Merge branch 'master' into master
diff --git a/.gitreview b/.gitreview
deleted file mode 100644
index 5e52b04..0000000
--- a/.gitreview
+++ /dev/null
@@ -1,4 +0,0 @@
-[gerrit]
-host=gerrit.mcp.mirantis.net
-port=29418
-project=salt-formulas/neutron.git
diff --git a/.kitchen.yml b/.kitchen.yml
index d144018..60bc140 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -8,7 +8,7 @@
name: salt_solo
salt_install: bootstrap
salt_bootstrap_url: https://bootstrap.saltstack.com
- salt_version: latest
+ salt_version: <%=ENV['SALT_VERSION'] || 'latest'%>
require_chef: false
log_level: error
formula: neutron
@@ -46,9 +46,9 @@
sudo: true
platforms:
- - name: <%=ENV['PLATFORM'] || 'ubuntu-xenial'%>
+ - name: <%=ENV['PLATFORM'] || 'saltstack-ubuntu-xenial-salt-stable'%>
driver_config:
- image: <%=ENV['PLATFORM'] || 'trevorj/salty-whales:xenial'%>
+ image: <%=ENV['PLATFORM'] || 'epcim/salt-formulas:saltstack-ubuntu-xenial-salt-stable'%>
platform: ubuntu
suites:
@@ -63,6 +63,11 @@
pillars-from-files:
neutron.sls: tests/pillar/compute_dvr.sls
+ - name: compute_dvr_fwaas_v1
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/compute_dvr_fwaas_v1.sls
+
- name: compute_legacy
provisioner:
pillars-from-files:
@@ -78,6 +83,26 @@
pillars-from-files:
neutron.sls: tests/pillar/compute_sriov.sls
+ - name: compute_qos_sriov
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/compute_qos_sriov.sls
+
+ - name: compute_qos
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/compute_qos.sls
+
+ - name: compute_ovn
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/compute_ovn.sls
+
+ - name: compute_bgpvpn
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/compute_bgpvpn.sls
+
- name: control_cluster
provisioner:
pillars-from-files:
@@ -93,11 +118,46 @@
pillars-from-files:
neutron.sls: tests/pillar/control_nodvr.sls
+ - name: control_lbaas_octavia
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_lbaas_octavia.sls
+
+ - name: control_fwaas_v1
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_fwaas_v1.sls
+
+ - name: control_l2gw
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_l2gw.sls
+
+ - name: control_opendaylight
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_opendaylight.sls
+
- name: control_single
provisioner:
pillars-from-files:
neutron.sls: tests/pillar/control_single.sls
+ - name: control_qos
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_qos.sls
+
+ - name: control_ovn
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_ovn.sls
+
+ - name: control_bgpvpn
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_bgpvpn.sls
+
- name: gateway_dvr
provisioner:
pillars-from-files:
@@ -107,4 +167,30 @@
provisioner:
pillars-from-files:
neutron.sls: tests/pillar/gateway_legacy.sls
+
+ - name: gateway_qos
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/gateway_qos.sls
+
+ - name: gateway_legacy_fwaas_v1
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/gateway_legacy_fwaas_v1.sls
+
+ - name: gateway_legacy_l2gw
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/gateway_legacy_l2gw.sls
+
+ - name: gateway_legacy_opendaylight
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/gateway_legacy_opendaylight.sls
+
+ - name: control_dns
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_dns.sls
+
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/.travis.yml b/.travis.yml
index 3925301..31b7e26 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -17,35 +17,80 @@
- bundle install
env:
- - PLATFORM=trevorj/salty-whales:trusty SUITE=compute_dpdk
- - PLATFORM=trevorj/salty-whales:xenial SUITE=compute_dpdk
- - PLATFORM=trevorj/salty-whales:trusty SUITE=compute_dvr
- - PLATFORM=trevorj/salty-whales:xenial SUITE=compute_dvr
- - PLATFORM=trevorj/salty-whales:trusty SUITE=compute_legacy
- - PLATFORM=trevorj/salty-whales:xenial SUITE=compute_legacy
- - PLATFORM=trevorj/salty-whales:trusty SUITE=compute_nonexternal_dvr
- - PLATFORM=trevorj/salty-whales:xenial SUITE=compute_nonexternal_dvr
- - PLATFORM=trevorj/salty-whales:trusty SUITE=compute_sriov
- - PLATFORM=trevorj/salty-whales:xenial SUITE=compute_sriov
- - PLATFORM=trevorj/salty-whales:trusty SUITE=control_cluster
- - PLATFORM=trevorj/salty-whales:xenial SUITE=control_cluster
- - PLATFORM=trevorj/salty-whales:trusty SUITE=control_dvr
- - PLATFORM=trevorj/salty-whales:xenial SUITE=control_dvr
- - PLATFORM=trevorj/salty-whales:trusty SUITE=control_nodvr
- - PLATFORM=trevorj/salty-whales:xenial SUITE=control_nodvr
- - PLATFORM=trevorj/salty-whales:trusty SUITE=control_single
- - PLATFORM=trevorj/salty-whales:xenial SUITE=control_single
- - PLATFORM=trevorj/salty-whales:trusty SUITE=gateway_dvr
- - PLATFORM=trevorj/salty-whales:xenial SUITE=gateway_dvr
- - PLATFORM=trevorj/salty-whales:trusty SUITE=gateway_legacy
- - PLATFORM=trevorj/salty-whales:xenial SUITE=gateway_legacy
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-dpdk
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-dpdk
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-dpdk
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-dvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-dvr
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-dvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-dvr-fwaas-v1
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-dvr-fwaas-v1
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-dvr-fwaas-v1
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-legacy
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-legacy
