{%- from "neutron/map.jinja" import server, fwaas with context %}

include:
  - neutron.db.offline_sync
  - neutron.fwaas
  - neutron._ssl.mysql
  - neutron._ssl.rabbitmq

{%- if server.get('enabled', False) %}
{% if grains.os_family == 'Debian' %}
# This is here to avoid starting up wrongly configured service and to avoid
# issue with restart limits on systemd.

policy_rcd_present:
  file.managed:
  - name: /usr/sbin/policy-rc.d
  - mode: 0775
  - contents: "exit 101"
  - prereq:
    - pkg: neutron_server_packages

policy_rcd_absent_ok:
  file.absent:
  - name: /usr/sbin/policy-rc.d
  - require:
    - pkg: neutron_server_packages

policy_rcd_absent_onfail:
  file.absent:
  - name: /usr/sbin/policy-rc.d
  - onfail:
    - pkg: neutron_server_packages
{% endif %}

neutron_server_packages:
  pkg.installed:
  - names: {{ server.pkgs }}
  - require_in:
    - sls: neutron._ssl.mysql
    - sls: neutron._ssl.rabbitmq

{% if server.backend.engine == "contrail" %}

/etc/neutron/plugins/opencontrail/ContrailPlugin.ini:
  file.managed:
  - source: salt://neutron/files/{{ server.version }}/ContrailPlugin.ini
  - template: jinja
  - user: neutron
  - group: neutron
  - mode: 640
  - require:
    - pkg: neutron_server_packages
    - pkg: neutron_contrail_package

contrail_plugin_link:
  cmd.run:
  - names:
    - ln -s /etc/neutron/plugins/opencontrail/ContrailPlugin.ini /etc/neutron/plugin.ini
  - unless: test -e /etc/neutron/plugin.ini
  - require:
    - file: /etc/neutron/plugins/opencontrail/ContrailPlugin.ini

neutron_contrail_package:
  pkg.installed:
  - name: neutron-plugin-contrail

neutron_server_service:
  service.running:
  - name: neutron-server
  - enable: true
  {%- if grains.get('noservices') %}
  - onlyif: /bin/false
  {%- endif %}
  - require:
    - sls: neutron._ssl.mysql
    - sls: neutron._ssl.rabbitmq
  - watch:
    - file: /etc/neutron/neutron.conf

{%- endif %}

{% if server.backend.engine in ["ml2", "ovn"] %}

ml2_packages:
  pkg.installed:
  - names: {{ server.pkgs_ml2 }}

/etc/neutron/plugins/ml2/ml2_conf.ini:
  file.managed:
  - source: salt://neutron/files/{{ server.version }}/ml2_conf.ini
  - mode: 0640
  - user: root
  - group: neutron
  - template: jinja
  - require:
    - pkg: neutron_server_packages
    - pkg: ml2_packages
  - require_in:
    - sls: neutron.db.offline_sync
  - watch_in:
    - service: neutron_server_services

ml2_plugin_link:
  cmd.run:
  - names:
    - ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  - unless: test -e /etc/neutron/plugin.ini
  - require:
    - file: /etc/neutron/plugins/ml2/ml2_conf.ini

{%- endif %}

{%- if server.l2gw is defined %}
{%- include "neutron/services/_l2gw.sls" %}
{%- endif %}

{%- if server.backend.get('opendaylight', False) %}
python-networking-odl:
  pkg.installed:
  - require_in:
    - pkg: neutron_server_packages
{%- endif %}

/etc/neutron/neutron.conf:
  file.managed:
  - source: salt://neutron/files/{{ server.version }}/neutron-server.conf
  - mode: 0640
  - user: root
  - group: neutron
  - template: jinja
  - require:
    - pkg: neutron_server_packages
    - sls: neutron._ssl.mysql
    - sls: neutron._ssl.rabbitmq
  - require_in:
    - sls: neutron.db.offline_sync

/etc/neutron/api-paste.ini:
  file.managed:
    - source: salt://neutron/files/{{ server.version  }}/api-paste.ini
    - mode: 0640
    - group: neutron
    - template: jinja
    - require:
      - pkg: neutron_server_packages

{%- for service_name in server.get('services', []) %}
{%- if service_name != 'neutron-server' %}
{{ service_name }}_default:
  file.managed:
    - name: /etc/default/{{ service_name }}
    - source: salt://neutron/files/default
    - template: jinja
    - defaults:
        service_name: {{ service_name }}
        values: {{ server }}
    - require:
      - pkg: neutron_server_packages
    - watch_in:
      - service: neutron_server_services
{%- endif %}
{%- endfor %}

