Merge "Simplify neutron service templates"

deployment/neutron/neutron-agents-ib-config-container-puppet.yaml

@@ -48,7 +48,6 @@ parameters:
       - role_specific
 
 resources:
-
   ContainersCommon:
     type: ../containers-common.yaml
 
@@ -111,11 +110,9 @@ outputs:
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
-                -
-                  - /lib/modules:/lib/modules:ro
+                - - /lib/modules:/lib/modules:ro
                   - /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
                   - /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
-                  - ''
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
               TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}

deployment/neutron/neutron-api-container-puppet.yaml

@@ -191,20 +191,24 @@ parameter_groups:
   - NeutronL3HA
 
 conditions:
-  use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
-  neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
-  neutron_rpc_workers_unset: {equals : [{get_param: NeutronRpcWorkers}, '']}
-  neutron_ovs_int_br_unset: {equals : [{get_param: NeutronOvsIntegrationBridge}, '']}
-  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
-  neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
-  is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]}
-  az_unset: {equals: [{get_param: NeutronDefaultAvailabilityZones}, '']}
-  ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, internal_tls_enabled]}
-  enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
-  key_size_override_unset: {equals: [{get_param: NeutronCertificateKeySize}, '']}
+  neutron_workers_set:
+    not: {equals : [{get_param: NeutronWorkers}, '']}
+  neutron_rpc_workers_set:
+    not: {equals : [{get_param: NeutronRpcWorkers}, '']}
+  neutron_ovs_int_br_set:
+    not: {equals : [{get_param: NeutronOvsIntegrationBridge}, '']}
+  neutron_dvr_set:
+    not: {equals : [{get_param: NeutronEnableDVR}, '']}
+  az_set:
+    not: {equals: [{get_param: NeutronDefaultAvailabilityZones}, '']}
+  ovn_and_tls:
+    and:
+      - contains: ['ovn', {get_param: NeutronMechanismDrivers}]
+      - {get_param: EnableInternalTLS}
+  key_size_override_set:
+    not: {equals: [{get_param: NeutronCertificateKeySize}, '']}
 
