1 heat_template_version: pike
4 OpenStack Neutron Server configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
32 Sets the number of API and RPC workers for the Neutron service.
33 The default value results in the configuration being left unset
34 and a system-dependent default will be chosen (usually the number
35 of processors). Please note that this can result in a large number
36 of processes and memory consumption on systems with a large core
37 count. On such systems it is recommended that a non-default value
38 be selected that matches the load requirements.
41 description: The password for the neutron service and db account, used by neutron agents.
44 NeutronAllowL3AgentFailover:
46 description: Allow automatic l3-agent failover
49 description: The password for the nova service and db account, used by nova-api.
53 description: Enable Neutron DVR.
59 description: Keystone region for endpoint
60 MonitoringSubscriptionNeutronServer:
61 default: 'overcloud-neutron-server'
63 NeutronApiLoggingSource:
66 tag: openstack.neutron.api
67 path: /var/log/neutron/server.log
73 A hash of policies to configure for Neutron API.
74 e.g. { neutron-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
78 # DEPRECATED: the following options are deprecated and are currently maintained
79 # for backwards compatibility. They will be removed in the Ocata cycle.
84 Whether to enable HA for virtual routers. When not set, L3 HA will be
85 automatically enabled if the number of nodes hosting controller
86 configurations and DVR is disabled. Valid values are 'true' or 'false'
87 This parameter is being deprecated in Newton and is scheduled to be
88 removed in Ocata. Future releases will enable L3 HA by default if it is
89 appropriate for the deployment type. Alternate mechanisms will be
90 available to override.
94 The following parameters are deprecated and will be removed. They should not
95 be relied on for new deployments. If you have concerns regarding deprecated
96 parameters, please contact the TripleO development team on IRC or the
97 OpenStack mailing list.
102 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
103 neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
108 type: OS::TripleO::Services::TLSProxyBase
110 ServiceNetMap: {get_param: ServiceNetMap}
111 DefaultPasswords: {get_param: DefaultPasswords}
112 EndpointMap: {get_param: EndpointMap}
113 RoleName: {get_param: RoleName}
114 RoleParameters: {get_param: RoleParameters}
115 EnableInternalTLS: {get_param: EnableInternalTLS}
118 type: ./neutron-base.yaml
120 ServiceNetMap: {get_param: ServiceNetMap}
121 DefaultPasswords: {get_param: DefaultPasswords}
122 EndpointMap: {get_param: EndpointMap}
123 RoleName: {get_param: RoleName}
124 RoleParameters: {get_param: RoleParameters}
128 description: Role data for the Neutron Server agent service.
130 service_name: neutron_api
131 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
132 logging_source: {get_param: NeutronApiLoggingSource}
137 - get_attr: [NeutronBase, role_data, config_settings]
138 - get_attr: [TLSProxyBase, role_data, config_settings]
139 - neutron::server::database_connection:
141 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
143 password: {get_param: NeutronPassword}
144 host: {get_param: [EndpointMap, MysqlInternal, host]}
147 read_default_file: /etc/my.cnf.d/tripleo.cnf
148 read_default_group: tripleo
149 neutron::policy::policies: {get_param: NeutronApiPolicies}
150 neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
151 neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
152 neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
153 neutron::server::enable_proxy_headers_parsing: true
154 neutron::keystone::authtoken::password: {get_param: NeutronPassword}
155 neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
156 neutron::server::notifications::tenant_name: 'service'
157 neutron::server::notifications::project_name: 'service'
158 neutron::server::notifications::password: {get_param: NovaPassword}
159 neutron::keystone::authtoken::project_name: 'service'
160 neutron::keystone::authtoken::user_domain_name: 'Default'
161 neutron::keystone::authtoken::project_domain_name: 'Default'
162 neutron::server::sync_db: true
163 tripleo.neutron_api.firewall_rules:
168 neutron::server::router_distributed: {get_param: NeutronEnableDVR}
169 neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
170 # NOTE: bind IP is found in Heat replacing the network name with the local node IP
171 # for the given network; replacement examples (eg. for internal_api):
173 # internal_api_uri -> [IP]
174 # internal_api_subnet - > IP/CIDR
175 tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
176 get_param: [ServiceNetMap, NeutronApiNetwork]
177 tripleo::profile::base::neutron::server::tls_proxy_fqdn:
180 "%{hiera('fqdn_$NETWORK')}"
182 $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
183 tripleo::profile::base::neutron::server::tls_proxy_port:
184 get_param: [EndpointMap, NeutronInternal, port]
185 # Bind to localhost if internal TLS is enabled, since we put a TLS
191 - {get_param: [ServiceNetMap, NeutronApiNetwork]}
192 tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
195 - neutron_workers_unset
197 - neutron::server::api_workers: {get_param: NeutronWorkers}
198 neutron::server::rpc_workers: {get_param: NeutronWorkers}
200 include tripleo::profile::base::neutron::server
201 service_config_settings:
203 neutron::keystone::auth::tenant: 'service'
204 neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
205 neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
206 neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
207 neutron::keystone::auth::password: {get_param: NeutronPassword}
208 neutron::keystone::auth::region: {get_param: KeystoneRegion}
210 neutron::db::mysql::password: {get_param: NeutronPassword}
211 neutron::db::mysql::user: neutron
212 neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
213 neutron::db::mysql::dbname: ovs_neutron
214 neutron::db::mysql::allowed_hosts:
216 - "%{hiera('mysql_bind_host')}"
218 - name: Check if neutron_server is deployed
219 command: systemctl is-enabled neutron-server
222 register: neutron_server_enabled
223 - name: "PreUpgrade step0,validation: Check service neutron-server is running"
224 shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
225 when: neutron_server_enabled.rc == 0
226 tags: step0,validation
227 - name: Stop neutron_api service
229 when: neutron_server_enabled.rc == 0
230 service: name=neutron-server state=stopped
232 get_attr: [TLSProxyBase, role_data, metadata_settings]