3c6ec654b4
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
161 lines
6.7 KiB
YAML
161 lines
6.7 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
OpenStack Neutron Server configured with Puppet
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
NeutronWorkers:
|
|
default: ''
|
|
description: |
|
|
Sets the number of API and RPC workers for the Neutron service. The
|
|
default value results in the configuration being left unset and a
|
|
system-dependent default will be chosen (usually the number of
|
|
processors). Please note that this can result in a large number of
|
|
processes and memory consumption on systems with a large core count. On
|
|
such systems it is recommended that a non-default value be selected that
|
|
matches the load requirements.
|
|
type: string
|
|
NeutronPassword:
|
|
description: The password for the neutron service and db account, used by neutron agents.
|
|
type: string
|
|
hidden: true
|
|
NeutronAllowL3AgentFailover:
|
|
default: 'True'
|
|
description: Allow automatic l3-agent failover
|
|
type: string
|
|
NovaPassword:
|
|
description: The password for the nova service and db account, used by nova-api.
|
|
type: string
|
|
hidden: true
|
|
NeutronEnableDVR:
|
|
description: Enable Neutron DVR.
|
|
default: false
|
|
type: boolean
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionNeutronServer:
|
|
default: 'overcloud-neutron-server'
|
|
type: string
|
|
NeutronApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.neutron.api
|
|
path: /var/log/neutron/server.log
|
|
|
|
# DEPRECATED: the following options are deprecated and are currently maintained
|
|
# for backwards compatibility. They will be removed in the Ocata cycle.
|
|
NeutronL3HA:
|
|
default: ''
|
|
type: string
|
|
description: |
|
|
Whether to enable HA for virtual routers. When not set, L3 HA will be
|
|
automatically enabled if the number of nodes hosting controller
|
|
configurations and DVR is disabled. Valid values are 'true' or 'false'
|
|
This parameter is being deprecated in Newton and is scheduled to be
|
|
removed in Ocata. Future releases will enable L3 HA by default if it is
|
|
appropriate for the deployment type. Alternate mechanisms will be
|
|
available to override.
|
|
|
|
parameter_groups:
|
|
- label: deprecated
|
|
description: |
|
|
The following parameters are deprecated and will be removed. They should not
|
|
be relied on for new deployments. If you have concerns regarding deprecated
|
|
parameters, please contact the TripleO development team on IRC or the
|
|
OpenStack mailing list.
|
|
parameters:
|
|
- NeutronL3HA
|
|
|
|
resources:
|
|
|
|
NeutronBase:
|
|
type: ./neutron-base.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron Server agent service.
|
|
value:
|
|
service_name: neutron_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
|
|
logging_source: {get_param: NeutronApiLoggingSource}
|
|
logging_groups:
|
|
- neutron
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronBase, role_data, config_settings]
|
|
- neutron::server::database_connection:
|
|
list_join:
|
|
- ''
|
|
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
- '://neutron:'
|
|
- {get_param: NeutronPassword}
|
|
- '@'
|
|
- {get_param: [EndpointMap, MysqlInternal, host]}
|
|
- '/ovs_neutron'
|
|
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
|
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
|
neutron::server::api_workers: {get_param: NeutronWorkers}
|
|
neutron::server::rpc_workers: {get_param: NeutronWorkers}
|
|
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
|
|
neutron::server::enable_proxy_headers_parsing: true
|
|
neutron::keystone::authtoken::password: {get_param: NeutronPassword}
|
|
|
|
neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
|
|
neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
|
|
neutron::server::notifications::tenant_name: 'service'
|
|
neutron::server::notifications::project_name: 'service'
|
|
neutron::server::notifications::password: {get_param: NovaPassword}
|
|
neutron::keystone::authtoken::project_name: 'service'
|
|
neutron::server::sync_db: true
|
|
tripleo.neutron_api.firewall_rules:
|
|
'114 neutron api':
|
|
dport:
|
|
- 9696
|
|
- 13696
|
|
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
|
|
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
|
|
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::server
|
|
service_config_settings:
|
|
keystone:
|
|
neutron::keystone::auth::tenant: 'service'
|
|
neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
|
|
neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
|
|
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
|
|
neutron::keystone::auth::password: {get_param: NeutronPassword}
|
|
neutron::keystone::auth::region: {get_param: KeystoneRegion}
|
|
mysql:
|
|
neutron::db::mysql::password: {get_param: NeutronPassword}
|
|
neutron::db::mysql::user: neutron
|
|
neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
neutron::db::mysql::dbname: ovs_neutron
|
|
neutron::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|