{%- if server.logging.log_appender %}

{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
neutron_server_fluentd_logger_package:
  pkg.installed:
    - name: python-fluent-logger
{%- endif %}

server_var_log_{{ server.logging.app_name }}_log_file:
  file.managed:
    - name: /var/log/{{ server.logging.app_name }}/neutron.log
    - user: neutron
    - group: neutron
    - require:
      - pkg: neutron_server_packages

neutron_general_logging_conf:
  file.managed:
    - name: /etc/neutron/logging.conf
    - source: salt://oslo_templates/files/logging/_logging.conf
    - mode: 0640
    - user: root
    - group: neutron
    - template: jinja
    - makedirs: True
    - defaults:
        service_name: neutron
        _data: {{ server.logging }}
    - user: neutron
    - group: neutron
    - require_in:
      - sls: neutron.db.offline_sync
    - require:
      - pkg: neutron_server_packages
      - file: server_var_log_{{ server.logging.app_name }}_log_file
{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
      - pkg: neutron_server_fluentd_logger_package
{%- endif %}
    - watch_in:
      - service: neutron_server_services

{%- for service_name in server.services %}

server_var_log_{{ server.logging.app_name }}_{{ service_name }}_log_file:
  file.managed:
    - name: /var/log/{{ server.logging.app_name }}/{{ service_name }}.log
    - user: neutron
    - group: neutron
    - require:
      - pkg: neutron_server_packages

{{ service_name }}_logging_conf:
  file.managed:
    - name: /etc/neutron/logging/logging-{{ service_name }}.conf
    - source: salt://oslo_templates/files/logging/_logging.conf
    - mode: 0640
    - user: root
    - group: neutron
    - template: jinja
    - makedirs: True
    - defaults:
        service_name: {{ service_name }}
        _data: {{ server.logging }}
    - user: neutron
    - group: neutron
    - require:
      - pkg: neutron_server_packages
      - file: server_var_log_{{ server.logging.app_name }}_{{ service_name }}_log_file
{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
      - pkg: neutron_server_fluentd_logger_package
{%- endif %}
    - watch_in:
      - service: neutron_server_services
{%- endfor %}

{%- endif %}

{%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
/etc/neutron/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}:
  file.managed:
    - mode: 0640
    - user: root
    - group: neutron
    - require:
      - pkg: neutron_server_packages
{%- endif %}

{%- for name, rule in server.get('policy', {}).iteritems() %}

{%- if rule != None %}
neutron_keystone_rule_{{ name }}_present:
  keystone_policy.rule_present:
  - path: /etc/neutron/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
  - name: '{{ name }}'
  - rule: '{{ rule }}'
  - require:
    - pkg: neutron_server_packages
    {%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
    - file: /etc/neutron/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
    {%- endif %}

{%- else %}

neutron_keystone_rule_{{ name }}_absent:
  keystone_policy.rule_absent:
  - path: /etc/neutron/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
  - name: '{{ name }}'
  - require:
    - pkg: neutron_server_packages
    {%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
    - file: /etc/neutron/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
    {%- endif %}

{%- endif %}

{%- endfor %}

{%- if grains.os_family == "Debian" %}
/etc/default/neutron-server:
  file.managed:
  - source: salt://neutron/files/{{ server.version }}/neutron-server
  - mode: 0640
  - user: root
  - group: neutron
  - template: jinja
  - require:
    - pkg: neutron_server_packages
  - watch_in:
    - service: neutron_server_services
{%- endif %}

{%- if server.get('concurrency', {}).lock_path is defined %}
neutron_server_lock_path_{{ server.concurrency.lock_path }}:
  file.directory:
  - name: {{ server.concurrency.lock_path }}
  - user: neutron
  - group: neutron
  - mode: 750
  - makedirs: True
  - require:
    - pkg: neutron_server_packages
  - require_in:
    - service: neutron_server_services
{%- endif %}

{%- if server.backend.engine == "ovn" %}

ovn_packages:
  pkg.installed:
  - names: {{ server.pkgs_ovn }}
  - require_in:
    - sls: neutron.db.offline_sync

{%- if not grains.get('noservices', False) %}

open_ovs_port:
  iptables.append:
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - dport: 6640
    - proto: tcp
    - save: True

ovn_services:
  service.running:
  - names: {{ server.services_ovn }}
  - enable: true
  {%- if grains.get('noservices') %}
  - onlyif: /bin/false
  {%- endif %}
  - require:
    - pkg: ovn_packages

remote_ovsdb_access:
  cmd.run:
  - name: "ovs-appctl -t ovsdb-server ovsdb-server/add-remote
  ptcp:6640:{{ server.controller_vip }}"

