heat_template_version: queens

description: >
  OpenStack Neutron L3 agent configured with Puppet

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  Debug:
    type: boolean
    default: false
    description: Set to True to enable debugging on all services.
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  NeutronL3AgentMode:
    description: |
      Agent mode for L3 agent. Must be one of legacy or dvr_snat.
    default: 'legacy'
    type: string
    constraints:
      - allowed_values:
        - legacy
        - dvr_snat
  MonitoringSubscriptionNeutronL3:
    default: 'overcloud-neutron-l3-agent'
    type: string
  NeutronL3AgentDebug:
    default: ''
    description: Set to True to enable debugging for Neutron L3 agent.
    type: string
    constraints:
      - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
  NeutronL3AgentLoggingSource:
    type: json
    default:
      tag: openstack.neutron.agent.l3
      path: /var/log/neutron/l3-agent.log

  # DEPRECATED: the following options are deprecated and are currently maintained
  # for backwards compatibility. They will be removed in the Pike cycle.
  NeutronExternalNetworkBridge:
    description: Name of bridge used for external network traffic. Usually L2
                 agent handles port wiring into external bridge, and hence the
                 parameter should be unset.
    type: string
    default: ''

conditions:
  service_debug_unset: {equals: [{get_param: NeutronL3AgentDebug}, '']}
  external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}

resources:

  NeutronBase:
    type: ./neutron-base.yaml
    properties:
      ServiceData: {get_param: ServiceData}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}
      RoleName: {get_param: RoleName}
      RoleParameters: {get_param: RoleParameters}

outputs:
  role_data:
    description: Role data for the Neutron L3 agent service.
    value:
      service_name: neutron_l3
      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
      config_settings:
        map_merge:
        - get_attr: [NeutronBase, role_data, config_settings]
        - neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode}
          neutron::agents::l3::debug:
            if:
            - service_debug_unset
            - {get_param: Debug}
            - {get_param: NeutronL3AgentDebug}
          tripleo.neutron_l3.firewall_rules:
            '106 neutron_l3 vrrp':
              proto: vrrp
        -
          if:
          - external_network_bridge_empty
          - {}
          - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
      service_config_settings:
        fluentd:
          tripleo_fluentd_groups_neutron_l3:
            - neutron
          tripleo_fluentd_sources_neutron_l3:
            - {get_param: NeutronL3AgentLoggingSource}
      step_config: |
        include tripleo::profile::base::neutron::l3
      upgrade_tasks:
        - name: Check if neutron_l3_agent is deployed
          command: systemctl is-enabled neutron-l3-agent
          tags: common
          ignore_errors: True
          register: neutron_l3_agent_enabled
        - name: "PreUpgrade step0,validation: Check service neutron-l3-agent is running"
          shell: /usr/bin/systemctl show 'neutron-l3-agent' --property ActiveState | grep '\bactive\b'
          when:
            - step|int == 0
            - neutron_l3_agent_enabled.rc == 0
          tags: validation
        - name: Stop neutron_l3 service
          when:
            - step|int == 1
            - neutron_l3_agent_enabled.rc == 0
          service: name=neutron-l3-agent state=stopped
      metadata_settings:
        get_attr: [NeutronBase, role_data, metadata_settings]