1 files changed, 53 insertions, 47 deletions
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index b939e7be..cf444215 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-10-14
+heat_template_version: ocata
 
 description: >
   OpenStack Neutron Server configured with Puppet
@@ -37,13 +37,6 @@ parameters:
     default: 'True'
     description: Allow automatic l3-agent failover
     type: string
-  NeutronL3HA:
-    default: false
-    description: |
-      Whether to enable HA for virtual routers. While the default value is
-      'false', L3 HA will be automatically enabled if the number of nodes hosting
-      controller configurations and DVR is disabled.
-    type: boolean
   NovaPassword:
     description: The password for the nova service and db account, used by nova-api.
     type: string
@@ -64,13 +57,30 @@ parameters:
     default:
       tag: openstack.neutron.api
       path: /var/log/neutron/server.log
-  ControllerCount:
+
+  # DEPRECATED: the following options are deprecated and are currently maintained
+  # for backwards compatibility. They will be removed in the Ocata cycle.
+  NeutronL3HA:
+    default: ''
+    type: string
     description: |
-      Under normal conditions, this should not be overridden manually and is
-      set at deployment time. The default value is present to allow the
-      template to be used in environments that do not override it.
-    default: 1
-    type: number
+      Whether to enable HA for virtual routers. When not set, L3 HA will be
+      automatically enabled if the number of nodes hosting controller
+      configurations and DVR is disabled. Valid values are 'true' or 'false'
+      This parameter is being deprecated in Newton and is scheduled to be
+      removed in Ocata.  Future releases will enable L3 HA by default if it is
+      appropriate for the deployment type. Alternate mechanisms will be
+      available to override.
+
+parameter_groups:
+- label: deprecated
+  description: |
+   The following parameters are deprecated and will be removed. They should not
+   be relied on for new deployments. If you have concerns regarding deprecated
+   parameters, please contact the TripleO development team on IRC or the
+   OpenStack mailing list.
+  parameters:
+  - NeutronL3HA
 
 resources:
 
@@ -81,18 +91,6 @@ resources:
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
 
-conditions:
-
-  auto_enable_l3_ha:
-    and:
-      - not:
-          equals:
-            - get_param: ControllerCount
-            - 1
-      - equals:
-        - get_param: NeutronEnableDVR
-        - false
-
 outputs:
   role_data:
     description: Role data for the Neutron Server agent service.
@@ -114,18 +112,14 @@ outputs:
                   - '@'
                   - {get_param: [EndpointMap, MysqlInternal, host]}
                   - '/ovs_neutron'
-            neutron::keystone::auth::tenant: 'service'
-            neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
-            neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
-            neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
-            neutron::keystone::auth::password: {get_param: NeutronPassword}
-            neutron::keystone::auth::region: {get_param: KeystoneRegion}
+                  - '?bind_address='
+                  - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
             neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
             neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
             neutron::server::api_workers: {get_param: NeutronWorkers}
             neutron::server::rpc_workers: {get_param: NeutronWorkers}
             neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
-            neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]}
+            neutron::server::enable_proxy_headers_parsing: true
             neutron::keystone::authtoken::password: {get_param: NeutronPassword}
 
             neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
@@ -135,23 +129,11 @@ outputs:
             neutron::server::notifications::password: {get_param: NovaPassword}
             neutron::keystone::authtoken::project_name: 'service'
             neutron::server::sync_db: true
-            neutron::db::mysql::password: {get_param: NeutronPassword}
-            neutron::db::mysql::user: neutron
-            neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
-            neutron::db::mysql::dbname: ovs_neutron
-            neutron::db::mysql::allowed_hosts:
-              - '%'
-              - "%{hiera('mysql_bind_host')}"
-            tripleo.neutron_server.firewall_rules:
-              '114 neutron server':
+            tripleo.neutron_api.firewall_rules:
+              '114 neutron api':
                 dport:
                   - 9696
                   - 13696
-              '118 neutron vxlan networks':
-                proto: 'udp'
-                dport: 4789
-              '106 vrrp':
-                proto: vrrp
             neutron::server::router_distributed: {get_param: NeutronEnableDVR}
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
@@ -159,5 +141,29 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+            tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
       step_config: |
         include tripleo::profile::base::neutron::server
+      service_config_settings:
+        keystone:
+          neutron::keystone::auth::tenant: 'service'
+          neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
+          neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+          neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+          neutron::keystone::auth::password: {get_param: NeutronPassword}
+          neutron::keystone::auth::region: {get_param: KeystoneRegion}
+        mysql:
+          neutron::db::mysql::password: {get_param: NeutronPassword}
+          neutron::db::mysql::user: neutron
+          neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+          neutron::db::mysql::dbname: ovs_neutron
+          neutron::db::mysql::allowed_hosts:
+            - '%'
+            - "%{hiera('mysql_bind_host')}"
+      upgrade_tasks:
+        - name: Stop neutron_api service
+          tags: step2
+          service: name=neutron-server state=stopped
+        - name: Sync neutron_api DB
+          tags: step5
+          command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head