 resources:
-
   TLSProxyBase:
     type: OS::TripleO::Services::TLSProxyBase
     properties:
@@ -271,17 +275,14 @@ outputs:
                 path: /ovs_neutron
                 query:
                   if:
-                    - enable_sqlalchemy_collectd
-                    -
-                        read_default_file: /etc/my.cnf.d/tripleo.cnf
-                        read_default_group: tripleo
-                        plugin: collectd
-                        collectd_program_name: ovs_neutron
-                        collectd_host: localhost
-                    -
-                        read_default_file: /etc/my.cnf.d/tripleo.cnf
-                        read_default_group: tripleo
-
+                    - {get_param: EnableSQLAlchemyCollectd}
+                    - read_default_file: /etc/my.cnf.d/tripleo.cnf
+                      read_default_group: tripleo
+                      plugin: collectd
+                      collectd_program_name: ovs_neutron
+                      collectd_host: localhost
+                    - read_default_file: /etc/my.cnf.d/tripleo.cnf
+                      read_default_group: tripleo
             neutron::policy::policies: {get_param: NeutronApiPolicies}
             neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
             neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
@@ -335,7 +336,7 @@ outputs:
             # proxy in front.
             neutron::bind_host:
               if:
-              - use_tls_proxy
+              - {get_param: EnableInternalTLS}
               - "%{hiera('localhost_address')}"
               - str_replace:
                   template:
@@ -343,55 +344,40 @@ outputs:
                   params:
                     $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
             tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
-          -
-            if:
-            - neutron_dvr_unset
-            - {}
+          - if:
+            - neutron_dvr_set
             - neutron::server::router_distributed: {get_param: NeutronEnableDVR}
               neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
-          -
-            if:
-            - neutron_workers_unset
-            - {}
+          - if:
+            - neutron_workers_set
             - neutron::server::api_workers: {get_param: NeutronWorkers}
-          -
-            if:
-            - neutron_rpc_workers_unset
-            -
-              if:
-              - neutron_workers_unset
-              - {}
-              - neutron::server::rpc_workers: {get_param: NeutronWorkers}
+          - if:
+            - neutron_rpc_workers_set
             - neutron::server::rpc_workers: {get_param: NeutronRpcWorkers}
-          -
-            if:
-            - neutron_ovs_int_br_unset
-            - {}
+            - if:
+              - neutron_workers_set
+              - neutron::server::rpc_workers: {get_param: NeutronWorkers}
+          - if:
+            - neutron_ovs_int_br_set
             - neutron::server::ovs_integration_bridge: {get_param: NeutronOvsIntegrationBridge}
-          -
-            if:
-            - az_unset
-            - {}
-            -
-              neutron::server::dhcp_load_type: {get_param: NeutronDhcpLoadType}
+          - if:
+            - az_set
+            - neutron::server::dhcp_load_type: {get_param: NeutronDhcpLoadType}
               neutron::server::network_scheduler_driver:
                 {get_param: NeutronNetworkSchedulerDriver}
               neutron::server::router_scheduler_driver:
                 {get_param: NeutronRouterSchedulerDriver}
               neutron::server::default_availability_zones:
                 {get_param: NeutronDefaultAvailabilityZones}
-          -
-            if:
+          - if:
             - ovn_and_tls
-            -
-              tripleo::profile::base::neutron::plugins::ml2::ovn::protocol: 'ssl'
+            - tripleo::profile::base::neutron::plugins::ml2::ovn::protocol: 'ssl'
               tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/neutron_ovn.key'
               tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/neutron_ovn.crt'
               tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/neutron_ovn.key'
               tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/neutron_ovn.crt'
               tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
               tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
-            - {}
       service_config_settings:
         rsyslog:
           tripleo_logging_sources_neutron_api:
@@ -499,21 +485,18 @@ outputs:
                     - {get_attr: [ContainersCommon, volumes]}
                     - {get_attr: [NeutronLogging, volumes]}
                     - {get_param: NeutronApiOptVolumes}
-                    -
-                      - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+                    - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
                       - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                     - if:
                       - ovn_and_tls
-                      -
-                        - /etc/pki/tls/certs/neutron_ovn.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron_ovn.crt:ro
+                      - - /etc/pki/tls/certs/neutron_ovn.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron_ovn.crt:ro
                         - /etc/pki/tls/private/neutron_ovn.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron_ovn.key:ro
-                      - null
                 environment:
                   map_merge:
                     - {get_param: NeutronApiOptEnvVars}
                     - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
             - if:
-                - internal_tls_enabled
+                - {get_param: EnableInternalTLS}
                 - neutron_server_tls_proxy:
                     image: *neutron_api_image
                     net: host
@@ -523,14 +506,12 @@ outputs:
                       list_concat:
                         - {get_attr: [ContainersCommon, volumes]}
                         - {get_attr: [NeutronLogging, volumes]}
-                        -
-                          - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+                        - - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
                           - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                           - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
                           - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
                     environment:
                       KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
-                - {}
       host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
       metadata_settings:
         list_concat:
@@ -540,12 +521,10 @@ outputs:
           - - service: neutron_ovn
               network: {get_param: [ServiceNetMap, NeutronApiNetwork]}
               type: node
-          - null
       deploy_steps_tasks:
         if:
           - ovn_and_tls
-          -
-            - name: Certificate generation
+          - - name: Certificate generation
               when: step|int == 1
               block:
                 - include_role:
@@ -565,11 +544,10 @@ outputs:
                               $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
                         key_size:
                           if:
-                            - key_size_override_unset
-                            - {get_param: CertificateKeySize}
+                            - key_size_override_set
                             - {get_param: NeutronCertificateKeySize}
+                            - {get_param: CertificateKeySize}
                         ca: ipa
-          - null
       external_upgrade_tasks:
         - when:
             - step|int == 1