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-legacy
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-nonexternal-dvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-nonexternal-dvr
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-nonexternal-dvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-sriov
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-sriov
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-sriov
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-qos-sriov
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-qos-sriov
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-qos-sriov
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-qos
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-qos
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-qos
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=compute-ovn
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=compute-ovn
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=compute-ovn
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-cluster
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-cluster
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-cluster
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-dvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-dvr
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-dvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-nodvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-nodvr
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-nodvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-single
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-single
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-single
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-lbaas-octavia
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-lbaas-octavia
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-lbaas-octavia
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-fwaas-v1
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-fwaas-v1
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-fwaas-v1
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-qos
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-qos
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-qos
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-ovn
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-ovn
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-ovn
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=control-dns
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=control-dns
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=control-dns
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=gateway-dvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=gateway-dvr
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=gateway-dvr
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=gateway-legacy
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=gateway-legacy
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=gateway-legacy
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=gateway-qos
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=gateway-qos
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=gateway-qos
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=gateway-legacy-fwaas-v1
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=gateway-legacy-fwaas-v1
+# - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=gateway-legacy-fwaas-v1
before_script:
- set -o pipefail
- make test | tail
script:
- - KITCHEN_LOCAL_YAML=.kitchen.travis.yml bundle exec kitchen test -t tests/integration
+ - test ! -e .kitchen.yml || bundle exec kitchen converge ${SUITE} || true
+ - test ! -e .kitchen.yml || bundle exec kitchen verify ${SUITE} -t tests/integration
notifications:
webhooks:
diff --git a/Makefile b/Makefile
index 1043fbe..d166862 100644
--- a/Makefile
+++ b/Makefile
@@ -27,6 +27,7 @@
all:
@echo "make install - Install into DESTDIR"
+ @echo "make lint - Run lint tests"
@echo "make test - Run tests"
@echo "make kitchen - Run Kitchen CI tests (create, converge, verify)"
@echo "make clean - Cleanup after tests run"
@@ -45,6 +46,9 @@
[ -d $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME) ] || mkdir -p $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME)
cp -a metadata/service/* $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME)
+lint:
+ [ ! -d tests ] || (cd tests; ./run_tests.sh lint)
+
test:
[ ! -d tests ] || (cd tests; ./run_tests.sh)
@@ -65,7 +69,7 @@
[ ! -f debian/changelog ] || dch -v $(VERSION_MAJOR).$(NEW_MINOR_VERSION) -m --force-distribution -D `dpkg-parsechangelog -S Distribution` "New version"
make genchangelog-$(VERSION_MAJOR).$(NEW_MINOR_VERSION)
(git add -u; git commit -m "Version $(VERSION_MAJOR).$(NEW_MINOR_VERSION)")
- git tag -s -m $(NEW_MAJOR_VERSION) $(VERSION_MAJOR).$(NEW_MINOR_VERSION)
+ git tag -s -m $(VERSION_MAJOR).$(NEW_MINOR_VERSION) $(VERSION_MAJOR).$(NEW_MINOR_VERSION)
check-changes:
@git log --pretty=oneline --decorate $(VERSION)..HEAD | grep -Eqc '.*' || (echo "No new changes since version $(VERSION)"; exit 1)
diff --git a/README.rst b/README.rst
index e8e633f..d61d0f2 100644
--- a/README.rst
+++ b/README.rst
@@ -8,7 +8,7 @@
Starting in the Folsom release, Neutron is a core and supported part of the
OpenStack platform (for Essex, we were an "incubated" project, which means use
-is suggested only for those who really know what they're doing with Neutron).
