heat_template_version: 2016-10-14 description: > OpenStack Neutron Server configured with Puppet parameters: ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json NeutronWorkers: default: '' description: | Sets the number of API and RPC workers for the Neutron service. The default value results in the configuration being left unset and a system-dependent default will be chosen (usually the number of processors). Please note that this can result in a large number of processes and memory consumption on systems with a large core count. On such systems it is recommended that a non-default value be selected that matches the load requirements. type: string NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true NeutronAllowL3AgentFailover: default: 'True' description: Allow automatic l3-agent failover type: string NovaPassword: description: The password for the nova service and db account, used by nova-api. type: string hidden: true NeutronEnableDVR: description: Enable Neutron DVR. default: false type: boolean KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint MonitoringSubscriptionNeutronServer: default: 'overcloud-neutron-server' type: string NeutronApiLoggingSource: type: json default: tag: openstack.neutron.api path: /var/log/neutron/server.log ControllerCount: description: | Under normal conditions, this should not be overridden manually and is set at deployment time. The default value is present to allow the template to be used in environments that do not override it. default: 1 type: number # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Ocata cycle. NeutronL3HA: default: false description: | Whether to enable HA for virtual routers. While the default value is 'false', L3 HA will be automatically enabled if the number of nodes hosting controller configurations and DVR is disabled. This parameter is being deprecated in Newton and is scheduled to be removed in Ocata. Future releases will enable L3 HA by default if it is appropriate for the deployment type. Alternate mechanisms will be available to override. type: boolean parameter_groups: - label: deprecated description: | The following parameters are deprecated and will be removed. They should not be relied on for new deployments. If you have concerns regarding deprecated parameters, please contact the TripleO development team on IRC or the OpenStack mailing list. parameters: - NeutronL3HA resources: NeutronBase: type: ./neutron-base.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} conditions: auto_enable_l3_ha: and: - not: equals: - get_param: ControllerCount - 1 - equals: - get_param: NeutronEnableDVR - false outputs: role_data: description: Role data for the Neutron Server agent service. value: service_name: neutron_api monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer} logging_source: {get_param: NeutronApiLoggingSource} logging_groups: - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::server::database_connection: list_join: - '' - - {get_param: [EndpointMap, MysqlInternal, protocol]} - '://neutron:' - {get_param: NeutronPassword} - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]} neutron::keystone::authtoken::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' neutron::server::notifications::password: {get_param: NovaPassword} neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true tripleo.neutron_server.firewall_rules: '114 neutron server': dport: - 9696 - 13696 '118 neutron vxlan networks': proto: 'udp' dport: 4789 '106 vrrp': proto: vrrp neutron::server::router_distributed: {get_param: NeutronEnableDVR} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::server service_config_settings: keystone: neutron::keystone::auth::tenant: 'service' neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron::keystone::auth::password: {get_param: NeutronPassword} neutron::keystone::auth::region: {get_param: KeystoneRegion} mysql: neutron::db::mysql::password: {get_param: NeutronPassword} neutron::db::mysql::user: neutron neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} neutron::db::mysql::dbname: ovs_neutron neutron::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}"