1 heat_template_version: pike
4 OpenStack Neutron Server configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
32 Sets the number of API and RPC workers for the Neutron service.
33 The default value results in the configuration being left unset
34 and a system-dependent default will be chosen (usually the number
35 of processors). Please note that this can result in a large number
36 of processes and memory consumption on systems with a large core
37 count. On such systems it is recommended that a non-default value
38 be selected that matches the load requirements.
41 description: The password for the neutron service and db account, used by neutron agents.
44 NeutronAllowL3AgentFailover:
46 description: Allow automatic l3-agent failover
49 description: The password for the nova service and db account, used by nova-api.
53 description: Enable Neutron DVR.
59 description: Keystone region for endpoint
60 MonitoringSubscriptionNeutronServer:
61 default: 'overcloud-neutron-server'
63 NeutronApiLoggingSource:
66 tag: openstack.neutron.api
67 path: /var/log/neutron/server.log
73 A hash of policies to configure for Neutron API.
74 e.g. { neutron-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
78 # DEPRECATED: the following options are deprecated and are currently maintained
79 # for backwards compatibility. They will be removed in the Ocata cycle.
84 Whether to enable HA for virtual routers. When not set, L3 HA will be
85 automatically enabled if the number of nodes hosting controller
86 configurations and DVR is disabled. Valid values are 'true' or 'false'
87 This parameter is being deprecated in Newton and is scheduled to be
88 removed in Ocata. Future releases will enable L3 HA by default if it is
89 appropriate for the deployment type. Alternate mechanisms will be
90 available to override.
94 The following parameters are deprecated and will be removed. They should not
95 be relied on for new deployments. If you have concerns regarding deprecated
96 parameters, please contact the TripleO development team on IRC or the
97 OpenStack mailing list.
102 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
103 neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
108 type: OS::TripleO::Services::TLSProxyBase
110 ServiceNetMap: {get_param: ServiceNetMap}
111 DefaultPasswords: {get_param: DefaultPasswords}
112 EndpointMap: {get_param: EndpointMap}
113 RoleName: {get_param: RoleName}
114 RoleParameters: {get_param: RoleParameters}
115 EnableInternalTLS: {get_param: EnableInternalTLS}
118 type: ./neutron-base.yaml
120 ServiceNetMap: {get_param: ServiceNetMap}
121 DefaultPasswords: {get_param: DefaultPasswords}
122 EndpointMap: {get_param: EndpointMap}
123 RoleName: {get_param: RoleName}
124 RoleParameters: {get_param: RoleParameters}
128 description: Role data for the Neutron Server agent service.
130 service_name: neutron_api
131 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
132 logging_source: {get_param: NeutronApiLoggingSource}
137 - get_attr: [NeutronBase, role_data, config_settings]
138 - get_attr: [TLSProxyBase, role_data, config_settings]
139 - neutron::server::database_connection:
141 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
143 password: {get_param: NeutronPassword}
144 host: {get_param: [EndpointMap, MysqlInternal, host]}
147 read_default_file: /etc/my.cnf.d/tripleo.cnf
148 read_default_group: tripleo
149 neutron::policy::policies: {get_param: NeutronApiPolicies}
150 neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
151 neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
152 neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
153 neutron::server::enable_proxy_headers_parsing: true
154 neutron::keystone::authtoken::password: {get_param: NeutronPassword}
155 neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
156 neutron::server::notifications::tenant_name: 'service'
157 neutron::server::notifications::project_name: 'service'
158 neutron::server::notifications::password: {get_param: NovaPassword}
159 neutron::keystone::authtoken::project_name: 'service'
160 neutron::keystone::authtoken::user_domain_name: 'Default'
161 neutron::keystone::authtoken::project_domain_name: 'Default'
162 neutron::server::sync_db: true
163 tripleo.neutron_api.firewall_rules:
168 neutron::server::router_distributed: {get_param: NeutronEnableDVR}
169 # NOTE: bind IP is found in Heat replacing the network name with the local node IP
170 # for the given network; replacement examples (eg. for internal_api):
172 # internal_api_uri -> [IP]
173 # internal_api_subnet - > IP/CIDR
174 tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
175 get_param: [ServiceNetMap, NeutronApiNetwork]
176 tripleo::profile::base::neutron::server::tls_proxy_fqdn:
179 "%{hiera('fqdn_$NETWORK')}"
181 $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
182 tripleo::profile::base::neutron::server::tls_proxy_port:
183 get_param: [EndpointMap, NeutronInternal, port]
184 # Bind to localhost if internal TLS is enabled, since we put a TLS
190 - {get_param: [ServiceNetMap, NeutronApiNetwork]}
191 tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
194 - neutron_workers_unset
196 - neutron::server::api_workers: {get_param: NeutronWorkers}
197 neutron::server::rpc_workers: {get_param: NeutronWorkers}
199 include tripleo::profile::base::neutron::server
200 service_config_settings:
202 neutron::keystone::auth::tenant: 'service'
203 neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
204 neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
205 neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
206 neutron::keystone::auth::password: {get_param: NeutronPassword}
207 neutron::keystone::auth::region: {get_param: KeystoneRegion}
209 neutron::db::mysql::password: {get_param: NeutronPassword}
210 neutron::db::mysql::user: neutron
211 neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
212 neutron::db::mysql::dbname: ovs_neutron
213 neutron::db::mysql::allowed_hosts:
215 - "%{hiera('mysql_bind_host')}"
217 - name: Check if neutron_server is deployed
218 command: systemctl is-enabled neutron-server
221 register: neutron_server_enabled
222 - name: "PreUpgrade step0,validation: Check service neutron-server is running"
223 shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
224 when: neutron_server_enabled.rc == 0
225 tags: step0,validation
226 - name: Stop neutron_api service
228 when: neutron_server_enabled.rc == 0
229 service: name=neutron-server state=stopped
231 get_attr: [TLSProxyBase, role_data, metadata_settings]