bb875ec21c
http_proxy_to_wsgi middleware was recently added to Neutron [1] and in order to take it into use, we need to enable it via hiera. [1] Ice9ee8f4e04050271d59858f92034c230325718b Depends-On: I99bc9486fdd85857ce73c413e17400320bd6ec5b Related-Bug: #1590608 Change-Id: I10c065e726f2708e09acfc04dac3cae34a534d23
179 lines
7.2 KiB
YAML
179 lines
7.2 KiB
YAML
heat_template_version: 2016-10-14
|
|
|
|
description: >
|
|
OpenStack Neutron Server configured with Puppet
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
NeutronWorkers:
|
|
default: ''
|
|
description: |
|
|
Sets the number of API and RPC workers for the Neutron service. The
|
|
default value results in the configuration being left unset and a
|
|
system-dependent default will be chosen (usually the number of
|
|
processors). Please note that this can result in a large number of
|
|
processes and memory consumption on systems with a large core count. On
|
|
such systems it is recommended that a non-default value be selected that
|
|
matches the load requirements.
|
|
type: string
|
|
NeutronPassword:
|
|
description: The password for the neutron service and db account, used by neutron agents.
|
|
type: string
|
|
hidden: true
|
|
NeutronAllowL3AgentFailover:
|
|
default: 'True'
|
|
description: Allow automatic l3-agent failover
|
|
type: string
|
|
NovaPassword:
|
|
description: The password for the nova service and db account, used by nova-api.
|
|
type: string
|
|
hidden: true
|
|
NeutronEnableDVR:
|
|
description: Enable Neutron DVR.
|
|
default: false
|
|
type: boolean
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionNeutronServer:
|
|
default: 'overcloud-neutron-server'
|
|
type: string
|
|
NeutronApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.neutron.api
|
|
path: /var/log/neutron/server.log
|
|
ControllerCount:
|
|
description: |
|
|
Under normal conditions, this should not be overridden manually and is
|
|
set at deployment time. The default value is present to allow the
|
|
template to be used in environments that do not override it.
|
|
default: 1
|
|
type: number
|
|
|
|
# DEPRECATED: the following options are deprecated and are currently maintained
|
|
# for backwards compatibility. They will be removed in the Ocata cycle.
|
|
NeutronL3HA:
|
|
default: false
|
|
description: |
|
|
Whether to enable HA for virtual routers. While the default value is
|
|
'false', L3 HA will be automatically enabled if the number of nodes
|
|
hosting controller configurations and DVR is disabled. This parameter is
|
|
being deprecated in Newton and is scheduled to be removed in Ocata.
|
|
Future releases will enable L3 HA by default if it is appropriate for the
|
|
deployment type. Alternate mechanisms will be available to override.
|
|
type: boolean
|
|
|
|
parameter_groups:
|
|
- label: deprecated
|
|
description: |
|
|
The following parameters are deprecated and will be removed. They should not
|
|
be relied on for new deployments. If you have concerns regarding deprecated
|
|
parameters, please contact the TripleO development team on IRC or the
|
|
OpenStack mailing list.
|
|
parameters:
|
|
- NeutronL3HA
|
|
|
|
resources:
|
|
|
|
NeutronBase:
|
|
type: ./neutron-base.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
conditions:
|
|
|
|
auto_enable_l3_ha:
|
|
and:
|
|
- not:
|
|
equals:
|
|
- get_param: ControllerCount
|
|
- 1
|
|
- equals:
|
|
- get_param: NeutronEnableDVR
|
|
- false
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron Server agent service.
|
|
value:
|
|
service_name: neutron_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
|
|
logging_source: {get_param: NeutronApiLoggingSource}
|
|
logging_groups:
|
|
- neutron
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronBase, role_data, config_settings]
|
|
- neutron::server::database_connection:
|
|
list_join:
|
|
- ''
|
|
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
- '://neutron:'
|
|
- {get_param: NeutronPassword}
|
|
- '@'
|
|
- {get_param: [EndpointMap, MysqlInternal, host]}
|
|
- '/ovs_neutron'
|
|
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
|
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
|
neutron::server::api_workers: {get_param: NeutronWorkers}
|
|
neutron::server::rpc_workers: {get_param: NeutronWorkers}
|
|
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
|
|
neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]}
|
|
neutron::server::enable_proxy_headers_parsing: true
|
|
neutron::keystone::authtoken::password: {get_param: NeutronPassword}
|
|
|
|
neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
|
|
neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
|
|
neutron::server::notifications::tenant_name: 'service'
|
|
neutron::server::notifications::project_name: 'service'
|
|
neutron::server::notifications::password: {get_param: NovaPassword}
|
|
neutron::keystone::authtoken::project_name: 'service'
|
|
neutron::server::sync_db: true
|
|
tripleo.neutron_api.firewall_rules:
|
|
'114 neutron api':
|
|
dport:
|
|
- 9696
|
|
- 13696
|
|
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
|
|
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::server
|
|
service_config_settings:
|
|
keystone:
|
|
neutron::keystone::auth::tenant: 'service'
|
|
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
|
|
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
|
|
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
|
|
neutron::keystone::auth::password: {get_param: NeutronPassword}
|
|
neutron::keystone::auth::region: {get_param: KeystoneRegion}
|
|
mysql:
|
|
neutron::db::mysql::password: {get_param: NeutronPassword}
|
|
neutron::db::mysql::user: neutron
|
|
neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
neutron::db::mysql::dbname: ovs_neutron
|
|
neutron::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|