summaryrefslogtreecommitdiffstats
path: root/puppet/services/neutron-l3.yaml
blob: 572c89a5a7f5781afd6d8edbfcf10c8052c5d956 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
heat_template_version: ocata

description: >
  OpenStack Neutron L3 agent configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  Debug:
    type: string
    default: ''
  NeutronL3AgentMode:
    description: |
      Agent mode for L3 agent. Must be one of legacy or dvr_snat.
    default: 'legacy'
    type: string
    constraints:
      - allowed_values:
        - legacy
        - dvr_snat
  MonitoringSubscriptionNeutronL3:
    default: 'overcloud-neutron-l3-agent'
    type: string
  NeutronL3AgentLoggingSource:
    type: json
    default:
      tag: openstack.neutron.agent.l3
      path: /var/log/neutron/l3-agent.log

  # DEPRECATED: the following options are deprecated and are currently maintained
  # for backwards compatibility. They will be removed in the Pike cycle.
  NeutronExternalNetworkBridge:
    description: Name of bridge used for external network traffic. Usually L2
                 agent handles port wiring into external bridge, and hence the
                 parameter should be unset.
    type: string
    default: ''

conditions:

  external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}

resources:

  NeutronBase:
    type: ./neutron-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}

outputs:
  role_data:
    description: Role data for the Neutron L3 agent service.
    value:
      service_name: neutron_l3
      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
      logging_source: {get_param: NeutronL3AgentLoggingSource}
      logging_groups:
        - neutron
      config_settings:
        map_merge:
        - get_attr: [NeutronBase, role_data, config_settings]
        - neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode}
          tripleo.neutron_l3.firewall_rules:
            '106 neutron_l3 vrrp':
              proto: vrrp
        -
          if:
          - external_network_bridge_empty
          - {}
          - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
      step_config: |
        include tripleo::profile::base::neutron::l3
      upgrade_tasks:
        - name: "PreUpgrade step0,validation: Check service neutron-l3-agent is running"
          shell: /usr/bin/systemctl show 'neutron-l3-agent' --property ActiveState | grep '\bactive\b'
          tags: step0,validation
        - name: Stop neutron_l3 service
          tags: step1
          service: name=neutron-l3-agent state=stopped