Merge "Run neutron-api behind uwsgi"
diff --git a/.kitchen.yml b/.kitchen.yml
index 39f401f..47966af 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -18,12 +18,15 @@
- name: linux
repo: git
source: https://gerrit.mcp.mirantis.com/salt-formulas/linux
+ branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
- name: keystone
repo: git
source: https://gerrit.mcp.mirantis.com/salt-formulas/keystone
+ branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
- name: oslo_templates
repo: git
source: https://gerrit.mcp.mirantis.com/salt-formulas/oslo-templates
+ branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
state_top:
base:
"*":
diff --git a/README.rst b/README.rst
index 4dd05af..8986c63 100644
--- a/README.rst
+++ b/README.rst
@@ -1487,6 +1487,40 @@
neutron:
max_allowed_address_pair: 20
+Increase OVS timeouts for loaded nodes
+--------------------------------------
+
+Network node:
+
+.. code-block:: yaml
+
+ neutron:
+ gateway:
+ of_connect_timeout: 60
+ of_request_timeout: 30
+ ovs_vsctl_timeout: 30 # Pike
+ ovsdb_timeout: 30 # Queens and beyond
+ bridge_mac_table_size: 100000
+
+Change default resource quotas
+------------------------------
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ quotas:
+ default_quota: 100
+ quota_network: 150
+ quota_subnet: 150
+ quota_port: 200
+ quota_router: 50
+ quota_floatingip: 30
+ quota_security_group: 20
+ quota_security_group_rule: 50
+
+
+
Enhanced logging with logging.conf
----------------------------------
diff --git a/neutron/files/pike/neutron-server.conf b/neutron/files/pike/neutron-server.conf
index 4331f42..5cccb0f 100644
--- a/neutron/files/pike/neutron-server.conf
+++ b/neutron/files/pike/neutron-server.conf
@@ -72,12 +72,12 @@
{% endif %}
service_plugins = {{ server.backend.get('router', l3_plugin)}},metering
+{%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%}
{%- if server.lbaas is defined -%},lbaasv2{%- endif -%}
{%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%}
{%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%}
{%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%}
{%- if server.l2gw is defined and server.l2gw.get('enabled', False) -%},networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin{%- endif -%}
-{%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%}
{% endif %}
{%- endif %}
@@ -2200,18 +2200,31 @@
# Default number of resource allowed per tenant. A negative value means
# unlimited. (integer value)
#default_quota = -1
+{%- if server.get('quotas',{}).default_quota is defined %}
+default_quota = {{ server.quotas.default_quota }}
+{%- endif %}
# Number of networks allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_network = 10
+{%- if server.get('quotas',{}).quota_network is defined %}
+quota_network = {{ server.quotas.quota_network }}
+{%- endif %}
# Number of subnets allowed per tenant, A negative value means unlimited.
# (integer value)
#quota_subnet = 10
+{%- if server.get('quotas',{}).quota_subnet is defined %}
+quota_subnet = {{ server.quotas.quota_subnet }}
+{%- endif %}
+
# Number of ports allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_port = 50
+{%- if server.get('quotas',{}).quota_port is defined %}
+quota_port = {{ server.quotas.quota_port }}
+{%- endif %}
# Default driver to use for quota checks. (string value)
#quota_driver = neutron.db.quota.driver.DbQuotaDriver
@@ -2230,18 +2243,30 @@
# Number of routers allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_router = 10
+{%- if server.get('quotas',{}).quota_router is defined %}
+quota_router = {{ server.quotas.quota_router }}
+{%- endif %}
# Number of floating IPs allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_floatingip = 50
+{%- if server.get('quotas',{}).quota_floatingip is defined %}
+quota_floatingip = {{ server.quotas.quota_floatingip }}
+{%- endif %}
# Number of security groups allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_security_group = 10
+{%- if server.get('quotas',{}).quota_security_group is defined %}
+quota_security_group = {{ server.quotas.quota_security_group }}
+{%- endif %}
# Number of security rules allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_security_group_rule = 100
+{%- if server.get('quotas',{}).quota_security_group_rule is defined %}
+quota_security_group_rule = {{ server.quotas.quota_security_group_rule }}
+{%- endif %}
[ssl]
diff --git a/neutron/files/pike/openvswitch_agent.ini b/neutron/files/pike/openvswitch_agent.ini
index 624101b..5c3545c 100644
--- a/neutron/files/pike/openvswitch_agent.ini
+++ b/neutron/files/pike/openvswitch_agent.ini
@@ -115,6 +115,24 @@
# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false
+# Timeout in seconds for ovs-vsctl commands.
+# If the timeout expires, ovs commands will fail with
+# ALARMCLOCK error.
+#ovs_vsctl_timeout = 10
+{%- if neutron.ovs_vsctl_timeout is defined %}
+ovs_vsctl_timeout = {{ neutron.ovs_vsctl_timeout }}
+{%- endif %}
+
+# The maximum number of MAC addresses to learn on
+# a bridge managed by the Neutron OVS agent. Values
+# outside a reasonable range (10 to 1,000,000) might be
+# overridden by Open vSwitch according to the
+# documentation.