deployment/neutron/neutron-base.yaml

@@ -108,8 +108,10 @@ parameters:
     type: boolean
 
 conditions:
-  dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
-  global_physnet_mtu_unset: {equals: [{get_param: NeutronGlobalPhysnetMtu}, 0]}
+  dhcp_agents_set:
+    not: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
+  global_physnet_mtu_set:
+    not: {equals: [{get_param: NeutronGlobalPhysnetMtu}, 0]}
 
 outputs:
   role_data:
@@ -137,12 +139,11 @@ outputs:
             neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
             neutron::global_physnet_mtu:
               if:
-              - global_physnet_mtu_unset
-              - {get_param: TenantNetPhysnetMtu}
+              - global_physnet_mtu_set
               - {get_param: NeutronGlobalPhysnetMtu}
+              - {get_param: TenantNetPhysnetMtu}
             neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams}
             neutron::vlan_transparent: {get_param: EnableVLANTransparency}
           - if:
-            - dhcp_agents_zero
-            - {}
+            - dhcp_agents_set
             - tripleo::profile::base::neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}

deployment/neutron/neutron-bgpvpn-api-container-puppet.yaml

@@ -36,7 +36,6 @@ parameters:
     type: string
 
 resources:
-
   ContainersCommon:
     type: ../containers-common.yaml
 

deployment/neutron/neutron-bigswitch-agent-baremetal-puppet.yaml

@@ -28,7 +28,6 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
 
-
 outputs:
   role_data:
     description: Configure the bigswitch agent services

deployment/neutron/neutron-controller-plugin-nuage.yaml

@@ -50,20 +50,16 @@ parameters:
     type: boolean
     default: false
 
-conditions:
-  apply_vxlan_iptables_rule: {equals : [{get_param: ControllerVxlanIPtableRule}, true]}
-
 outputs:
   role_data:
     description: Role data for the Neutron Controller  Nuage plugin
     value:
       firewall_rules:
         - if:
-          - apply_vxlan_iptables_rule
+          - {get_param: ControllerVxlanIPtableRule}
           - '118 neutron vxlan networks':
               proto: 'udp'
               dport: 4789
-          - {}
       service_name: neutron_controller_plugin_nuage
       config_settings:
         map_merge:

deployment/neutron/neutron-dhcp-container-puppet.yaml

@@ -154,17 +154,14 @@ parameters:
                  certificate for this service
 
 conditions:
-
-  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
-  dnsmasq_wrapper_enabled: {equals: [{get_param: NeutronEnableDnsmasqDockerWrapper}, true]}
-  haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]}
-  docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
-  dhcp_ovs_intergation_bridge_unset: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']}
-  az_unset: {equals: [{get_param: NeutronDhcpAgentAvailabilityZone}, '']}
-  key_size_override_unset: {equals: [{get_param: NeutronDhcpCertificateKeySize}, '']}
+  dhcp_ovs_intergation_bridge_set:
+    not: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']}
+  az_set:
+    not: {equals: [{get_param: NeutronDhcpAgentAvailabilityZone}, '']}
+  key_size_override_set:
+    not: {equals: [{get_param: NeutronDhcpCertificateKeySize}, '']}
 
