixlen
Maximum prefix size that can be allocated from the subnet pool.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
min_prefixlen
Smallest prefix size that can be allocated from the subnet pool.
Integer value expected.
Can be updated without replacement.
The value must be at least 0.
name
Name of the subnet pool.
String value expected.
Can be updated without replacement.
shared
Whether the subnet pool will be shared across all tenants. Note that the default policy setting restricts usage of this attribute to administrative users only.
Boolean value expected.
Updates cause replacement.
Defaults to false
tags

Available since 9.0.0 (Pike)

The tags to be added to the subnetpool.
List value expected.
Can be updated without replacement.
List contents:
Optional.
String value expected.
Can be updated without replacement.
tenant_id
The ID of the tenant who owns the subnet pool. Only administrative users can specify a tenant ID other than their own.
String value expected.
Updates cause replacement.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::SubnetPool
    properties:
      address_scope: String
      default_prefixlen: Integer
      default_quota: Integer
      is_default: Boolean
      max_prefixlen: Integer
      min_prefixlen: Integer
      name: String
      prefixes: [String, String, ...]
      shared: Boolean
      tags: [String, String, ...]
      tenant_id: String

OS::Neutron::Trunk

Available since 9.0.0 (Pike)

A resource for managing Neutron trunks.

Requires Neutron Trunk Extension to be enabled:

$ openstack extension show trunk

The network trunk service allows multiple networks to be connected to an instance using a single virtual NIC (vNIC). Multiple networks can be presented to an instance by connecting the instance to a single port.

Users can create a port, associate it with a trunk (as the trunk’s parent) and launch an instance on that port. Users can dynamically attach and detach additional networks without disrupting operation of the instance.

Every trunk has a parent port and can have any number (0, 1, …) of subports. The parent port is the port that the instance is directly associated with and its traffic is always untagged inside the instance. Users must specify the parent port of the trunk when launching an instance attached to a trunk.

A network presented by a subport is the network of the associated port. When creating a subport, a segmentation_type and segmentation_id may be required by the driver so the user can distinguish the networks inside the instance. As of release Pike only segmentation_type vlan is supported. segmentation_id defines the segmentation ID on which the subport network is presented to the instance.

Note that some Neutron backends (primarily Open vSwitch) only allow trunk creation before an instance is booted on the parent port. To avoid a possible race condition when booting an instance with a trunk it is strongly recommended to refer to the trunk’s parent port indirectly in the template via get_attr. For example:

trunk:
  type: OS::Neutron::Trunk
  properties:
    port: ...
instance:
  type: OS::Nova::Server
  properties:
    networks:
      - { port: { get_attr: [trunk, port_id] } }

Though other Neutron backends may tolerate the direct port reference (and the possible reverse ordering of API requests implied) it’s a good idea to avoid writing Neutron backend specific templates.

Required Properties

port
ID or name of a port to be used as a parent port.
String value expected.
Updates are not supported. Resource update will fail on any attempt to update this property.
Value must be of type neutron.port

Optional Properties

admin_state_up
Enable/disable subport addition, removal and trunk delete.
Boolean value expected.
Can be updated without replacement.
description
Description for the trunk.
String value expected.
Can be updated without replacement.
name
A string specifying a symbolic name for the trunk, which is not required to be uniqe.
String value expected.
Can be updated without replacement.
sub_ports
List with 0 or more map elements containing subport details.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
port
Required.
ID or name of a port to be used as a subport.
String value expected.
Can be updated without replacement.
Value must be of type neutron.port
segmentation_id
Required.
The segmentation ID on which the subport network is presented to the instance.
Integer value expected.
Can be updated without replacement.
The value must be in the range 1 to 4094.
segmentation_type
Required.
Segmentation type to be used on the subport.
String value expected.
Can be updated without replacement.
Allowed values: vlan

Attributes

port_id
ID or name of a port used as a parent port.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::Trunk
    properties:
      admin_state_up: Boolean
      description: String
      name: String
      port: String
      sub_ports: [{"segmentation_id": Integer, "port": String, "segmentation_type": String}, {"segmentation_id": Integer, "port": String, "segmentation_type": String}, ...]

OS::Neutron::VPNService

A resource for VPN service in Neutron.

VPN service is a high level object that associates VPN with a specific subnet and router.