+#bridge_mac_table_size = 50000
+{%- if neutron.bridge_mac_table_size is defined %}
+bridge_mac_table_size = {{ neutron.bridge_mac_table_size }}
+{%- endif %}
+
[agent]
@@ -304,10 +322,16 @@
# Timeout in seconds to wait for the local switch connecting the controller.
# Used only for 'native' driver. (integer value)
#of_connect_timeout = 30
+{%- if neutron.of_connect_timeout is defined %}
+of_connect_timeout = {{ neutron.of_connect_timeout }}
+{%- endif %}
# Timeout in seconds to wait for a single OpenFlow request. Used only for
# 'native' driver. (integer value)
#of_request_timeout = 10
+{%- if neutron.of_request_timeout is defined %}
+of_request_timeout = {{ neutron.of_request_timeout }}
+{%- endif %}
# The interface for interacting with the OVSDB (string value)
# Allowed values: vsctl, native
diff --git a/neutron/files/queens/neutron-server.conf b/neutron/files/queens/neutron-server.conf
index 162d2b6..7aa7e4e 100644
--- a/neutron/files/queens/neutron-server.conf
+++ b/neutron/files/queens/neutron-server.conf
@@ -63,11 +63,11 @@
{% endif %}
service_plugins = {{ server.backend.get('router', l3_plugin)}},metering
+{%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%}
{%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%}
{%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%}
{%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%}
{%- if server.l2gw is defined and server.l2gw.get('enabled', False) -%},networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin{%- endif -%}
-{%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%}
{%- if server.get('sfc', {}).get('enabled', False) -%},flow_classifier,sfc{%- endif -%}
{% endif %}
@@ -523,18 +523,30 @@
# Default number of resource allowed per tenant. A negative value means
# unlimited. (integer value)
#default_quota = -1
+{%- if server.get('quotas',{}).default_quota is defined %}
+default_quota = {{ server.quotas.default_quota }}
+{%- endif %}
# Number of networks allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_network = 100
+{%- if server.get('quotas',{}).quota_network is defined %}
+quota_network = {{ server.quotas.quota_network }}
+{%- endif %}
# Number of subnets allowed per tenant, A negative value means unlimited.
# (integer value)
#quota_subnet = 100
+{%- if server.get('quotas',{}).quota_subnet is defined %}
+quota_subnet = {{ server.quotas.quota_subnet }}
+{%- endif %}
# Number of ports allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_port = 500
+{%- if server.get('quotas',{}).quota_port is defined %}
+quota_port = {{ server.quotas.quota_port }}
+{%- endif %}
# Default driver to use for quota checks. (string value)
#quota_driver = neutron.db.quota.driver.DbQuotaDriver
@@ -553,18 +565,30 @@
# Number of routers allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_router = 10
+{%- if server.get('quotas',{}).quota_router is defined %}
+quota_router = {{ server.quotas.quota_router }}
+{%- endif %}
# Number of floating IPs allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_floatingip = 50
+{%- if server.get('quotas',{}).quota_floatingip is defined %}
+quota_floatingip = {{ server.quotas.quota_floatingip }}
+{%- endif %}
# Number of security groups allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_security_group = 10
+{%- if server.get('quotas',{}).quota_security_group is defined %}
+quota_security_group = {{ server.quotas.quota_security_group }}
+{%- endif %}
# Number of security rules allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_security_group_rule = 100
+{%- if server.get('quotas',{}).quota_security_group_rule is defined %}
+quota_security_group_rule = {{ server.quotas.quota_security_group_rule }}
+{%- endif %}
[ssl]
diff --git a/neutron/files/queens/openvswitch_agent.ini b/neutron/files/queens/openvswitch_agent.ini
index 6b1d41c..39a07cb 100644
--- a/neutron/files/queens/openvswitch_agent.ini
+++ b/neutron/files/queens/openvswitch_agent.ini
@@ -207,10 +207,16 @@
# Timeout in seconds to wait for the local switch connecting the controller.
# Used only for 'native' driver. (integer value)
#of_connect_timeout = 30
+{%- if neutron.of_connect_timeout is defined %}
+of_connect_timeout = {{ neutron.of_connect_timeout }}
+{%- endif %}
# Timeout in seconds to wait for a single OpenFlow request. Used only for
# 'native' driver. (integer value)
#of_request_timeout = 10
+{%- if neutron.of_request_timeout is defined %}
+of_request_timeout = {{ neutron.of_request_timeout }}
+{%- endif %}
# DEPRECATED: The interface for interacting with the OVSDB (string value)
# Possible values:
@@ -238,6 +244,24 @@
# value)
#ssl_ca_cert_file = <None>
+# Timeout in seconds for ovsdb commands.
+# If the timeout expires, ovsdb commands will fail with
+# ALARMCLOCK error.
