diff options
Diffstat (limited to 'puppet/services/neutron-api.yaml')
| -rw-r--r-- | puppet/services/neutron-api.yaml | 83 |
1 files changed, 54 insertions, 29 deletions
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 408eb795..65fa0d8f 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Neutron Server configured with Puppet @@ -57,26 +57,23 @@ parameters: default: tag: openstack.neutron.api path: /var/log/neutron/server.log - ControllerCount: - description: | - Under normal conditions, this should not be overridden manually and is - set at deployment time. The default value is present to allow the - template to be used in environments that do not override it. - default: 1 - type: number # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Ocata cycle. NeutronL3HA: - default: false + default: '' + type: string description: | - Whether to enable HA for virtual routers. While the default value is - 'false', L3 HA will be automatically enabled if the number of nodes - hosting controller configurations and DVR is disabled. This parameter is - being deprecated in Newton and is scheduled to be removed in Ocata. - Future releases will enable L3 HA by default if it is appropriate for the - deployment type. Alternate mechanisms will be available to override. + Whether to enable HA for virtual routers. When not set, L3 HA will be + automatically enabled if the number of nodes hosting controller + configurations and DVR is disabled. Valid values are 'true' or 'false' + This parameter is being deprecated in Newton and is scheduled to be + removed in Ocata. Future releases will enable L3 HA by default if it is + appropriate for the deployment type. Alternate mechanisms will be + available to override. + EnableInternalTLS: type: boolean + default: false parameter_groups: - label: deprecated @@ -88,8 +85,19 @@ parameter_groups: parameters: - NeutronL3HA +conditions: + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + resources: + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + NeutronBase: type: ./neutron-base.yaml properties: @@ -97,18 +105,6 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} -conditions: - - auto_enable_l3_ha: - and: - - not: - equals: - - get_param: ControllerCount - - 1 - - equals: - - get_param: NeutronEnableDVR - - false - outputs: role_data: description: Role data for the Neutron Server agent service. @@ -121,6 +117,7 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] + - get_attr: [TLSProxyBase, role_data, config_settings] - neutron::server::database_connection: list_join: - '' @@ -130,12 +127,13 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]} neutron::server::enable_proxy_headers_parsing: true neutron::keystone::authtoken::password: {get_param: NeutronPassword} @@ -157,7 +155,24 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::tls_proxy_bind_ip: + get_param: [ServiceNetMap, NeutronApiNetwork] + tripleo::profile::base::neutron::server::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::tls_proxy_port: + get_param: [EndpointMap, NeutronInternal, port] + # Bind to localhost if internal TLS is enabled, since we put a TLS + # proxy in front. + neutron::bind_host: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} step_config: | include tripleo::profile::base::neutron::server service_config_settings: @@ -176,3 +191,13 @@ outputs: neutron::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: "PreUpgrade step0,validation: Check service neutron-server is running" + shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + tags: step0,validation + - name: Stop neutron_api service + tags: step2 + service: name=neutron-server state=stopped + - name: Sync neutron_api DB + tags: step5 + command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head |