Required Properties

router

Available since 2015.1 (Kilo)

The router to which the vpn service will be inserted.
String value expected.
Updates cause replacement.
Value must be of type neutron.router
subnet

Available since 2014.2 (Juno)

Subnet in which the vpn service will be created.
String value expected.
Updates cause replacement.
Value must be of type neutron.subnet

Optional Properties

admin_state_up
Administrative state for the vpn service.
Boolean value expected.
Can be updated without replacement.
Defaults to true
description
Description for the vpn service.
String value expected.
Can be updated without replacement.
name
Name for the vpn service.
String value expected.
Can be updated without replacement.

Attributes

admin_state_up
The administrative state of the vpn service.
description
The description of the vpn service.
name
The name of the vpn service.
router_id
The unique identifier of the router to which the vpn service was inserted.
show
Detailed information about resource.
status
The status of the vpn service.
subnet_id
The unique identifier of the subnet in which the vpn service was created.
tenant_id
The unique identifier of the tenant owning the vpn service.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Neutron::VPNService
    properties:
      admin_state_up: Boolean
      description: String
      name: String
      router: String
      subnet: String

OS::Nova::Flavor

Available since 2014.2 (Juno)

A resource for creating OpenStack virtual hardware templates.

Due to default nova security policy usage of this resource is limited to being used by administrators only. The rights may also be delegated to other users by redefining the access controls on the nova-api server.

Note that the current implementation of the Nova Flavor resource does not allow specifying the name and flavorid properties for the resource. This is done to avoid potential naming collision upon flavor creation as all flavor have a global scope.

Required Properties

ram
Memory in MB for the flavor.
Integer value expected.
Updates cause replacement.
vcpus
Number of VCPUs for the flavor.
Integer value expected.
Updates cause replacement.

Optional Properties

disk
Size of local disk in GB. The “0” size is a special case that uses the native base image size as the size of the ephemeral root volume.
Integer value expected.
Updates cause replacement.
Defaults to 0
ephemeral
Size of a secondary ephemeral data disk in GB.
Integer value expected.
Updates cause replacement.
Defaults to 0
extra_specs
Key/Value pairs to extend the capabilities of the flavor.
Map value expected.
Can be updated without replacement.
flavorid

Available since 7.0.0 (Newton)

Unique ID of the flavor. If not specified, an UUID will be auto generated and used.
String value expected.
Updates cause replacement.
is_public

Available since 6.0.0 (Mitaka)

Scope of flavor accessibility. Public or private. Default value is True, means public, shared across all projects.
Boolean value expected.
Updates cause replacement.
Defaults to true
name

Available since 7.0.0 (Newton)

Name of the flavor.
String value expected.
Updates cause replacement.
rxtx_factor
RX/TX factor.
Number value expected.
Updates cause replacement.
Defaults to 1.0
swap
Swap space in MB.
Integer value expected.
Updates cause replacement.
Defaults to 0
tenants

Available since 8.0.0 (Ocata)

List of tenants.
List value expected.
Can be updated without replacement.
Defaults to []
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type keystone.project

Attributes

extra_specs

Available since 7.0.0 (Newton)

Extra specs of the flavor in key-value pairs.

is_public

Available since 6.0.0 (Mitaka)

Whether the flavor is shared across all projects.

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Nova::Flavor
    properties:
      disk: Integer
      ephemeral: Integer
      extra_specs: {...}
      flavorid: String
      is_public: Boolean
      name: String
      ram: Integer
      rxtx_factor: Number
      swap: Integer
      tenants: [String, String, ...]
      vcpus: Integer

OS::Nova::HostAggregate

Available since 6.0.0 (Mitaka)

A resource for further partition an availability zone with hosts.

While availability zones are visible to users, host aggregates are only visible to administrators. Host aggregates started out as a way to use Xen hypervisor resource pools, but has been generalized to provide a mechanism to allow administrators to assign key-value pairs to groups of machines. Each node can have multiple aggregates, each aggregate can have multiple key-value pairs, and the same key-value pair can be assigned to multiple aggregate. This information can be used in the scheduler to enable advanced scheduling, to set up xen hypervisor resources pools or to define logical groups for migration.

Required Properties

availability_zone
Name for the availability zone.
String value expected.
Can be updated without replacement.
name
Name for the aggregate.
String value expected.
Can be updated without replacement.