+is suggested only for those who really know what they're doing with Neutron).
Sample Pillars
==============
@@ -23,6 +23,11 @@
version: mitaka
allow_pagination: true
pagination_max_limit: 100
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ root_helper_daemon: false
+ dhcp_lease_duration: 600
bind:
address: 172.20.0.1
port: 9696
@@ -52,6 +57,7 @@
host: 127.0.0.1
port: 8775
password: pass
+ workers: 2
audit:
enabled: false
@@ -73,7 +79,8 @@
# Add key without value to remove line from policy.json
'create_network:shared':
-Neutron lbaas provides on the controller node
+Neutron LBaaSv2 enablement
+--------------------------
.. code-block:: yaml
@@ -82,9 +89,13 @@
lbaas:
enabled: true
providers:
+ octavia:
+ engine: octavia
+ driver_path: 'neutron_lbaas.drivers.octavia.driver.OctaviaDriver'
+ base_url: 'http://127.0.0.1:9876'
avi_adc:
- enabled: true
engine: avinetworks
+ driver_path: 'avi_lbaasv2.avi_driver.AviDriver'
controller_address: 10.182.129.239
controller_user: admin
controller_password: Cloudlab2016
@@ -93,17 +104,31 @@
engine: avinetworks
...
-Note: If you want contrail lbaas then backend is only required. Lbaas in
-pillar should be define only if it should be disabled.
+Note: If the Contrail backend is set, Opencontrail loadbalancer would be enabled
+automatically. In this case lbaas should disabled in pillar:
.. code-block:: yaml
neutron:
server:
lbaas:
- enabled: disabled
+ enabled: false
+
+
+Neutron FWaaSv1 enablement
+--------------------------
+
+.. code-block:: yaml
+
+ neutron:
+ fwaas:
+ enabled: true
+ version: ocata
+ api_version: v1
+
Enable CORS parameters
+----------------------
.. code-block:: yaml
@@ -125,11 +150,11 @@
This use case describes a model utilising VxLAN overlay with DVR. The DVR
routers will only be utilized for traffic that is router within the cloud
-infrastructure and that remains encapsulated. External traffic will be
-routed to via the network nodes.
+infrastructure and that remains encapsulated. External traffic will be
+routed to via the network nodes.
-The intention is that each tenant will require at least two (2) vrouters
-one to be utilised
+The intention is that each tenant will require at least two (2) vrouters
+one to be utilised
Neutron Server
@@ -138,7 +163,7 @@
neutron:
server:
version: mitaka
- plugin: ml2
+ path_mtu: 1500
bind:
address: 172.20.0.1
port: 9696
@@ -183,6 +208,7 @@
gateway:
enabled: True
version: mitaka
+ dhcp_lease_duration: 600
message_queue:
engine: rabbitmq
host: 127.0.0.1
@@ -201,7 +227,7 @@
tenant_network_types: "flat,vxlan"
mechanism:
ovs:
- driver: openvswitch
+ driver: openvswitch
Compute Node
@@ -224,7 +250,7 @@
external_access: false # Compute node with DVR for east-west only, Network Node has True as default
metadata:
host: 127.0.0.1
- password: pass
+ password: pass
backend:
engine: ml2
tenant_network_types: "flat,vxlan"
@@ -235,6 +261,84 @@
enabled: false
+Disable physnet1 bridge
+-----------------------
+
+By default we have external access turned on, so among any physnets in
+your reclass there would be additional one: physnet1, which is mapped to
+br-floating
+
+If you need internal nets only without this bridge, remove br-floating
+and configurations mappings. Disable mappings for this bridge on
+neutron-servers:
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ external_access: false
+
+gateways:
+
+.. code-block:: yaml
+
+ neutron:
+ gateway:
+ external_access: false
+
+compute nodes:
+
+.. code-block:: yaml
+
+ neutron:
+ compute:
+ external_access: false
+
+
+Add additional bridge mappings for OVS bridges
+----------------------------------------------
+
+By default we have external access turned on, so among any physnets in
