tripleo-heat-templates/puppet/services/neutron-api.yaml

heat_template_version: 2016-04-08

description: >
  OpenStack Neutron Server configured with Puppet  

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  NeutronWorkers:
    default: ''
    description: |
      Sets the number of API and RPC workers for the Neutron service. The
      default value results in the configuration being left unset and a
      system-dependent default will be chosen (usually the number of
      processors). Please note that this can result in a large number of
      processes and memory consumption on systems with a large core count. On
      such systems it is recommended that a non-default value be selected that
      matches the load requirements.      
    type: string
  NeutronPassword:
    description: The password for the neutron service and db account, used by neutron agents.
    type: string
    hidden: true
  NeutronAllowL3AgentFailover:
    default: 'True'
    description: Allow automatic l3-agent failover
    type: string
  NeutronL3HA:
    default: false
    description: Whether to enable HA for virtual routers
    type: boolean
  NovaPassword:
    description: The password for the nova service and db account, used by nova-api.
    type: string
    hidden: true
  NeutronEnableDVR:
    description: Enable Neutron DVR.
    default: false
    type: boolean
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  MonitoringSubscriptionNeutronServer:
    default: 'overcloud-neutron-server'
    type: string

resources:

  NeutronBase:
    type: ./neutron-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}

outputs:
  role_data:
    description: Role data for the Neutron Server agent service.
    value:
      service_name: neutron_api
      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
      config_settings:
        map_merge:
          - get_attr: [NeutronBase, role_data, config_settings]
            neutron::server::database_connection:
              list_join:
                - ''
                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
                  - '://neutron:'
                  - {get_param: NeutronPassword}
                  - '@'
                  - {get_param: [EndpointMap, MysqlInternal, host]}
                  - '/ovs_neutron'
            neutron::keystone::auth::tenant: 'service'
            neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
            neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
            neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
            neutron::keystone::auth::password: {get_param: NeutronPassword}
            neutron::keystone::auth::region: {get_param: KeystoneRegion}
            neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
            neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
            neutron::server::api_workers: {get_param: NeutronWorkers}
            neutron::server::rpc_workers: {get_param: NeutronWorkers}
            neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
            neutron::server::l3_ha: {get_param: NeutronL3HA}
            neutron::keystone::authtoken::password: {get_param: NeutronPassword}

            neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
            neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
            neutron::server::notifications::tenant_name: 'service'
            neutron::server::notifications::project_name: 'service'
            neutron::server::notifications::password: {get_param: NovaPassword}
            neutron::keystone::authtoken::project_name: 'service'
            neutron::server::sync_db: true
            neutron::db::mysql::password: {get_param: NeutronPassword}
            neutron::db::mysql::user: neutron
            neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
            neutron::db::mysql::dbname: ovs_neutron
            neutron::db::mysql::allowed_hosts:
              - '%'
              - "%{hiera('mysql_bind_host')}"
            tripleo.neutron_server.firewall_rules:
              '114 neutron server':
                dport:
                  - 9696
                  - 13696
              '118 neutron vxlan networks':
                proto: 'udp'
                dport: 4789
              '106 vrrp':
                proto: vrrp
            neutron::server::router_distributed: {get_param: NeutronEnableDVR}
            # NOTE: bind IP is found in Heat replacing the network name with the local node IP
            # for the given network; replacement examples (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
      step_config: |
        include tripleo::profile::base::neutron::server