Optional Properties

hosts
List of hosts to join aggregate.
List value expected.
Can be updated without replacement.
List contents:
Optional.
String value expected.
Can be updated without replacement.
Value must be of type nova.host
metadata
Arbitrary key/value metadata to store information for aggregate.
Map value expected.
Can be updated without replacement.
Defaults to {}

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Nova::HostAggregate
    properties:
      availability_zone: String
      hosts: [String, String, ...]
      metadata: {...}
      name: String

OS::Nova::KeyPair

Available since 2014.1 (Icehouse)

A resource for creating Nova key pairs.

A keypair is a ssh key that can be injected into a server on launch.

Note that if a new key is generated setting save_private_key to True results in the system saving the private key which can then be retrieved via the private_key attribute of this resource.

Setting the public_key property means that the private_key attribute of this resource will always return an empty string regardless of the save_private_key setting since there will be no private key data to save.

Required Properties

name
The name of the key pair.
String value expected.
Updates cause replacement.
The length must be in the range 1 to 255.

Optional Properties

public_key
The optional public key. This allows users to supply the public key from a pre-existing key pair. If not supplied, a new key pair will be generated.
String value expected.
Updates cause replacement.
save_private_key
True if the system should remember a generated private key; False otherwise.
Boolean value expected.
Updates cause replacement.
Defaults to false
type

Available since 8.0.0 (Ocata)

Keypair type. Supported since Nova api version 2.2.
String value expected.
Updates cause replacement.
Allowed values: ssh, x509
user

Available since 9.0.0 (Pike)

ID or name of user to whom to add key-pair. The usage of this property is limited to being used by administrators only. Supported since Nova api version 2.10.
String value expected.
Updates cause replacement.
Value must be of type keystone.user

Attributes

private_key
The private key if it has been saved.
public_key
The public key.
show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Nova::KeyPair
    properties:
      name: String
      public_key: String
      save_private_key: Boolean
      type: String
      user: String

OS::Nova::Quota

Available since 8.0.0 (Ocata)

A resource for creating nova quotas.

Nova Quota is used to manage operational limits for projects. Currently, this resource can manage Nova’s quotas for:

  • cores
  • fixed_ips
  • floating_ips
  • instances
  • injected_files
  • injected_file_content_bytes
  • injected_file_path_bytes
  • key_pairs
  • metadata_items
  • ram
  • security_groups
  • security_group_rules
  • server_groups
  • server_group_members

Note that default nova security policy usage of this resource is limited to being used by administrators only. Administrators should be careful to create only one Nova Quota resource per project, otherwise it will be hard for them to manage the quota properly.

Required Properties

project
Name or id of the project to set the quota for.
String value expected.
Updates cause replacement.
Value must be of type keystone.project

Optional Properties

cores
Quota for the number of cores. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
fixed_ips
Quota for the number of fixed IPs. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
floating_ips
Quota for the number of floating IPs. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
injected_file_content_bytes
Quota for the number of injected file content bytes. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
injected_file_path_bytes
Quota for the number of injected file path bytes. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
injected_files
Quota for the number of injected files. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
instances
Quota for the number of instances. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
key_pairs
Quota for the number of key pairs. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
metadata_items
Quota for the number of metadata items. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
ram
Quota for the amount of ram (in megabytes). Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
security_group_rules
Quota for the number of security group rules. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
security_groups
Quota for the number of security groups. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
server_group_members
Quota for the number of server group members. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.
server_groups
Quota for the number of server groups. Setting the value to -1 removes the limit.
Integer value expected.
Can be updated without replacement.
The value must be at least -1.

Attributes

show
Detailed information about resource.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Nova::Quota
    properties:
      cores: Integer
      fixed_ips: Integer
      floating_ips: Integer
      injected_file_content_bytes: Integer
      injected_file_path_bytes: Integer
      injected_files: Integer
      instances: Integer
      key_pairs: Integer
      metadata_items: Integer
      project: String
      ram: Integer
      security_group_rules: Integer
      security_groups: Integer
      server_group_members: Integer
      server_groups: Integer

OS::Nova::Server

A resource for managing Nova instances.

A Server resource manages the running virtual machine instance within an OpenStack cloud.

