d1eb0bc0dc
The admin endpoint is listening on the ctlplane network by default; services should ideally be using the internal api network for this kind of traffic, as the ctlplane network is mostly for provisioning. On the other hand, the admin endpoint shouldn't be as relevant with services switching to keystone v3. Change-Id: I1213a83ef8693c1cca1d20de974f7949a801d9f1
85 lines
3.3 KiB
YAML
85 lines
3.3 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
OpenStack Neutron Metadata agent configured with Puppet
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
NeutronMetadataProxySharedSecret:
|
|
description: Shared secret to prevent spoofing
|
|
type: string
|
|
hidden: true
|
|
NeutronWorkers:
|
|
default: ''
|
|
description: |
|
|
Sets the number of worker processes for the neutron metadata agent. The
|
|
default value results in the configuration being left unset and a
|
|
system-dependent default will be chosen (usually the number of
|
|
processors). Please note that this can result in a large number of
|
|
processes and memory consumption on systems with a large core count. On
|
|
such systems it is recommended that a non-default value be selected that
|
|
matches the load requirements.
|
|
type: string
|
|
NeutronPassword:
|
|
description: The password for the neutron service and db account, used by neutron agents.
|
|
type: string
|
|
hidden: true
|
|
MonitoringSubscriptionNeutronMetadata:
|
|
default: 'overcloud-neutron-metadata'
|
|
type: string
|
|
NeutronMetadataAgentLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.neutron.agent.metadata
|
|
path: /var/log/neutron/metadata-agent.log
|
|
|
|
resources:
|
|
|
|
NeutronBase:
|
|
type: ./neutron-base.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron Metadata agent service.
|
|
value:
|
|
service_name: neutron_metadata
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata}
|
|
logging_source: {get_param: NeutronMetadataAgentLoggingSource}
|
|
logging_groups:
|
|
- neutron
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronBase, role_data, config_settings]
|
|
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
|
|
neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
|
|
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
|
|
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
neutron::agents::metadata::auth_tenant: 'service'
|
|
neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::metadata
|
|
upgrade_tasks:
|
|
- name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running"
|
|
shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b'
|
|
tags: step0,validation
|
|
- name: Stop neutron_metadata service
|
|
tags: step2
|
|
service: name=neutron-metadata-agent state=stopped
|