 resources:
-
   ContainersCommon:
     type: ../containers-common.yaml
 
@@ -242,18 +239,15 @@ outputs:
               - true
               - {get_param: Debug}
           - if:
-              - internal_tls_enabled
+              - {get_param: EnableInternalTLS}
               - neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key'
                 neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt'
                 neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile}
-              - {}
           - if:
-              - dhcp_ovs_intergation_bridge_unset
-              - {}
+              - dhcp_ovs_intergation_bridge_set
               - neutron::agents::dhcp::ovs_integration_bridge: {get_param: NeutronDhcpOvsIntegrationBridge}
           - if:
-              - az_unset
-              - {}
+              - az_set
               - neutron::agents::dhcp::availability_zone: {get_param: NeutronDhcpAgentAvailabilityZone}
       service_config_settings:
         map_merge:
@@ -336,45 +330,31 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 - {get_attr: [NeutronLogging, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /run/openvswitch:/run/openvswitch:shared,z
                   - /var/lib/neutron:/var/lib/neutron:shared,z
                   - /run/netns:/run/netns:shared
                   - /var/lib/neutron/kill_scripts:/etc/neutron/kill_scripts:shared,z
-                -
-                  if:
-                    - docker_enabled
-                    - - /var/lib/openstack:/var/lib/openstack
-                    - null
-                -
-                  if:
-                    - dnsmasq_wrapper_enabled
+                - if:
+                    - {get_param: NeutronEnableDnsmasqDockerWrapper}
                     - - /var/lib/neutron/dnsmasq_wrapper:/usr/local/bin/dnsmasq:ro
-                    - null
-                -
-                  if:
-                    - haproxy_wrapper_enabled
+                - if:
+                    - {get_param: NeutronEnableHaproxyDockerWrapper}
                     - - /var/lib/neutron/dhcp_haproxy_wrapper:/usr/local/bin/haproxy:ro
-                    - null
-                -
-                  if:
-                    - internal_tls_enabled
+                - if:
+                    - {get_param: EnableInternalTLS}
                     - - /etc/pki/tls/certs/neutron.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron.crt:ro
                       - /etc/pki/tls/private/neutron.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron.key:ro
-                    - null
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
       metadata_settings:
         if:
-          - internal_tls_enabled
-          -
-            - service: neutron
+          - {get_param: EnableInternalTLS}
+          - - service: neutron
               network: {get_param: [ServiceNetMap, NeutronApiNetwork]}
               type: node
-          - null
       deploy_steps_tasks:
         - name: Certificate generation
           when:
@@ -411,9 +391,9 @@ outputs:
                       # No need to trigger a reload for neutron dhcpd since the cert is not cached
                     key_size:
                       if:
-                        - key_size_override_unset
-                        - {get_param: CertificateKeySize}
+                        - key_size_override_set
                         - {get_param: NeutronDhcpCertificateKeySize}
+                        - {get_param: CertificateKeySize}
                     ca: ipa
       host_prep_tasks:
         list_concat:

deployment/neutron/neutron-l2gw-agent-baremetal-puppet.yaml

@@ -68,21 +68,17 @@ parameters:
       tag: openstack.neutron.agent.l2gw
       file: /var/log/neutron/l2gw-agent.log
 
-conditions:
-  internal_manager_enabled: {equals: [{get_param: L2gwAgentEnableManager}, True]}
-
 outputs:
   role_data:
     description: Role data for the L2 Gateway role.
     value:
       service_name: neutron_l2gw_agent
       if:
-        - internal_manager_enabled
+        - {get_param: L2gwAgentEnableManager}
         - firewall_rules:
             '142 neutron l2gw agent input':
               proto: 'tcp'
               dport: {get_param: L2gwAgentManagerTableListeningPort}
-        - null
       monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL2gwAgent}
       config_settings:
         neutron::agents::l2gw::ovsdb_hosts: {get_param: L2gwAgentOvsdbHosts}

deployment/neutron/neutron-l2gw-api-container-puppet.yaml

@@ -51,11 +51,6 @@ parameters:
     description: Backend to use as a service provider for L2 Gateway
     type: comma_delimited_list
 
-resources:
-
-  ContainersCommon:
-    type: ../containers-common.yaml
-
 outputs:
   role_data:
     description: Role data for the L2 Gateway role.

deployment/neutron/neutron-l3-container-puppet.yaml

@@ -126,16 +126,12 @@ parameters:
     type: string
 
 conditions:
-  keepalived_wrapper_enabled: {equals: [{get_param: NeutronEnableKeepalivedWrapper}, true]}
-  haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]}
-  dibbler_wrapper_enabled: {equals: [{get_param: NeutronEnableDibblerDockerWrapper}, true]}
-  radvd_wrapper_enabled: {equals: [{get_param: NeutronEnableRadvdDockerWrapper}, true]}
-  docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
-  az_unset: {equals: [{get_param: NeutronL3AgentAvailabilityZone}, '']}
-  l3_agent_extensions_empty: {equals : [{get_param: NeutronL3AgentExtensions}, "''"]}
+  az_set:
+    not: {equals: [{get_param: NeutronL3AgentAvailabilityZone}, '']}
+  l3_agent_extensions_set:
+    not: {equals : [{get_param: NeutronL3AgentExtensions}, "''"]}
 