Required Properties

flavor
The ID or name of the flavor to boot onto.
String value expected.
Can be updated without replacement.
Value must be of type nova.flavor

Optional Properties

admin_pass
The administrator password for the server.
String value expected.
Can be updated without replacement.
availability_zone
Name of the availability zone for server placement.
String value expected.
Updates cause replacement.
block_device_mapping
Block device mappings for this server.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
delete_on_termination
Optional.
Indicate whether the volume should be deleted when the server is terminated.
Boolean value expected.
Updates cause replacement.
device_name
Required.
A device name where the volume will be attached in the system at /dev/device_name. This value is typically vda.
String value expected.
Updates cause replacement.
snapshot_id
Optional.
The ID of the snapshot to create a volume from.
String value expected.
Updates cause replacement.
Value must be of type cinder.snapshot
volume_id
Optional.
The ID of the volume to boot from. Only one of volume_id or snapshot_id should be provided.
String value expected.
Updates cause replacement.
Value must be of type cinder.volume
volume_size
Optional.
The size of the volume, in GB. It is safe to leave this blank and have the Compute service infer the size.
Integer value expected.
Updates cause replacement.
block_device_mapping_v2

Available since 2015.1 (Kilo)

Block device mappings v2 for this server.
List value expected.
Updates cause replacement.
List contents:
Map value expected.
Updates cause replacement.
Map properties:
boot_index
Optional.
Integer used for ordering the boot disks. If it is not specified, value “0” will be set for bootable sources (volume, snapshot, image); value “-1” will be set for non-bootable sources.
Integer value expected.
Updates cause replacement.
delete_on_termination
Optional.
Indicate whether the volume should be deleted when the server is terminated.
Boolean value expected.
Updates cause replacement.
device_name
Optional.
A device name where the volume will be attached in the system at /dev/device_name. This value is typically vda.
String value expected.
Updates cause replacement.
device_type
Optional.
Device type: at the moment we can make distinction only between disk and cdrom.
String value expected.
Updates cause replacement.
Allowed values: cdrom, disk
disk_bus
Optional.
Bus of the device: hypervisor driver chooses a suitable default if omitted.
String value expected.
Updates cause replacement.
Allowed values: ide, lame_bus, scsi, usb, virtio
ephemeral_format

Available since 8.0.0 (Ocata)

Optional.
The format of the local ephemeral block device. If no format is specified, uses default value, defined in nova configuration file.
String value expected.
Updates cause replacement.
Allowed values: ext2, ext3, ext4, xfs, ntfs
ephemeral_size

Available since 8.0.0 (Ocata)

Optional.
The size of the local ephemeral block device, in GB.
Integer value expected.
Updates cause replacement.
The value must be at least 1.
image

Available since 7.0.0 (Newton)

Optional.
The ID or name of the image to create a volume from.
String value expected.
Updates cause replacement.
Value must be of type glance.image
snapshot_id
Optional.
The ID of the snapshot to create a volume from.
String value expected.
Updates cause replacement.
Value must be of type cinder.snapshot
swap_size
Optional.
The size of the swap, in MB.
Integer value expected.
Updates cause replacement.
volume_id
Optional.
The volume_id can be boot or non-boot device to the server.
String value expected.
Updates cause replacement.
Value must be of type cinder.volume
volume_size
Optional.
Size of the block device in GB. If it is omitted, hypervisor driver calculates size.
Integer value expected.
Updates cause replacement.
config_drive
If True, enable config drive on the server.
Boolean value expected.
Updates cause replacement.
deployment_swift_data

Available since 9.0.0 (Pike)

Swift container and object to use for storing deployment data for the server resource. The parameter is a map value with the keys “container” and “object”, and the values are the corresponding container and object names. The software_config_transport parameter must be set to POLL_TEMP_URL for swift to be used. If not specified, and software_config_transport is set to POLL_TEMP_URL, a container will be automatically created from the resource name, and the object name will be a generated uuid.
Map value expected.
Can be updated without replacement.
Defaults to {}
Map properties:
container
Optional.
Name of the container.
String value expected.
Can be updated without replacement.
The length must be at least 1.
object
Optional.
Name of the object.
String value expected.
Can be updated without replacement.
The length must be at least 1.
diskConfig
Control how the disk is partitioned when the server is created.
String value expected.
Updates cause replacement.
Allowed values: AUTO, MANUAL
flavor_update_policy
Policy on how to apply a flavor update; either by requesting a server resize or by replacing the entire server.
String value expected.
Can be updated without replacement.
Defaults to "RESIZE"
Allowed values: RESIZE, REPLACE
image
The ID or name of the image to boot with.
String value expected.
Can be updated without replacement.
Value must be of type glance.image
image_update_policy
Policy on how to apply an image-id update; either by requesting a server rebuild or by replacing the entire server.
String value expected.
Can be updated without replacement.
Defaults to "REBUILD"
Allowed values: REBUILD, REPLACE, REBUILD_PRESERVE_EPHEMERAL
key_name
Name of keypair to inject into the server.
String value expected.
Updates cause replacement.
Value must be of type nova.keypair
metadata
Arbitrary key/value metadata to store for this server. Both keys and values must be 255 characters or less. Non-string values will be serialized to JSON (and the serialized string must be 255 characters or less).
Map value expected.
Can be updated without replacement.
Defaults to {}
name
Server name.
String value expected.
Can be updated without replacement.
networks
An ordered list of nics to be added to this server, with information about connected networks, fixed ips, port etc.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
allocate_network

