1 heat_template_version: ocata
4 OpenStack Neutron Server configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
24 Sets the number of API and RPC workers for the Neutron service. The
25 default value results in the configuration being left unset and a
26 system-dependent default will be chosen (usually the number of
27 processors). Please note that this can result in a large number of
28 processes and memory consumption on systems with a large core count. On
29 such systems it is recommended that a non-default value be selected that
30 matches the load requirements.
33 description: The password for the neutron service and db account, used by neutron agents.
36 NeutronAllowL3AgentFailover:
38 description: Allow automatic l3-agent failover
41 description: The password for the nova service and db account, used by nova-api.
45 description: Enable Neutron DVR.
51 description: Keystone region for endpoint
52 MonitoringSubscriptionNeutronServer:
53 default: 'overcloud-neutron-server'
55 NeutronApiLoggingSource:
58 tag: openstack.neutron.api
59 path: /var/log/neutron/server.log
65 A hash of policies to configure for Neutron API.
66 e.g. { neutron-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
70 # DEPRECATED: the following options are deprecated and are currently maintained
71 # for backwards compatibility. They will be removed in the Ocata cycle.
76 Whether to enable HA for virtual routers. When not set, L3 HA will be
77 automatically enabled if the number of nodes hosting controller
78 configurations and DVR is disabled. Valid values are 'true' or 'false'
79 This parameter is being deprecated in Newton and is scheduled to be
80 removed in Ocata. Future releases will enable L3 HA by default if it is
81 appropriate for the deployment type. Alternate mechanisms will be
82 available to override.
86 The following parameters are deprecated and will be removed. They should not
87 be relied on for new deployments. If you have concerns regarding deprecated
88 parameters, please contact the TripleO development team on IRC or the
89 OpenStack mailing list.
94 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
99 type: OS::TripleO::Services::TLSProxyBase
101 ServiceNetMap: {get_param: ServiceNetMap}
102 DefaultPasswords: {get_param: DefaultPasswords}
103 EndpointMap: {get_param: EndpointMap}
104 EnableInternalTLS: {get_param: EnableInternalTLS}
107 type: ./neutron-base.yaml
109 ServiceNetMap: {get_param: ServiceNetMap}
110 DefaultPasswords: {get_param: DefaultPasswords}
111 EndpointMap: {get_param: EndpointMap}
115 description: Role data for the Neutron Server agent service.
117 service_name: neutron_api
118 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
119 logging_source: {get_param: NeutronApiLoggingSource}
124 - get_attr: [NeutronBase, role_data, config_settings]
125 - get_attr: [TLSProxyBase, role_data, config_settings]
126 - neutron::server::database_connection:
129 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
131 - {get_param: NeutronPassword}
133 - {get_param: [EndpointMap, MysqlInternal, host]}
135 - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
136 neutron::policy::policies: {get_param: NeutronApiPolicies}
137 neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
138 neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
139 neutron::server::api_workers: {get_param: NeutronWorkers}
140 neutron::server::rpc_workers: {get_param: NeutronWorkers}
141 neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
142 neutron::server::enable_proxy_headers_parsing: true
143 neutron::keystone::authtoken::password: {get_param: NeutronPassword}
144 neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
145 neutron::server::notifications::tenant_name: 'service'
146 neutron::server::notifications::project_name: 'service'
147 neutron::server::notifications::password: {get_param: NovaPassword}
148 neutron::keystone::authtoken::project_name: 'service'
149 neutron::keystone::authtoken::user_domain_name: 'Default'
150 neutron::keystone::authtoken::project_domain_name: 'Default'
151 neutron::server::sync_db: true
152 tripleo.neutron_api.firewall_rules:
157 neutron::server::router_distributed: {get_param: NeutronEnableDVR}
158 # NOTE: bind IP is found in Heat replacing the network name with the local node IP
159 # for the given network; replacement examples (eg. for internal_api):
161 # internal_api_uri -> [IP]
162 # internal_api_subnet - > IP/CIDR
163 tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
164 get_param: [ServiceNetMap, NeutronApiNetwork]
165 tripleo::profile::base::neutron::server::tls_proxy_fqdn:
168 "%{hiera('fqdn_$NETWORK')}"
170 $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
171 tripleo::profile::base::neutron::server::tls_proxy_port:
172 get_param: [EndpointMap, NeutronInternal, port]
173 # Bind to localhost if internal TLS is enabled, since we put a TLS
179 - {get_param: [ServiceNetMap, NeutronApiNetwork]}
180 tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
182 include tripleo::profile::base::neutron::server
183 service_config_settings:
185 neutron::keystone::auth::tenant: 'service'
186 neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
187 neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
188 neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
189 neutron::keystone::auth::password: {get_param: NeutronPassword}
190 neutron::keystone::auth::region: {get_param: KeystoneRegion}
192 neutron::db::mysql::password: {get_param: NeutronPassword}
193 neutron::db::mysql::user: neutron
194 neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
195 neutron::db::mysql::dbname: ovs_neutron
196 neutron::db::mysql::allowed_hosts:
198 - "%{hiera('mysql_bind_host')}"
200 - name: Check if neutron_server is deployed
201 command: systemctl is-enabled neutron-server
204 register: neutron_server_enabled
205 - name: "PreUpgrade step0,validation: Check service neutron-server is running"
206 shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
207 when: neutron_server_enabled.rc == 0
208 tags: step0,validation
209 - name: Stop neutron_api service
211 when: neutron_server_enabled.rc == 0
212 service: name=neutron-server state=stopped
214 get_attr: [TLSProxyBase, role_data, metadata_settings]