Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Fixing acronym for BGPVPN composable service"
[apex-tripleo-heat-templates.git] / puppet / services / neutron-api.yaml
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index cb6317d..9b9d1c7 100644 (file)
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -57,6 +57,15 @@ parameters:
     default:
       tag: openstack.neutron.api
       path: /var/log/neutron/server.log
     default:
       tag: openstack.neutron.api
       path: /var/log/neutron/server.log
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  NeutronApiPolicies:
+    description: |
+      A hash of policies to configure for Neutron API.
+      e.g. { neutron-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
   # DEPRECATED: the following options are deprecated and are currently maintained
   # for backwards compatibility. They will be removed in the Ocata cycle.
 
   # DEPRECATED: the following options are deprecated and are currently maintained
   # for backwards compatibility. They will be removed in the Ocata cycle.
@@ -71,10 +80,6 @@ parameters:
       removed in Ocata.  Future releases will enable L3 HA by default if it is
       appropriate for the deployment type. Alternate mechanisms will be
       available to override.
       removed in Ocata.  Future releases will enable L3 HA by default if it is
       appropriate for the deployment type. Alternate mechanisms will be
       available to override.
-  EnableInternalTLS:
-    type: boolean
-    default: false
-
 parameter_groups:
 - label: deprecated
   description: |
 parameter_groups:
 - label: deprecated
   description: |
@@ -128,18 +133,21 @@ outputs:
                   - {get_param: [EndpointMap, MysqlInternal, host]}
                   - '/ovs_neutron'
                   - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
                   - {get_param: [EndpointMap, MysqlInternal, host]}
                   - '/ovs_neutron'
                   - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
-            neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+            neutron::policy::policies: {get_param: NeutronApiPolicies}
+            neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
             neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             neutron::server::api_workers: {get_param: NeutronWorkers}
             neutron::server::rpc_workers: {get_param: NeutronWorkers}
             neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
             neutron::server::enable_proxy_headers_parsing: true
             neutron::keystone::authtoken::password: {get_param: NeutronPassword}
             neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             neutron::server::api_workers: {get_param: NeutronWorkers}
             neutron::server::rpc_workers: {get_param: NeutronWorkers}
             neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
             neutron::server::enable_proxy_headers_parsing: true
             neutron::keystone::authtoken::password: {get_param: NeutronPassword}
-            neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
+            neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
             neutron::server::notifications::tenant_name: 'service'
             neutron::server::notifications::project_name: 'service'
             neutron::server::notifications::password: {get_param: NovaPassword}
             neutron::keystone::authtoken::project_name: 'service'
             neutron::server::notifications::tenant_name: 'service'
             neutron::server::notifications::project_name: 'service'
             neutron::server::notifications::password: {get_param: NovaPassword}
             neutron::keystone::authtoken::project_name: 'service'
+            neutron::keystone::authtoken::user_domain_name: 'Default'
+            neutron::keystone::authtoken::project_domain_name: 'Default'
             neutron::server::sync_db: true
             tripleo.neutron_api.firewall_rules:
               '114 neutron api':
             neutron::server::sync_db: true
             tripleo.neutron_api.firewall_rules:
               '114 neutron api':
@@ -189,9 +197,18 @@ outputs:
             - '%'
             - "%{hiera('mysql_bind_host')}"
       upgrade_tasks:
             - '%'
             - "%{hiera('mysql_bind_host')}"
       upgrade_tasks:
+        - name: Check if neutron_server is deployed
+          command: systemctl is-enabled neutron-server
+          tags: common
+          ignore_errors: True
+          register: neutron_server_enabled
         - name: "PreUpgrade step0,validation: Check service neutron-server is running"
           shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
         - name: "PreUpgrade step0,validation: Check service neutron-server is running"
           shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
+          when: neutron_server_enabled.rc == 0
           tags: step0,validation
         - name: Stop neutron_api service
           tags: step1
           tags: step0,validation
         - name: Stop neutron_api service
           tags: step1
+          when: neutron_server_enabled.rc == 0
           service: name=neutron-server state=stopped
           service: name=neutron-server state=stopped
+      metadata_settings:
+        get_attr: [TLSProxyBase, role_data, metadata_settings]