Available since 9.0.0 (Pike)

Optional.
The special string values of network, auto: means either a network that is already available to the project will be used, or if one does not exist, will be automatically created for the project; none: means no networking will be allocated for the created server. Supported by Nova API since version “2.37”. This property can not be used with other network keys.
String value expected.
Can be updated without replacement.
Allowed values: none, auto
fixed_ip
Optional.
Fixed IP address to specify for the port created on the requested network.
String value expected.
Can be updated without replacement.
Value must be of type ip_addr
floating_ip

Available since 6.0.0 (Mitaka)

Optional.
ID of the floating IP to associate.
String value expected.
Can be updated without replacement.
network
Optional.
Name or ID of network to create a port on.
String value expected.
Can be updated without replacement.
Value must be of type neutron.network
port
Optional.
ID of an existing port to associate with this server.
String value expected.
Can be updated without replacement.
Value must be of type neutron.port
port_extra_properties

Available since 6.0.0 (Mitaka)

Dict, which has expand properties for port. Used only if port property is not specified for creating port.
Map value expected.
Can be updated without replacement.
Map properties:
admin_state_up
Optional.
The administrative state of this port.
Boolean value expected.
Can be updated without replacement.
Defaults to true
allowed_address_pairs
Additional MAC/IP address pairs allowed to pass through the port.
List value expected.
Can be updated without replacement.
List contents:
Map value expected.
Can be updated without replacement.
Map properties:
ip_address
Required.
IP address to allow through this port.
String value expected.
Can be updated without replacement.
Value must be of type net_cidr
mac_address
Optional.
MAC address to allow through this port.
String value expected.
Can be updated without replacement.
Value must be of type mac_addr
binding:vnic_type

Available since 2015.1 (Kilo)

Optional.
The vnic type to be bound on the neutron port. To support SR-IOV PCI passthrough networking, you can request that the neutron port to be realized as normal (virtual nic), direct (pci passthrough), or macvtap (virtual interface with a tap-like software interface). Note that this only works for Neutron deployments that support the bindings extension.
String value expected.
Can be updated without replacement.
Defaults to "normal"
Allowed values: normal, direct, macvtap, direct-physical, baremetal
mac_address
Optional.
MAC address to give to this port. The default update policy of this property in neutron is that allow admin role only.
String value expected.
Can be updated without replacement.
Value must be of type mac_addr
port_security_enabled

Available since 5.0.0 (Liberty)

Optional.
Flag to enable/disable port security on the port. When disable this feature(set it to False), there will be no packages filtering, like security-group and address-pairs.
Boolean value expected.
Can be updated without replacement.
qos_policy

Available since 6.0.0 (Mitaka)

Optional.
The name or ID of QoS policy to attach to this port.
String value expected.
Can be updated without replacement.
Value must be of type neutron.qos_policy
value_specs
Extra parameters to include in the request.
Map value expected.
Can be updated without replacement.
Defaults to {}
subnet

Available since 5.0.0 (Liberty)

Optional.
Subnet in which to allocate the IP address for port. Used for creating port, based on derived properties. If subnet is specified, network property becomes optional.
String value expected.
Can be updated without replacement.
tag

Available since 9.0.0 (Pike)