+your reclass there would be additional one: physnet1, which is mapped to
+br-floating
+
+If you need to add extra non-default bridge mappings they can be defined
+separately for both gateways and compute nodes:
+
+gateways:
+
+.. code-block:: yaml
+
+ neutron:
+ gateway:
+ bridge_mappings:
+ physnet4: br-floating-internet
+
+compute nodes:
+
+.. code-block:: yaml
+
+ neutron:
+ compute:
+ bridge_mappings:
+ physnet4: br-floating-internet
+
+
+Specify different mtu values for different physnets
+---------------------------------------------------
+
+Neutron Server
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ version: mitaka
+ backend:
+ external_mtu: 1500
+ tenant_net_mtu: 9000
+ ironic_net_mtu: 9000
+
Neutron VXLAN tenant networks with Network Nodes (non DVR)
----------------------------------------------------------
@@ -248,7 +352,6 @@
neutron:
server:
version: mitaka
- plugin: ml2
bind:
address: 172.20.0.1
port: 9696
@@ -312,7 +415,7 @@
tenant_network_types: "flat,vxlan"
mechanism:
ovs:
- driver: openvswitch
+ driver: openvswitch
Compute Node
@@ -331,7 +434,7 @@
virtual_host: '/openstack'
local_ip: 192.168.20.20 # br-mesh ip address
external_access: False
- dvr: False
+ dvr: False
backend:
engine: ml2
tenant_network_types: "flat,vxlan"
@@ -344,8 +447,8 @@
With DVR for East-West and North-South, DVR everywhere, Network node for SNAT.
-This section describes a network solution that utilises VxLAN
-overlay networks with DVR with North-South and East-West. Network
+This section describes a network solution that utilises VxLAN
+overlay networks with DVR with North-South and East-West. Network
Node is used only for SNAT.
Neutron Server
@@ -355,7 +458,6 @@
neutron:
server:
version: mitaka
- plugin: ml2
bind:
address: 172.20.0.1
port: 9696
@@ -419,7 +521,7 @@
tenant_network_types: "flat,vxlan"
mechanism:
ovs:
- driver: openvswitch
+ driver: openvswitch
Compute Node
@@ -438,7 +540,7 @@
virtual_host: '/openstack'
local_ip: 192.168.20.20 # br-mesh ip address
dvr: True
- external_access: True
+ external_access: True
agent_mode: dvr
availability_zone: az1
metadata:
@@ -514,6 +616,22 @@
use_ovs_ports:
- float-to-ex
+Additonal VXLAN tenant network settings
+---------------------------------------
+
+The default multicast group of 224.0.0.1 only multicasts to a single subnet.
+Allow overriding it to allow larger underlay network topologies.
+
+Neutron Server
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ vxlan:
+ group: 239.0.0.0/8
+ vni_ranges: "2:65535"
+
Neutron VLAN tenant networks with Network Nodes
-----------------------------------------------
@@ -526,7 +644,6 @@
neutron:
server:
version: mitaka
- plugin: ml2
...
global_physnet_mtu: 9000
l3_ha: False
@@ -548,7 +665,6 @@
neutron:
compute:
version: mitaka
- plugin: ml2
...
dvr: True
agent_mode: dvr
@@ -560,7 +676,35 @@
ovs:
driver: openvswitch
+Neutron with additional physical networks
+-----------------------------------------
+
+Neutron Server only
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ version: ocata
+ ...
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
+ ...
+ # also need to configure corresponding additional bridge_mappings on
+ # compute and gateway nodes
+ physnets:
+ sriov_net:
+ mtu: 9000 # Optional, defaults to 1500
+ vlan_range: '100:200' # Optional
+ ext_net2:
+ mtu: 1500
+ mechanism:
+ ovs:
+ driver: openvswitch
+
Advanced Neutron Features (DPDK, SR-IOV)
+----------------------------------------
Neutron OVS DPDK
@@ -578,8 +722,9 @@
neutron:
compute:
version: mitaka
- plugin: ml2
dpdk: True
+ vhost_mode: client # options: client|server (default)
+ vhost_socket_dir: /var/run/openvswitch
backend:
engine: ml2
...
@@ -594,7 +739,6 @@
neutron:
server:
version: mitaka
- plugin: ml2
backend:
engine: ml2
...
