heat_template_version: pike

description: >
  OpenStack Neutron OVS agent configured with Puppet

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  NeutronEnableL2Pop:
    type: string
    description: Enable/disable the L2 population feature in the Neutron agents.
    default: "False"
  NeutronBridgeMappings:
    description: >
      The OVS logical->physical bridge mappings to use. See the Neutron
      documentation for details. Defaults to mapping br-ex - the external
      bridge on hosts - to a physical name 'datacentre' which can be used
      to create provider networks (and we use this for the default floating
      network) - if changing this either use different post-install network
      scripts or be sure to keep 'datacentre' as a mapping network name.
    type: comma_delimited_list
    default: "datacentre:br-ex"
  NeutronTunnelTypes:
    default: 'vxlan'
    description: The tunnel types for the Neutron tenant network.
    type: comma_delimited_list
  NeutronAgentExtensions:
    default: "qos"
    description: |
        Comma-separated list of extensions enabled for the Neutron agents.
    type: comma_delimited_list
  NeutronEnableDVR:
    default: False
    description: Enable Neutron DVR.
    type: boolean
  NeutronEnableARPResponder:
    default: false
    description: |
      Enable ARP responder feature in the OVS Agent.
    type: boolean
  MonitoringSubscriptionNeutronOvs:
    default: 'overcloud-neutron-ovs-agent'
    type: string
  NeutronOVSFirewallDriver:
    default: ''
    description: |
      Configure the classname of the firewall driver to use for implementing
      security groups. Possible values depend on system configuration. Some
      examples are: noop, openvswitch, iptables_hybrid. The default value of an
      empty string will result in a default supported configuration.
    type: string
  NeutronOpenVswitchAgentLoggingSource:
    type: json
    default:
      tag: openstack.neutron.agent.openvswitch
      path: /var/log/neutron/openvswitch-agent.log

conditions:
  no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}

resources:

  NeutronBase:
    type: ./neutron-base.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

  Ovs:
    type: ./openvswitch.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}

outputs:
  role_data:
    description: Role data for the Neutron OVS agent service.
    value:
      service_name: neutron_ovs_agent
      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
      logging_source: {get_param: NeutronOpenVswitchAgentLoggingSource}
      logging_groups:
        - neutron
      config_settings:
        map_merge:
          - get_attr: [NeutronBase, role_data, config_settings]
          - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
            neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
            neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
            neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings}
            neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
            neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
            # NOTE: bind IP is found in Heat replacing the network name with the
            # local node IP for the given network; replacement examples
            # (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
            tripleo.neutron_ovs_agent.firewall_rules:
              '118 neutron vxlan networks':
                proto: 'udp'
                dport: 4789
              '136 neutron gre networks':
                proto: 'gre'
          -
            if:
            - no_firewall_driver
            - {}
            - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
      step_config: |
        include ::tripleo::profile::base::neutron::ovs
      upgrade_tasks:
        list_concat:
          - get_attr: [Ovs, role_data, upgrade_tasks]
          -
            - name: Check if neutron_ovs_agent is deployed
              command: systemctl is-enabled neutron-openvswitch-agent
              tags: common
              ignore_errors: True
              register: neutron_ovs_agent_enabled
            - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
              shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
              when: neutron_ovs_agent_enabled.rc == 0
              tags: step0,validation
            - name: Stop neutron_ovs_agent service
              tags: step1
              when: neutron_ovs_agent_enabled.rc == 0
              service: name=neutron-openvswitch-agent state=stopped