 resources:
-
   ContainersCommon:
     type: ../containers-common.yaml
 
@@ -207,12 +203,10 @@ outputs:
               - true
               - {get_param: Debug}
           - if:
-            - az_unset
-            - {}
+            - az_set
             - neutron::agents::l3::availability_zone: {get_param: NeutronL3AgentAvailabilityZone}
           - if:
-            - l3_agent_extensions_empty
-            - {}
+            - l3_agent_extensions_set
             - neutron::agents::l3::extensions: {get_param: NeutronL3AgentExtensions}
           - neutron::agents::l3::radvd_user: {get_param: NeutronL3AgentRadvdUser}
       service_config_settings:
@@ -257,8 +251,7 @@ outputs:
             user: root
             command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
               list_concat:
-                -
-                  - '/container_puppet_apply.sh'
+                - - '/container_puppet_apply.sh'
                   - '4'
                   - 'file'
                   - 'include ::tripleo::profile::base::neutron::l3_agent_wrappers'
@@ -266,8 +259,7 @@ outputs:
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
-                -
-                  - /run/openvswitch:/run/openvswitch:shared,z
+                - - /run/openvswitch:/run/openvswitch:shared,z
                   - /var/lib/neutron:/var/lib/neutron:shared,z
         step_4:
           neutron_l3_agent:
@@ -285,39 +277,25 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 - {get_attr: [NeutronLogging, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /run/openvswitch:/run/openvswitch:shared,z
                   - /var/lib/neutron:/var/lib/neutron:shared,z
                   - /run/netns:/run/netns:shared
                   - /var/lib/neutron/kill_scripts:/etc/neutron/kill_scripts:shared,z
-                -
-                  if:
-                    - docker_enabled
-                    - - /var/lib/openstack:/var/lib/openstack
-                    - null
-                -
-                  if:
-                    - keepalived_wrapper_enabled
+                - if:
+                    - {get_param: NeutronEnableKeepalivedWrapper}
                     - - /var/lib/neutron/keepalived_wrapper:/usr/local/bin/keepalived:ro
-                    - null
-                -
-                  if:
-                    - haproxy_wrapper_enabled
+                - if:
+                    - {get_param: NeutronEnableHaproxyDockerWrapper}
                     - - /var/lib/neutron/l3_haproxy_wrapper:/usr/local/bin/haproxy:ro
-                    - null
-                -
-                  if:
-                    - radvd_wrapper_enabled
+                - if:
+                    - {get_param: NeutronEnableRadvdDockerWrapper}
                     - - /var/lib/neutron/radvd_wrapper:/usr/local/bin/radvd:ro
-                    - null
-                -
-                  if:
-                    - dibbler_wrapper_enabled
+                - if:
+                    - {get_param: NeutronEnableDibblerDockerWrapper}
                     - - /var/lib/neutron/dibbler_wrapper:/usr/local/bin/dibbler_client:ro
-                    - null
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
       metadata_settings:

deployment/neutron/neutron-linuxbridge-agent-baremetal-puppet.yaml

@@ -50,10 +50,10 @@ parameters:
     type: comma_delimited_list
 
 conditions:
-  no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']}
+  firewall_driver_set:
+    not: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']}
 
 resources:
-
   NeutronBase:
     type: ./neutron-base.yaml
     properties:
@@ -80,10 +80,8 @@ outputs:
                    $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
             neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
             neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
-          -
-            if:
-            - no_firewall_driver
-            - {}
+          - if:
+            - firewall_driver_set
             - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
       step_config: |
         include tripleo::profile::base::neutron::linuxbridge