@@ -607,7 +751,6 @@
neutron:
compute:
version: mitaka
- plugin: ml2
...
backend:
engine: ml2
@@ -620,6 +763,180 @@
ovs:
driver: openvswitch
+Neutron with VLAN-aware-VMs
+---------------------------
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ vlan_aware_vms: true
+ ....
+ compute:
+ vlan_aware_vms: true
+ ....
+ gateway:
+ vlan_aware_vms: true
+
+Neutron with BGP VPN (BaGPipe driver)
+---------------------------
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ version: pike
+ bgp_vpn:
+ enabled: true
+ driver: bagpipe # Options: bagpipe/opencontrail/opendaylight
+ ....
+ compute:
+ version: pike
+ bgp_vpn:
+ enabled: true
+ driver: bagpipe # Options: bagpipe/opencontrail/opendaylight
+ bagpipe:
+ local_address: 192.168.20.20 # IP address for mpls/gre tunnels
+ peers: 192.168.20.30 # IP addresses of BGP peers
+ autonomous_system: 64512 # Autonomous System number
+ enable_rtc: True # Enable RT Constraint (RFC4684)
+ backend:
+ ovs_extension: # for OVS agent only, not supported in SRIOV agent
+ bagpipe_bgpvpn:
+ enabled: True
+
+Neutron with DHCP agent on compute node
+---------------------------------------
+
+.. code-block:: yaml
+
+ neutron:
+ ....
+ compute:
+ dhcp_agent_enabled: true
+ ....
+
+Neutron with OVN
+----------------
+
+Control node:
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ backend:
+ engine: ovn
+ mechanism:
+ ovn:
+ driver: ovn
+ tenant_network_types: "geneve,flat"
+ ovn_ctl_opts:
+ db-nb-create-insecure-remote: 'yes'
+ db-sb-create-insecure-remote: 'yes'
+
+Compute node:
+
+.. code-block:: yaml
+
+ neutron:
+ compute:
+ local_ip: 10.2.0.105
+ controller_vip: 10.1.0.101
+ external_access: false
+ backend:
+ engine: ovn
+
+
+Neutron L2 Gateway
+----------------
+
+Control node:
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ version: pike
+ l2gw:
+ enabled: true
+ periodic_monitoring_interval: 5
+ quota_l2_gateway: 20
+ # service_provider=<service_type>:<name>:<driver>[:default]
+ service_provider: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
+ backend:
+ engine: ml2
+
+Network/Gateway node:
+
+.. code-block:: yaml
+
+ neutron:
+ gateway:
+ version: pike
+ l2gw:
+ enabled: true
+ debug: true
+ socket_timeout: 20
+ ovsdb_hosts:
+ # <ovsdb_name>: <ip address>:<port>
+ # - ovsdb_name: a user defined symbolic identifier of physical switch
+ # - ip address: the address or dns name for the OVSDB server (i.e. pointer to the switch)
+ ovsdb1: 10.164.5.33:6632
+ ovsdb2: 10.164.4.33:6632
+
+
+OpenDaylight integration
+------------------------
+
+Control node:
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ backend:
+ opendaylight: true
+ router: odl-router_v2
+ host: 10.20.0.77
+ rest_api_port: 8282
+ user: admin
+ password: admin
+ ovsdb_connection: tcp:127.0.0.1:6639
+ enable_websocket: true
+ enable_dhcp_service: false
+ mechanism:
+ ovs:
+ driver: opendaylight_v2
+
+Network/Gateway node:
+
+.. code-block:: yaml
+
+ neutron:
+ gateway:
+ backend:
+ router: odl-router_v2
+ ovsdb_connection: tcp:127.0.0.1:6639
+ opendaylight:
+ ovsdb_server_iface: ptcp:6639:127.0.0.1
+ ovsdb_odl_iface: tcp:10.20.0.77:6640
+ tunnel_ip: 10.1.0.110
+ provider_mappings: physnet1:br-floating
+
+Compute node:
+
+.. code-block:: yaml
+
+ neutron:
+ compute:
+ opendaylight:
+ ovsdb_server_iface: ptcp:6639:127.0.0.1
+ ovsdb_odl_iface: tcp:10.20.0.77:6640
+ tunnel_ip: 10.1.0.105
+ provider_mappings: physnet1:br-floating
+
+
Neutron Server
--------------
@@ -629,7 +946,6 @@
neutron:
server:
- plugin: contrail
backend:
engine: contrail
host: contrail_discovery_host
@@ -652,7 +968,6 @@
user: admin
password: password
-
Neutron Keystone region
.. code-block:: yaml
@@ -687,6 +1002,53 @@
virtual_host: '/openstack'
....