{%- if grains.os_family == 'Debian' %}
/etc/default/ovn-central:
  file.managed:
  - source: salt://neutron/files/ovn_central_options
  - template: jinja
  - require:
    - pkg: ovn_packages
  - watch_in:
    - service: ovn_services
{%- endif %}
{%- endif %}
{%- endif %}

{%- if server.backend.engine == "midonet" %}

/etc/neutron/plugins/midonet/midonet.ini:
  file.managed:
    - source: salt://neutron/files/{{ server.version }}/midonet.ini
    - user: root
    - group: neutron
    - mode: 640
    - makedirs: true
    - dir_mode: 750
    - template: jinja
    - require_in:
      - sls: neutron.db.offline_sync

{%- if server.version == "kilo" %}

midonet_neutron_packages:
  pkg.installed:
  - names:
    - python-neutron-plugin-midonet
    - python-neutron-lbaas

{%- else %}

midonet_neutron_packages:
  pkg.installed:
  - names:
    - python-networking-midonet
    - python-neutron-lbaas
    - python-neutron-fwaas

{%- endif %}
{%- endif %}

{% if server.backend.engine == "vmware" %}

vmware_neutron_packages:
  pkg.installed:
  - names:
    - python-vmware-nsx

/etc/neutron/plugins/vmware/nsx.ini:
  file.managed:
    - source: salt://neutron/files/{{ server.version }}/plugins/nsx.ini
    - user: root
    - group: neutron
    - mode: 640
    - makedirs: true
    - dir_mode: 750
    - template: jinja
    - require:
      - pkg: vmware_neutron_packages
    - require_in:
      - sls: neutron.db.offline_sync

{%- endif %}

{% if server.get('bgp_vpn', {}).get('enabled', False) %}

bgpvpn_packages:
  pkg.installed:
  - names: {{ server.pkgs_bgpvpn }}
  - require_in:
    - sls: neutron.db.offline_sync

{% if server.bgp_vpn.driver == "bagpipe" %}

bagpipe_packages:
  pkg.installed:
  - names: {{ server.pkgs_bagpipe }}

{% endif %}

{%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
/etc/neutron/{{ server.get('oslo_policy', {}).get('bgpvpn_policy_file', 'policy.json') }}:
  file.managed:
    - mode: 0640
    - user: root
    - group: neutron
    - require:
      - pkg: bgpvpn_packages
{%- endif %}

{%- for name, rule in server.get('bgpvpn_policy', {}).iteritems() %}

  {%- if rule != None %}
neutron_keystone_rule_{{ name }}_present:
  keystone_policy.rule_present:
  - path: /etc/neutron/{{ server.get('oslo_policy', {}).get('bgpvpn_policy_file', 'policy.json') }}
  - name: '{{ name }}'
  - rule: '{{ rule }}'
  - require:
    - pkg: bgpvpn_packages
    {%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
    - file: /etc/neutron/{{ server.get('oslo_policy', {}).get('bgpvpn_policy_file', 'policy.json') }}
    {%- endif %}

  {%- else %}

neutron_keystone_rule_{{ name }}_absent:
  keystone_policy.rule_absent:
  - path: /etc/neutron/{{ server.get('oslo_policy', {}).get('bgpvpn_policy_file', 'policy.json') }}
  - name: '{{ name }}'
  - require:
    - pkg: bgpvpn_packages
    {%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
    - file: /etc/neutron/{{ server.get('oslo_policy', {}).get('bgpvpn_policy_file', 'policy.json') }}
    {%- endif %}

  {%- endif %}

{%- endfor %}

{% endif %}

{%- if server.wsgi is defined %}
  {%- include "neutron/wsgi/uwsgi.sls" %}
{%- endif %}

neutron_server_services:
  service.running:
  - names: {{ server.services }}
  - enable: true
  {%- if grains.get('noservices') %}
  - onlyif: /bin/false
  {%- endif %}
  - require:
    - sls: neutron._ssl.mysql
    - sls: neutron._ssl.rabbitmq
  - watch:
    - file: /etc/neutron/neutron.conf

{%- if grains.get('virtual_subtype', None) == "Docker" %}

neutron_entrypoint:
  file.managed:
  - name: /entrypoint.sh
  - template: jinja
  - source: salt://neutron/files/entrypoint.sh
  - mode: 755

{%- endif %}

{%- endif %}