deployment/neutron/neutron-metadata-container-puppet.yaml

@@ -73,12 +73,12 @@ parameters:
     default: false
 
 conditions:
-  neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
-  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
-  is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
+  neutron_workers_set:
+    not: {equals : [{get_param: NeutronWorkers}, '']}
+  neutron_shared_metadata_set:
+    not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}
 
 resources:
-
   ContainersCommon:
     type: ../containers-common.yaml
 
@@ -122,19 +122,17 @@ outputs:
                   $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
             neutron::agents::metadata::metadata_protocol:
               if:
-              - internal_tls_enabled
+              - {get_param: EnableInternalTLS}
               - 'https'
               - 'http'
-          -
-            if:
-            - neutron_workers_unset
-            - {}
-            - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
-          -
-            if:
-            - is_neutron_shared_metadata_notempty
-            - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
-            - {}
+            neutron::agents::metadata::metadata_workers:
+              if:
+              - neutron_workers_set
+              - {get_param: NeutronWorkers}
+            neutron::agents::metadata::shared_secret:
+              if:
+              - neutron_shared_metadata_set
+              - {get_param: NeutronMetadataProxySharedSecret}
       service_config_settings:
         map_merge:
           - get_attr: [NeutronBase, role_data, service_config_settings]
@@ -180,8 +178,7 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 - {get_attr: [NeutronLogging, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /var/lib/neutron:/var/lib/neutron:shared,z

deployment/neutron/neutron-mlnx-agent-container-puppet.yaml

@@ -59,7 +59,6 @@ parameters:
       - role_specific
 
 resources:
-
   # Merging role-specific parameters (RoleParameters) with the default parameters.
   # RoleParameters will have the precedence over the default parameters.
   RoleParametersValue:
@@ -166,13 +165,11 @@ outputs:
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
                   - /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
-                  - ''
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
               TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
@@ -189,8 +186,7 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 - {get_attr: [MlnxAgentLogging, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /run:/run
@@ -209,8 +205,7 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 - {get_attr: [EswitchdLogging, volumes]}
-                -
-                  - /var/lib/kolla/config_files/eswitchd.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/eswitchd.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /run:/run

deployment/neutron/neutron-ovn-dpdk-config-container-puppet.yaml

@@ -47,7 +47,6 @@ parameters:
       - role_specific
 
 resources:
-
   OpenvswitchDpdk:
     type: ./../openvswitch/openvswitch-dpdk-baremetal-ansible.yaml
     properties:

deployment/neutron/neutron-ovs-agent-container-puppet.yaml

@@ -142,13 +142,14 @@ parameters:
     default: false
 
 conditions:
-  no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
-  docker_puppet_mount_host: {equals: [{get_param: DockerPuppetMountHostPuppet}, true]}
-  neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
-  ethertypes_unset: {equals : [{get_param: NeutronPermittedEthertypes}, []]}
+  firewall_driver_set:
+    not: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
+  neutron_dvr_set:
+    not: {equals : [{get_param: NeutronEnableDVR}, '']}
+  ethertypes_set:
+    not: {equals : [{get_param: NeutronPermittedEthertypes}, []]}
 
 resources:
-
   ContainersCommon:
     type: ../containers-common.yaml
 
@@ -221,21 +222,18 @@ outputs:
                    "%{hiera('$NETWORK')}"
                  params:
                    $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
-          -
-            if:
-            - neutron_dvr_unset
-            - {}
-            - neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
-          -
-            if:
-            - no_firewall_driver
-            - {}
-            - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
-          -
-            if:
-            - ethertypes_unset
-            - {}
-            - neutron::agents::ml2::ovs::permitted_ethertypes: {get_param: NeutronPermittedEthertypes}
+            neutron::agents::ml2::ovs::enable_distributed_routing:
+              if:
+                - neutron_dvr_set
+                - {get_param: NeutronEnableDVR}
+            neutron::agents::ml2::ovs::firewall_driver:
+              if:
+                - firewall_driver_set
+                - {get_param: NeutronOVSFirewallDriver}
+            neutron::agents::ml2::ovs::permitted_ethertypes:
+              if:
+                - ethertypes_set
+                - {get_param: NeutronPermittedEthertypes}
 