+
+Configuring TLS communications
+------------------------------
+
+
+**Note:** by default system wide installed CA certs are used, so ``cacert_file`` param is optional, as well as ``cacert``.
+
+
+- **RabbitMQ TLS**
+
+.. code-block:: yaml
+
+ neutron:
+ server, gateway, compute:
+ message_queue:
+ port: 5671
+ ssl:
+ enabled: True
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
+ (optional) version: TLSv1_2
+
+
+- **MySQL TLS**
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ database:
+ ssl:
+ enabled: True
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/mysql-ca.pem
+
+- **Openstack HTTPS API**
+
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ identity:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+
+
Enable auditing filter, ie: CADF
.. code-block:: yaml
@@ -707,6 +1069,20 @@
map_file: '/etc/pycadf/neutron_api_audit_map.conf'
....
+Neutron with security groups disabled
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ security_groups_enabled: False
+ ....
+ compute:
+ security_groups_enabled: False
+ ....
+ gateway:
+ security_groups_enabled: False
+
Neutron Client
--------------
@@ -835,6 +1211,146 @@
Instance port in the stated subnet will be associated with the dynamically generated floating IP.
+
+Enable Neutron extensions (QoS, DNS, etc.)
+------------------------------------------
+.. code-block:: yaml
+
+ neutron:
+ server:
+ backend:
+ extension:
+ dns:
+ enabled: True
+ host: 127.0.0.1
+ port: 9001
+ protocol: http
+ ....
+ qos
+ enabled: True
+
+Different Neutron extensions for different agents
+-------------------------------------------------
+.. code-block:: yaml
+
+ neutron:
+ server:
+ backend:
+ extension: # common extensions for OVS and SRIOV agents
+ dns:
+ enabled: True
+ ...
+ qos
+ enabled: True
+ ovs_extension: # OVS specific extensions
+ bagpipe_bgpvpn:
+ enabled: True
+ sriov_extension: # SRIOV specific extensions
+ dummy:
+ enabled: True
+
+
+Neutron with Designate
+-----------------------------------------
+.. code-block:: yaml
+
+ neutron:
+ server:
+ backend:
+ extension:
+ dns:
+ enabled: True
+ host: 127.0.0.1
+ port: 9001
+ protocol: http
+
+Enable RBAC for OpenContrail engine
+-----------------------------------
+.. code-block:: yaml
+
+ neutron:
+ server:
+ backend:
+ engine: contrail
+ rbac:
+ enabled: True
+
+Enhanced logging with logging.conf
+----------------------------------
+
+By default logging.conf is disabled.
+
+That is possible to enable per-binary logging.conf with new variables:
+ * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
+ * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
+ * openstack_ossyslog_handler_enabled - set to true to enable OSSysLogHandler for all Openstack services.
+
+Only WatchedFileHandler, OSSysLogHandler and FluentHandler are available.
+
+Also it is possible to configure this with pillar:
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ logging:
+ log_appender: true
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: true
+ ossyslog:
+ enabled: true
+ ....
+ compute:
+ logging:
+ log_appender: true
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: true
+ ossyslog:
+ enabled: true
+ ....
+ gateway:
+ logging:
+ log_appender: true
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: true
+ ossyslog:
+ enabled: true
+
+Logging levels pillar example:
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ logging:
+ log_appender: true
+ loggers:
+ root:
+ level: 'DEBUG'
+ neutron:
+ level: 'DEBUG'
+ amqplib:
+ level: 'DEBUG'
+ sqlalchemy:
+ level: 'DEBUG'
+ boto:
+ level: 'DEBUG'
+ suds:
+ level: 'DEBUG'
+ eventletwsgi:
+ level: 'DEBUG'
+ ......