+#ovsdb_timeout = 10
+{%- if neutron.ovsdb_timeout is defined %}
+ovsdb_timeout = {{ neutron.ovsdb_timeout }}
+{%- endif %}
+
+# The maximum number of MAC addresses to learn on
+# a bridge managed by the Neutron OVS agent. Values
+# outside a reasonable range (10 to 1,000,000) might be
+# overridden by Open vSwitch according to the
+# documentation.
+#bridge_mac_table_size = 50000
+{%- if neutron.bridge_mac_table_size is defined %}
+bridge_mac_table_size = {{ neutron.bridge_mac_table_size }}
+{%- endif %}
+
[securitygroup]
diff --git a/neutron/files/rocky/neutron-server.conf b/neutron/files/rocky/neutron-server.conf
index 29899f2..97ed365 100644
--- a/neutron/files/rocky/neutron-server.conf
+++ b/neutron/files/rocky/neutron-server.conf
@@ -55,11 +55,11 @@
{%- endif %}
# The service plugins Neutron will use (list value)
service_plugins = {{ server.backend.get('router', l3_plugin) }},metering
+{%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%}
{%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%}
{%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%}
{%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%}
{%- if server.l2gw is defined and server.l2gw.get('enabled', False) -%},networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin{%- endif -%}
-{%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%}
{%- if server.get('sfc', {}).get('enabled', False) -%},flow_classifier,sfc{%- endif -%}
{%- endif %}
@@ -542,18 +542,30 @@
# Default number of resource allowed per tenant. A negative value means
# unlimited. (integer value)
#default_quota = -1
+{%- if server.get('quotas',{}).default_quota is defined %}
+default_quota = {{ server.quotas.default_quota }}
+{%- endif %}
# Number of networks allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_network = 100
+{%- if server.get('quotas',{}).quota_network is defined %}
+quota_network = {{ server.quotas.quota_network }}
+{%- endif %}
# Number of subnets allowed per tenant, A negative value means unlimited.
# (integer value)
#quota_subnet = 100
+{%- if server.get('quotas',{}).quota_subnet is defined %}
+quota_subnet = {{ server.quotas.quota_subnet }}
+{%- endif %}
# Number of ports allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_port = 500
+{%- if server.get('quotas',{}).quota_port is defined %}
+quota_port = {{ server.quotas.quota_port }}
+{%- endif %}
# Default driver to use for quota checks. (string value)
#quota_driver = neutron.db.quota.driver.DbQuotaDriver
@@ -573,18 +585,30 @@
# Number of routers allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_router = 10
+{%- if server.get('quotas',{}).quota_router is defined %}
+quota_router = {{ server.quotas.quota_router }}
+{%- endif %}
# Number of floating IPs allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_floatingip = 50
+{%- if server.get('quotas',{}).quota_floatingip is defined %}
+quota_floatingip = {{ server.quotas.quota_floatingip }}
+{%- endif %}
# Number of security groups allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_security_group = 10
+{%- if server.get('quotas',{}).quota_security_group is defined %}
+quota_security_group = {{ server.quotas.quota_security_group }}
+{%- endif %}
# Number of security rules allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_security_group_rule = 100
+{%- if server.get('quotas',{}).quota_security_group_rule is defined %}
+quota_security_group_rule = {{ server.quotas.quota_security_group_rule }}
+{%- endif %}
[ssl]
diff --git a/neutron/files/rocky/openvswitch_agent.ini b/neutron/files/rocky/openvswitch_agent.ini
index 5330ff0..47a199e 100644
--- a/neutron/files/rocky/openvswitch_agent.ini
+++ b/neutron/files/rocky/openvswitch_agent.ini
@@ -208,10 +208,16 @@
# Timeout in seconds to wait for the local switch connecting the controller.
# Used only for 'native' driver. (integer value)
#of_connect_timeout = 30
+{%- if neutron.of_connect_timeout is defined %}
+of_connect_timeout = {{ neutron.of_connect_timeout }}
+{%- endif %}
# Timeout in seconds to wait for a single OpenFlow request. Used only for
# 'native' driver. (integer value)
#of_request_timeout = 10
+{%- if neutron.of_request_timeout is defined %}
+of_request_timeout = {{ neutron.of_request_timeout }}
+{%- endif %}
# DEPRECATED: The interface for interacting with the OVSDB (string value)
# Possible values:
@@ -242,6 +248,24 @@
# Enable OVSDB debug logs (boolean value)
#ovsdb_debug = false
+# Timeout in seconds for ovsdb commands.
+# If the timeout expires, ovsdb commands will fail with
+# ALARMCLOCK error.
+#ovsdb_timeout = 10
+{%- if neutron.ovsdb_timeout is defined %}
+ovsdb_timeout = {{ neutron.ovsdb_timeout }}
+{%- endif %}
+
+# The maximum number of MAC addresses to learn on
+# a bridge managed by the Neutron OVS agent. Values
+# outside a reasonable range (10 to 1,000,000) might be
+# overridden by Open vSwitch according to the
+# documentation.
+#bridge_mac_table_size = 50000
+{%- if neutron.bridge_mac_table_size is defined %}
+bridge_mac_table_size = {{ neutron.bridge_mac_table_size }}
+{%- endif %}
+
[securitygroup]