1 heat_template_version: pike
4 OpenStack Neutron Server configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
24 Sets the number of API and RPC workers for the Neutron service.
25 The default value results in the configuration being left unset
26 and a system-dependent default will be chosen (usually the number
27 of processors). Please note that this can result in a large number
28 of processes and memory consumption on systems with a large core
29 count. On such systems it is recommended that a non-default value
30 be selected that matches the load requirements.
33 description: The password for the neutron service and db account, used by neutron agents.
36 NeutronAllowL3AgentFailover:
38 description: Allow automatic l3-agent failover
41 description: The password for the nova service and db account, used by nova-api.
45 description: Enable Neutron DVR.
51 description: Keystone region for endpoint
52 MonitoringSubscriptionNeutronServer:
53 default: 'overcloud-neutron-server'
55 NeutronApiLoggingSource:
58 tag: openstack.neutron.api
59 path: /var/log/neutron/server.log
65 A hash of policies to configure for Neutron API.
66 e.g. { neutron-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
70 # DEPRECATED: the following options are deprecated and are currently maintained
71 # for backwards compatibility. They will be removed in the Ocata cycle.
76 Whether to enable HA for virtual routers. When not set, L3 HA will be
77 automatically enabled if the number of nodes hosting controller
78 configurations and DVR is disabled. Valid values are 'true' or 'false'
79 This parameter is being deprecated in Newton and is scheduled to be
80 removed in Ocata. Future releases will enable L3 HA by default if it is
81 appropriate for the deployment type. Alternate mechanisms will be
82 available to override.
86 The following parameters are deprecated and will be removed. They should not
87 be relied on for new deployments. If you have concerns regarding deprecated
88 parameters, please contact the TripleO development team on IRC or the
89 OpenStack mailing list.
94 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
95 neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
100 type: OS::TripleO::Services::TLSProxyBase
102 ServiceNetMap: {get_param: ServiceNetMap}
103 DefaultPasswords: {get_param: DefaultPasswords}
104 EndpointMap: {get_param: EndpointMap}
105 EnableInternalTLS: {get_param: EnableInternalTLS}
108 type: ./neutron-base.yaml
110 ServiceNetMap: {get_param: ServiceNetMap}
111 DefaultPasswords: {get_param: DefaultPasswords}
112 EndpointMap: {get_param: EndpointMap}
116 description: Role data for the Neutron Server agent service.
118 service_name: neutron_api
119 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
120 logging_source: {get_param: NeutronApiLoggingSource}
125 - get_attr: [NeutronBase, role_data, config_settings]
126 - get_attr: [TLSProxyBase, role_data, config_settings]
127 - neutron::server::database_connection:
129 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
131 password: {get_param: NeutronPassword}
132 host: {get_param: [EndpointMap, MysqlInternal, host]}
135 read_default_file: /etc/my.cnf.d/tripleo.cnf
136 read_default_group: tripleo
137 neutron::policy::policies: {get_param: NeutronApiPolicies}
138 neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
139 neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
140 neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
141 neutron::server::enable_proxy_headers_parsing: true
142 neutron::keystone::authtoken::password: {get_param: NeutronPassword}
143 neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
144 neutron::server::notifications::tenant_name: 'service'
145 neutron::server::notifications::project_name: 'service'
146 neutron::server::notifications::password: {get_param: NovaPassword}
147 neutron::keystone::authtoken::project_name: 'service'
148 neutron::keystone::authtoken::user_domain_name: 'Default'
149 neutron::keystone::authtoken::project_domain_name: 'Default'
150 neutron::server::sync_db: true
151 tripleo.neutron_api.firewall_rules:
156 neutron::server::router_distributed: {get_param: NeutronEnableDVR}
157 # NOTE: bind IP is found in Heat replacing the network name with the local node IP
158 # for the given network; replacement examples (eg. for internal_api):
160 # internal_api_uri -> [IP]
161 # internal_api_subnet - > IP/CIDR
162 tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
163 get_param: [ServiceNetMap, NeutronApiNetwork]
164 tripleo::profile::base::neutron::server::tls_proxy_fqdn:
167 "%{hiera('fqdn_$NETWORK')}"
169 $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
170 tripleo::profile::base::neutron::server::tls_proxy_port:
171 get_param: [EndpointMap, NeutronInternal, port]
172 # Bind to localhost if internal TLS is enabled, since we put a TLS
178 - {get_param: [ServiceNetMap, NeutronApiNetwork]}
179 tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
182 - neutron_workers_unset
184 - neutron::server::api_workers: {get_param: NeutronWorkers}
185 neutron::server::rpc_workers: {get_param: NeutronWorkers}
187 include tripleo::profile::base::neutron::server
188 service_config_settings:
190 neutron::keystone::auth::tenant: 'service'
191 neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
192 neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
193 neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
194 neutron::keystone::auth::password: {get_param: NeutronPassword}
195 neutron::keystone::auth::region: {get_param: KeystoneRegion}
197 neutron::db::mysql::password: {get_param: NeutronPassword}
198 neutron::db::mysql::user: neutron
199 neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
200 neutron::db::mysql::dbname: ovs_neutron
201 neutron::db::mysql::allowed_hosts:
203 - "%{hiera('mysql_bind_host')}"
205 - name: Check if neutron_server is deployed
206 command: systemctl is-enabled neutron-server
209 register: neutron_server_enabled
210 - name: "PreUpgrade step0,validation: Check service neutron-server is running"
211 shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
212 when: neutron_server_enabled.rc == 0
213 tags: step0,validation
214 - name: Stop neutron_api service
216 when: neutron_server_enabled.rc == 0
217 service: name=neutron-server state=stopped
219 get_attr: [TLSProxyBase, role_data, metadata_settings]