       service_config_settings:
         map_merge:
@@ -322,16 +320,13 @@ outputs:
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /run/openvswitch:/run/openvswitch:shared,z
-                  -
-                    if:
-                      - docker_puppet_mount_host
+                  - if:
+                      - {get_param: DockerPuppetMountHostPuppet}
                       - /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
-                      - ''
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
               TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
@@ -352,8 +347,7 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 - {get_attr: [NeutronLogging, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /var/lib/container-config-scripts/neutron_ovs_agent_launcher.sh:/neutron_ovs_agent_launcher.sh:ro
                   - /lib/modules:/lib/modules:ro
@@ -365,8 +359,7 @@ outputs:
       host_prep_tasks:
         list_concat:
           - {get_attr: [NeutronLogging, host_prep_tasks]}
-          -
-            - block:
+          - - block:
               - name: load openvswitch module
                 import_role:
                   name: tripleo_module_load

deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml

@@ -65,7 +65,6 @@ parameters:
       - role_specific
 
 resources:
-
   NeutronOvsAgent:
     type: ./neutron-ovs-agent-container-puppet.yaml
     properties:
@@ -155,8 +154,7 @@ outputs:
       upgrade_tasks:
         list_concat:
         - get_attr: [NeutronOvsAgent, role_data, upgrade_tasks]
-        -
-          - name: upgrade prepare for leapp to vfio-pci.conf
+        - - name: upgrade prepare for leapp to vfio-pci.conf
             tags:
               - never
               - system_upgrade

deployment/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml

@@ -40,7 +40,6 @@ parameters:
     hidden: true
 
 resources:
-
   NeutronMl2Base:
     type: OS::TripleO::Services::NeutronMl2PluginBase
     properties:

deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml

@@ -58,7 +58,6 @@ parameters:
     default: 120
 
 resources:
-
   NeutronMl2Base:
     type: ./neutron-plugin-ml2.yaml
     properties:

deployment/neutron/neutron-plugin-ml2-container-puppet.yaml

@@ -36,7 +36,6 @@ parameters:
     type: string
 
 resources:
-
   NeutronBase:
     type: OS::TripleO::Services::NeutronMl2PluginBase
     properties:

deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml

@@ -55,12 +55,7 @@ parameters:
     type: string
     default: 'datacentre'
 
-conditions:
-
-  multi_interface_enabled: {equals: [{get_param: MultiInterfaceEnabled}, true]}
-
 resources:
-
   NeutronMl2Base:
     type: ./neutron-plugin-ml2.yaml
     properties:
@@ -83,12 +78,10 @@ outputs:
             neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sdn_url: {get_param: MlnxSDNUrl}
             neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sdn_domain: {get_param: MlnxSDNDomain}
             neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sync_enabled: {get_param: MlnxSDNSyncEnabled}
-          -
-            if:
-              - multi_interface_enabled
+          - if:
+              - {get_param: MultiInterfaceEnabled}
               - neutron::plugins::ml2::mellanox::mlnx_sdn_assist::bind_normal_ports: {get_param: MultiInterfaceEnabled}
                 neutron::plugins::ml2::mellanox::mlnx_sdn_assist::bind_normal_ports_physnets: {get_param: BindNormalPortsPhysnet}
-              - {}
       service_config_settings: {}
       # BEGIN DOCKER SETTINGS
       puppet_config:

deployment/neutron/neutron-plugin-ml2-nuage.yaml

@@ -80,7 +80,6 @@ parameters:
     default: false
 
 resources:
-
   NeutronMl2Base:
     type: ./neutron-plugin-ml2.yaml
     properties:

deployment/neutron/neutron-plugin-ml2-ovn.yaml

@@ -97,7 +97,8 @@ parameters:
                  br-int | grep "Check pkt length action"'.
 
