1 heat_template_version: pike
4 OpenStack Neutron Server configured with Puppet
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
36 Sets the number of API and RPC workers for the Neutron service.
37 The default value results in the configuration being left unset
38 and a system-dependent default will be chosen (usually the number
39 of processors). Please note that this can result in a large number
40 of processes and memory consumption on systems with a large core
41 count. On such systems it is recommended that a non-default value
42 be selected that matches the load requirements.
45 description: The password for the neutron service and db account, used by neutron agents.
48 NeutronAllowL3AgentFailover:
50 description: Allow automatic l3-agent failover
53 description: The password for the nova service and db account
57 description: Enable Neutron DVR.
63 description: Keystone region for endpoint
64 MonitoringSubscriptionNeutronServer:
65 default: 'overcloud-neutron-server'
67 NeutronApiLoggingSource:
70 tag: openstack.neutron.api
71 path: /var/log/neutron/server.log
77 A hash of policies to configure for Neutron API.
78 e.g. { neutron-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
82 # DEPRECATED: the following options are deprecated and are currently maintained
83 # for backwards compatibility. They will be removed in the Ocata cycle.
88 Whether to enable HA for virtual routers. When not set, L3 HA will be
89 automatically enabled if the number of nodes hosting controller
90 configurations and DVR is disabled. Valid values are 'true' or 'false'
91 This parameter is being deprecated in Newton and is scheduled to be
92 removed in Ocata. Future releases will enable L3 HA by default if it is
93 appropriate for the deployment type. Alternate mechanisms will be
94 available to override.
98 The following parameters are deprecated and will be removed. They should not
99 be relied on for new deployments. If you have concerns regarding deprecated
100 parameters, please contact the TripleO development team on IRC or the
101 OpenStack mailing list.
106 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
107 neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
112 type: OS::TripleO::Services::TLSProxyBase
114 ServiceData: {get_param: ServiceData}
115 ServiceNetMap: {get_param: ServiceNetMap}
116 DefaultPasswords: {get_param: DefaultPasswords}
117 EndpointMap: {get_param: EndpointMap}
118 RoleName: {get_param: RoleName}
119 RoleParameters: {get_param: RoleParameters}
120 EnableInternalTLS: {get_param: EnableInternalTLS}
123 type: ./neutron-base.yaml
125 ServiceData: {get_param: ServiceData}
126 ServiceNetMap: {get_param: ServiceNetMap}
127 DefaultPasswords: {get_param: DefaultPasswords}
128 EndpointMap: {get_param: EndpointMap}
129 RoleName: {get_param: RoleName}
130 RoleParameters: {get_param: RoleParameters}
134 description: Role data for the Neutron Server agent service.
136 service_name: neutron_api
137 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
138 logging_source: {get_param: NeutronApiLoggingSource}
143 - get_attr: [NeutronBase, role_data, config_settings]
144 - get_attr: [TLSProxyBase, role_data, config_settings]
145 - neutron::server::database_connection:
147 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
149 password: {get_param: NeutronPassword}
150 host: {get_param: [EndpointMap, MysqlInternal, host]}
153 read_default_file: /etc/my.cnf.d/tripleo.cnf
154 read_default_group: tripleo
155 neutron::policy::policies: {get_param: NeutronApiPolicies}
156 neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
157 neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
158 neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
159 neutron::server::enable_proxy_headers_parsing: true
160 neutron::keystone::authtoken::password: {get_param: NeutronPassword}
161 neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
162 neutron::server::notifications::tenant_name: 'service'
163 neutron::server::notifications::project_name: 'service'
164 neutron::server::notifications::password: {get_param: NovaPassword}
165 neutron::keystone::authtoken::project_name: 'service'
166 neutron::keystone::authtoken::user_domain_name: 'Default'
167 neutron::keystone::authtoken::project_domain_name: 'Default'
168 neutron::server::sync_db: true
169 tripleo.neutron_api.firewall_rules:
174 neutron::server::router_distributed: {get_param: NeutronEnableDVR}
175 neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
176 # NOTE: bind IP is found in Heat replacing the network name with the local node IP
177 # for the given network; replacement examples (eg. for internal_api):
179 # internal_api_uri -> [IP]
180 # internal_api_subnet - > IP/CIDR
181 tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
182 get_param: [ServiceNetMap, NeutronApiNetwork]
183 tripleo::profile::base::neutron::server::tls_proxy_fqdn:
186 "%{hiera('fqdn_$NETWORK')}"
188 $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
189 tripleo::profile::base::neutron::server::tls_proxy_port:
190 get_param: [EndpointMap, NeutronInternal, port]
191 # Bind to localhost if internal TLS is enabled, since we put a TLS
197 - {get_param: [ServiceNetMap, NeutronApiNetwork]}
198 tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
201 - neutron_workers_unset
203 - neutron::server::api_workers: {get_param: NeutronWorkers}
204 neutron::server::rpc_workers: {get_param: NeutronWorkers}
206 include tripleo::profile::base::neutron::server
207 service_config_settings:
209 neutron::keystone::auth::tenant: 'service'
210 neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
211 neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
212 neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
213 neutron::keystone::auth::password: {get_param: NeutronPassword}
214 neutron::keystone::auth::region: {get_param: KeystoneRegion}
216 neutron::db::mysql::password: {get_param: NeutronPassword}
217 neutron::db::mysql::user: neutron
218 neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
219 neutron::db::mysql::dbname: ovs_neutron
220 neutron::db::mysql::allowed_hosts:
222 - "%{hiera('mysql_bind_host')}"
224 - name: Check if neutron_server is deployed
225 command: systemctl is-enabled neutron-server
228 register: neutron_server_enabled
229 - name: "PreUpgrade step0,validation: Check service neutron-server is running"
230 shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
231 when: neutron_server_enabled.rc == 0
232 tags: step0,validation
233 - name: Stop neutron_api service
235 when: neutron_server_enabled.rc == 0
236 service: name=neutron-server state=stopped
238 get_attr: [TLSProxyBase, role_data, metadata_settings]