heat_template_version: pike

description: >
  OpenStack Neutron L3 agent configured with Puppet

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  Debug:
    type: string
    default: ''
  NeutronL3AgentMode:
    description: |
      Agent mode for L3 agent. Must be one of legacy or dvr_snat.
    default: 'legacy'
    type: string
    constraints:
      - allowed_values:
        - legacy
        - dvr_snat
  MonitoringSubscriptionNeutronL3:
    default: 'overcloud-neutron-l3-agent'
    type: string
  NeutronL3AgentLoggingSource:
    type: json
    default:
      tag: openstack.neutron.agent.l3
      path: /var/log/neutron/l3-agent.log

  # DEPRECATED: the following options are deprecated and are currently maintained
  # for backwards compatibility. They will be removed in the Pike cycle.
  NeutronExternalNetworkBridge:
    description: Name of bridge used for external network traffic. Usually L2
                 agent handles port wiring into external bridge, and hence the
                 parameter should be unset.
    type: string
    default: ''

conditions:

  external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}

resources:

  NeutronBase:
    type: ./neutron-base.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

outputs:
  role_data:
    description: Role data for the Neutron L3 agent service.
    value:
      service_name: neutron_l3
      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
      logging_source: {get_param: NeutronL3AgentLoggingSource}
      logging_groups:
        - neutron
      config_settings:
        map_merge:
        - get_attr: [NeutronBase, role_data, config_settings]
        - neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode}
          tripleo.neutron_l3.firewall_rules:
            '106 neutron_l3 vrrp':
              proto: vrrp
        -
          if:
          - external_network_bridge_empty
          - {}
          - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
      step_config: |
        include tripleo::profile::base::neutron::l3
      upgrade_tasks:
        - name: Check if neutron_l3_agent is deployed
          command: systemctl is-enabled neutron-l3-agent
          tags: common
          ignore_errors: True
          register: neutron_l3_agent_enabled
        - name: "PreUpgrade step0,validation: Check service neutron-l3-agent is running"
          shell: /usr/bin/systemctl show 'neutron-l3-agent' --property ActiveState | grep '\bactive\b'
          when: neutron_l3_agent_enabled.rc == 0
          tags: step0,validation
        - name: Stop neutron_l3 service
          tags: step1
          when: neutron_l3_agent_enabled.rc == 0
          service: name=neutron-l3-agent state=stopped