 conditions:
-  neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
+  neutron_dvr_set:
+    not: {equals : [{get_param: NeutronEnableDVR}, '']}
   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
   vhostuser_dir_set:
     or:
@@ -105,7 +106,6 @@ conditions:
     - {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
 
 resources:
-
   NeutronMl2Base:
     type: ./neutron-plugin-ml2.yaml
     properties:
@@ -133,23 +133,19 @@ outputs:
             neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
             neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
             neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag}
+            neutron::plugins::ml2::ovn::dvr_enabled:
+              if:
+                - neutron_dvr_set
+                - true
           - if:
-              - internal_tls_enabled
-              -
-                neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
+              - {get_param: EnableInternalTLS}
+              - neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
                 neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
                 neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
                 neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
                 neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
                 neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
-              - {}
-          -
-            if:
-              - neutron_dvr_unset
-              - neutron::plugins::ml2::ovn::dvr_enabled: true
-              - neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
-          -
-            if:
+          - if:
               - vhostuser_dir_set
               - map_replace:
                 - map_replace:
@@ -157,8 +153,6 @@ outputs:
                   - values: {get_param: RoleParameters}
                 - values:
                     NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
-              - {}
-
       step_config: |
         include tripleo::profile::base::neutron::plugins::ml2
       metadata_settings:

deployment/neutron/neutron-plugin-ml2.yaml

@@ -119,7 +119,6 @@ conditions:
   physical_network_mtus_set: {not: {equals: [{get_param: NeutronML2PhysicalNetworkMtus}, []]}}
 
 resources:
-
   NeutronBase:
     type: ./neutron-base.yaml
     properties:
@@ -152,11 +151,10 @@ outputs:
                 - ServiceData
                 - net_ip_version_map
                 - {get_param: [ServiceNetMap, NeutronTenantNetwork]}
-          - if:
-            - physical_network_mtus_set
-            - neutron::plugins::ml2::physical_network_mtus: {get_param: NeutronML2PhysicalNetworkMtus}
-            - null
-
+            neutron::plugins::ml2::physical_network_mtus:
+              if:
+                - physical_network_mtus_set
+                - {get_param: NeutronML2PhysicalNetworkMtus}
       step_config: |
         include tripleo::profile::base::neutron::plugins::ml2
       service_config_settings:

deployment/neutron/neutron-plugin-nuage.yaml

@@ -65,7 +65,6 @@ parameters:
     default: false
 
 resources:
-
   NeutronBase:
     type: ./neutron-base.yaml
     properties:

deployment/neutron/neutron-sriov-agent-container-puppet.yaml

@@ -86,16 +86,14 @@ parameters:
      - role_specific
 
 conditions:
-
   derive_pci_whitelist_enabled:
     or:
       - and:
-        - equals: [{get_param: DerivePciWhitelistEnabled}, true]
+        - {get_param: DerivePciWhitelistEnabled}
         - equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, '']
-      - equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, true]
+      - {get_param: [RoleParameters, DerivePciWhitelistEnabled]}
 
 resources:
-
   # Merging role-specific parameters (RoleParameters) with the default parameters.
   # RoleParameters will have the precedence over the default parameters.
   RoleParametersValue:
@@ -180,8 +178,7 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 - {get_attr: [NeutronLogging, volumes]}
-                -
-                  - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
+                - - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
                   - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
                   - /lib/modules:/lib/modules:ro
                   - /run:/run
@@ -196,8 +193,7 @@ outputs:
                 name: virt_sandbox_use_netlink
                 persistent: yes
                 state: yes
-            -
-              if:
+            - if:
                 - derive_pci_whitelist_enabled
                 - - name: "creating directory"
                     file:
@@ -213,7 +209,6 @@ outputs:
                       mode: 0700
                   - name: run derive_pci_passthrough_whitelist.py
                     command:  /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py
-                - []
       metadata_settings:
         get_attr: [NeutronBase, role_data, metadata_settings]
       upgrade_tasks: []

deployment/neutron/neutron-vpp-agent-baremetal-puppet.yaml

@@ -36,7 +36,6 @@ parameters:
     default: ""
 
 resources:
-
   NeutronBase:
     type: ./neutron-base.yaml
     properties: