1 heat_template_version: ocata
4 OpenStack Neutron Server configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
24 Sets the number of API and RPC workers for the Neutron service. The
25 default value results in the configuration being left unset and a
26 system-dependent default will be chosen (usually the number of
27 processors). Please note that this can result in a large number of
28 processes and memory consumption on systems with a large core count. On
29 such systems it is recommended that a non-default value be selected that
30 matches the load requirements.
33 description: The password for the neutron service and db account, used by neutron agents.
36 NeutronAllowL3AgentFailover:
38 description: Allow automatic l3-agent failover
41 description: The password for the nova service and db account, used by nova-api.
45 description: Enable Neutron DVR.
51 description: Keystone region for endpoint
52 MonitoringSubscriptionNeutronServer:
53 default: 'overcloud-neutron-server'
55 NeutronApiLoggingSource:
58 tag: openstack.neutron.api
59 path: /var/log/neutron/server.log
61 # DEPRECATED: the following options are deprecated and are currently maintained
62 # for backwards compatibility. They will be removed in the Ocata cycle.
67 Whether to enable HA for virtual routers. When not set, L3 HA will be
68 automatically enabled if the number of nodes hosting controller
69 configurations and DVR is disabled. Valid values are 'true' or 'false'
70 This parameter is being deprecated in Newton and is scheduled to be
71 removed in Ocata. Future releases will enable L3 HA by default if it is
72 appropriate for the deployment type. Alternate mechanisms will be
73 available to override.
81 The following parameters are deprecated and will be removed. They should not
82 be relied on for new deployments. If you have concerns regarding deprecated
83 parameters, please contact the TripleO development team on IRC or the
84 OpenStack mailing list.
89 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
94 type: OS::TripleO::Services::TLSProxyBase
96 ServiceNetMap: {get_param: ServiceNetMap}
97 DefaultPasswords: {get_param: DefaultPasswords}
98 EndpointMap: {get_param: EndpointMap}
99 EnableInternalTLS: {get_param: EnableInternalTLS}
102 type: ./neutron-base.yaml
104 ServiceNetMap: {get_param: ServiceNetMap}
105 DefaultPasswords: {get_param: DefaultPasswords}
106 EndpointMap: {get_param: EndpointMap}
110 description: Role data for the Neutron Server agent service.
112 service_name: neutron_api
113 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
114 logging_source: {get_param: NeutronApiLoggingSource}
119 - get_attr: [NeutronBase, role_data, config_settings]
120 - get_attr: [TLSProxyBase, role_data, config_settings]
121 - neutron::server::database_connection:
124 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
126 - {get_param: NeutronPassword}
128 - {get_param: [EndpointMap, MysqlInternal, host]}
131 - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
132 neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
133 neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
134 neutron::server::api_workers: {get_param: NeutronWorkers}
135 neutron::server::rpc_workers: {get_param: NeutronWorkers}
136 neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
137 neutron::server::enable_proxy_headers_parsing: true
138 neutron::keystone::authtoken::password: {get_param: NeutronPassword}
140 neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
141 neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
142 neutron::server::notifications::tenant_name: 'service'
143 neutron::server::notifications::project_name: 'service'
144 neutron::server::notifications::password: {get_param: NovaPassword}
145 neutron::keystone::authtoken::project_name: 'service'
146 neutron::server::sync_db: true
147 tripleo.neutron_api.firewall_rules:
152 neutron::server::router_distributed: {get_param: NeutronEnableDVR}
153 # NOTE: bind IP is found in Heat replacing the network name with the local node IP
154 # for the given network; replacement examples (eg. for internal_api):
156 # internal_api_uri -> [IP]
157 # internal_api_subnet - > IP/CIDR
158 tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
159 get_param: [ServiceNetMap, NeutronApiNetwork]
160 tripleo::profile::base::neutron::server::tls_proxy_fqdn:
163 "%{hiera('fqdn_$NETWORK')}"
165 $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
166 tripleo::profile::base::neutron::server::tls_proxy_port:
167 get_param: [EndpointMap, NeutronInternal, port]
168 # Bind to localhost if internal TLS is enabled, since we put a TLS
174 - {get_param: [ServiceNetMap, NeutronApiNetwork]}
175 tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
177 include tripleo::profile::base::neutron::server
178 service_config_settings:
180 neutron::keystone::auth::tenant: 'service'
181 neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
182 neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
183 neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
184 neutron::keystone::auth::password: {get_param: NeutronPassword}
185 neutron::keystone::auth::region: {get_param: KeystoneRegion}
187 neutron::db::mysql::password: {get_param: NeutronPassword}
188 neutron::db::mysql::user: neutron
189 neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
190 neutron::db::mysql::dbname: ovs_neutron
191 neutron::db::mysql::allowed_hosts:
193 - "%{hiera('mysql_bind_host')}"
195 - name: "PreUpgrade step0,validation: Check service neutron-server is running"
196 shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
197 tags: step0,validation
198 - name: Stop neutron_api service
200 service: name=neutron-server state=stopped