Optional.
Port tag. Heat ignores any update on this property as nova does not support it.
String value expected.
Can be updated without replacement.
personality
A map of files to create/overwrite on the server upon boot. Keys are file names and values are the file contents.
Map value expected.
Updates cause replacement.
Defaults to {}
reservation_id
A UUID for the set of servers being requested.
String value expected.
Updates cause replacement.
scheduler_hints
Arbitrary key-value pairs specified by the client to help boot a server.
Map value expected.
Updates cause replacement.
security_groups
List of security group names or IDs. Cannot be used if neutron ports are associated with this server; assign security groups to the ports instead.
List value expected.
Updates cause replacement.
Defaults to []
software_config_transport
How the server should receive the metadata required for software configuration. POLL_SERVER_CFN will allow calls to the cfn API action DescribeStackResource authenticated with the provided keypair. POLL_SERVER_HEAT will allow calls to the Heat API resource-show using the provided keystone credentials. POLL_TEMP_URL will create and populate a Swift TempURL with metadata for polling. ZAQAR_MESSAGE will create a dedicated zaqar queue and post the metadata for polling.
String value expected.
Can be updated without replacement.
Defaults to "POLL_SERVER_CFN"
Allowed values: POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE
tags

Available since 8.0.0 (Ocata)

Server tags. Supported since client version 2.26.
List value expected.
Can be updated without replacement.
List contents:
Optional.
String value expected.
Can be updated without replacement.
user_data
User data script to be executed by cloud-init. Changes cause replacement of the resource by default, but can be ignored altogether by setting the `user_data_update_policy` property.
String value expected.
Can be updated without replacement.
Defaults to ""
user_data_format
How the user_data should be formatted for the server. For HEAT_CFNTOOLS, the user_data is bundled as part of the heat-cfntools cloud-init boot configuration data. For RAW the user_data is passed to Nova unmodified. For SOFTWARE_CONFIG user_data is bundled as part of the software config data, and metadata is derived from any associated SoftwareDeployment resources.
String value expected.
Updates cause replacement.
Defaults to "HEAT_CFNTOOLS"
Allowed values: HEAT_CFNTOOLS, RAW, SOFTWARE_CONFIG
user_data_update_policy

Available since 6.0.0 (Mitaka)

Policy on how to apply a user_data update; either by ignoring it or by replacing the entire server.
String value expected.
Can be updated without replacement.
Defaults to "REPLACE"
Allowed values: REPLACE, IGNORE

Attributes

accessIPv4
The manually assigned alternative public IPv4 address of the server.
accessIPv6
The manually assigned alternative public IPv6 address of the server.
addresses

Available since 11.0.0 (Rocky) - The attribute was extended to include subnets and network with version 11.0.0.

A dict of all network addresses with corresponding port_id and subnets. Each network will have two keys in dict, they are network name and network id. The port ID may be obtained through the following expression: ``{get_attr: [<server>, addresses, <network name_or_id>, 0, port]}``. The subnets may be obtained trough the following expression: ``{get_attr: [<server>, addresses, <network name_or_id>, 0, subnets]}``. The network may be obtained through the following expression: ``{get_attr: [<server>, addresses, <network name_or_id>, 0, network]}``.

console_urls

Available since 2015.1 (Kilo)

URLs of server’s consoles. To get a specific console type, the requested type can be specified as parameter to the get_attr function, e.g. get_attr: [ <server>, console_urls, novnc ]. Currently supported types are novnc, xvpvnc, spice-html5, rdp-html5, serial and webmks.

instance_name
AWS compatible instance name.
name
Name of the server.
networks
A dict of assigned network addresses of the form: {“public”: [ip1, ip2…], “private”: [ip3, ip4], “public_uuid”: [ip1, ip2…], “private_uuid”: [ip3, ip4]}. Each network will have two keys in dict, they are network name and network id.
os_collect_config

Available since 9.0.0 (Pike)

The os-collect-config configuration for the server’s local agent to be configured to connect to Heat to retrieve deployment data.

show
Detailed information about resource.
tags

Available since 8.0.0 (Ocata)

Tags from the server. Supported since client version 2.26.

HOT Syntax

heat_template_version: 2015-04-30
...
resources:
  ...
  the_resource:
    type: OS::Nova::Server
    properties:
      admin_pass: String
      availability_zone: String
      block_device_mapping: [{"volume_size": Integer, "device_name": String, "delete_on_termination": Boolean, "snapshot_id": String, "volume_id": String}, {"volume_size": Integer, "device_name": String, "delete_on_termination": Boolean, "snapshot_id": String, "volume_id": String}, ...]
      block_device_mapping_v2: [{"swap_size":