+
+
Documentation and Bugs
======================
diff --git a/_modules/neutronng.py b/_modules/neutronng.py
index 6a3eaf8..6ea50f9 100644
--- a/_modules/neutronng.py
+++ b/_modules/neutronng.py
@@ -41,19 +41,9 @@
connection_args.update({kwarg: kwargs[kwarg]})
elif '__' not in kwarg:
nkwargs.update({kwarg: kwargs[kwarg]})
- kstone = __salt__['keystone.auth'](**connection_args)
- token = kstone.auth_token
-
- if kwargs.get('connection_endpoint_type') == None:
- endpoint_type = 'internalURL'
- else:
- endpoint_type = kwargs.get('connection_endpoint_type')
-
- endpoint = kstone.service_catalog.url_for(
- service_type='network',
- endpoint_type=endpoint_type)
- neutron_interface = client.Client(
- endpoint_url=endpoint, token=token)
+ kstone = __salt__['keystoneng.auth'](**connection_args)
+ endpoint_type = kwargs.get('connection_endpoint_type', 'internal')
+ neutron_interface = client.Client(session=kstone.session, endpoint_type=endpoint_type)
return_data = func_name(neutron_interface, *args, **nkwargs)
# TODO(vsaienko) drop this formatting when all commands are updated
# to return dictionary
@@ -328,9 +318,7 @@
.. code-block:: bash
salt '*' neutronng.create_port network_id='openstack-network-id'
'''
- response = neutron_interface.create_port({'port': port_params})
- if 'port' in response and 'id' in response['port']:
- return response['port']['id']
+ return neutron_interface.create_port({'port': port_params})
@_autheticate
@@ -418,3 +406,13 @@
'''
neutron_interface.delete_router(router_id)
+
+@_autheticate
+def list_extensions(neutron_interface, **kwargs):
+ '''
+ list all extensions
+ CLI Example:
+ .. code-block:: bash
+ salt '*' neutronng.list_extensions
+ '''
+ return neutron_interface.list_extensions(**kwargs)
diff --git a/_states/neutronng.py b/_states/neutronng.py
index 89e0011..351b1d1 100644
--- a/_states/neutronng.py
+++ b/_states/neutronng.py
@@ -43,7 +43,7 @@
def _get_tenant_id(tenant_name, *args, **kwargs):
try:
- tenant_id = __salt__['keystone.tenant_get'](
+ tenant_id = __salt__['keystoneng.tenant_get'](
name=tenant_name, **kwargs)[tenant_name]['id']
except:
tenant_id = None
@@ -83,7 +83,9 @@
shared=None,
provider_segmentation_id=None,
profile=None,
- endpoint_type=None):
+ endpoint_type=None,
+ dns_domain=None,
+ is_default=None):
'''
Ensure that the neutron network is present with the specified properties.
name
@@ -103,7 +105,9 @@
admin_state_up=admin_state_up,
shared=shared,
tenant_id=tenant_id,
- provider_segmentation_id=provider_segmentation_id)
+ provider_segmentation_id=provider_segmentation_id,
+ dns_domain=dns_domain,
+ is_default=is_default)
if len(existing_networks) == 0:
network_arguments.update(connection_args)
@@ -284,7 +288,7 @@
connection_args = _auth(profile, endpoint_type)
tenant_name = tenant
try:
- tenant_id = __salt__['keystone.tenant_get'](
+ tenant_id = __salt__['keystoneng.tenant_get'](
name=tenant_name, **connection_args)[tenant_name]['id']
except:
tenant_id = None
@@ -299,16 +303,17 @@
if created_router:
router_id = created_router[name]['id']
network = _neutron_module_call(
- 'list_networks', name=gateway_network, **connection_args)
- gateway_network_id = network[gateway_network]['id']
+ 'list_networks', name=gateway_network, **connection_args)["networks"]
+ #TODO test for more networks
+ gateway_network_id = network[0]['id']
_neutron_module_call('router_gateway_set',
router_id=router_id,
external_gateway=gateway_network_id,
**connection_args)
for interface in interfaces:
subnet = _neutron_module_call(
- 'list_subnets', name=interface, **connection_args)
- subnet_id = subnet[interface]['id']
+ 'list_subnets', name=interface, **connection_args)["subnets"]
+ subnet_id = subnet[0]['id']
_neutron_module_call('router_add_interface',
router_id=router_id,
subnet_id=subnet_id,
@@ -327,8 +332,8 @@
diff.update({'admin_state_up': admin_state_up})
if gateway_network:
network = _neutron_module_call(
- 'list_networks', name=gateway_network, **connection_args)
- gateway_network_id = network[gateway_network]['id']
+ 'list_networks', name=gateway_network, **connection_args)["networks"]
+ gateway_network_id = network[0]['id']
if not existing_router['external_gateway_info'] and not existing_router['external_gateway_info'] == None:
if existing_router['external_gateway_info']['network_id'] != gateway_network_id:
diff.update({'external_gateway_info': {'network_id': gateway_network_id}})
@@ -366,8 +371,8 @@
subnet_name = subnet
connection_args = _auth(profile, endpoint_type)
existing_subnet = _neutron_module_call(
- 'list_subnets', name=subnet_name, **connection_args)
- subnet_id = existing_subnet[subnet_name]['id']
+ 'list_subnets', name=subnet_name, **connection_args)["subnets"]
+ subnet_id = existing_subnet[0]['id']
ret = {}
existing_ports = _neutron_module_call(
@@ -375,11 +380,11 @@
existing_floatingips = _neutron_module_call(
'list_floatingips', **connection_args)
- tenant = __salt__['keystone.tenant_get'](name=tenant_name, profile=profile, **connection_args)
+ tenant = __salt__['keystoneng.tenant_get'](name=tenant_name, **connection_args)
tenant_id = tenant[tenant_name]['id']
existing_network = _neutron_module_call(
- 'list_networks', name=network, **connection_args)
- floating_network_id = existing_network[network]['id']
+ 'list_networks', name=network, **connection_args)["networks"]
+ floating_network_id = existing_network[0]['id']
for key, value in existing_ports.iteritems():
try:
@@ -409,7 +414,7 @@
def security_group_present(name=None,
tenant=None,
- description=None,
+ description='',
rules=[],
profile=None,
endpoint_type=None):
@@ -428,7 +433,7 @@
connection_args = _auth(profile, endpoint_type)
tenant_name = tenant
try:
- tenant_id = __salt__['keystone.tenant_get'](
+ tenant_id = __salt__['keystoneng.tenant_get'](
name=tenant_name, **connection_args)[tenant_name]['id']
except:
tenant_id = None
@@ -527,6 +532,109 @@
# Security group already exists, but the specified rules were added to it.
return _updated(name, 'security_group', {'New Rules': new_rules})
+
+def port_present(network_name, profile=None, endpoint_type=None, name=None,
+ tenant=None, description='', fixed_ips=None, device_id=None,
+ device_owner=None, binding_host_id=None, admin_state_up=True,
+ mac_address=None, vnic_type=None, binding_profile=None,
+ security_groups=None, extra_dhcp_opt=None, qos_policy=None,
+ allowed_address_pair=None, dns_name=None):
+ """
+ Ensure the port is present with specified parameters.
+
+ :param network_name: Name of the network to create port in
+ :param profile: Authentication profile
+ :param endpoint_type: Endpoint type
+ :param name: Name of this port
+ :param tenant: Tenant in which the port should be created, avaiable for
+ admin only.
+ :param description: Port description
+ :param fixed_ips: Desired IP and/or subnet for this port:
+ subnet_id=<name_or_id>,ip_address=<ip>.
+ :param device_id: Device ID of this port
+ :param device_owner: Device owner of this port
+ :param binding_host_id: he ID of the host where the port resides.
+ :param admin_state_up: Admin state of this port
+ :param mac_address: MAC address of this port
+ :param vnic_type: VNIC type for this port
+ :param binding_profile: Custom data to be passed as binding:profile
+ :param security_groups: Security group associated with the port
+ :param extra_dhcp_opt: Extra dhcp options to be assigned to this port:
+ opt_na me=<dhcp_option_name>,opt_value=<value>,
+ ip_version={4, 6}
+ :param qos_policy: ID or name of the QoS policy that shouldbe attached to
+ the resource
+ :param allowed_address_pair: ip_address=IP_ADDR|CIDR[,mac_address=MAC_ADDR]
+ Allowed address pair associated with the port.
+ "ip_address" parameter is required. IP address
+ or CIDR can be specified for "ip_address".
+ "mac_address" parameter is optional.
+ :param dns_name: Assign DNS name to the port (requires DNS integration
+ extension)
+ """
+
+ connection_args = _auth(profile, endpoint_type)
+ tenant_id = _get_tenant_id(tenant_name=tenant, **connection_args)
+ network_id = None
+ port_exists = False
+
+ port_arguments = _get_non_null_args(
+ name=name, tenant_id=tenant_id, description=description,
+ fixed_ips=fixed_ips, device_id=device_id, device_owner=device_owner,
+ admin_state_up=admin_state_up,
+ mac_address=mac_address, vnic_type=vnic_type,
+ binding_profile=binding_profile,
+ extra_dhcp_opt=extra_dhcp_opt, qos_policy=qos_policy,
+ allowed_address_pair=allowed_address_pair, dns_name=dns_name)
+ if binding_host_id:
+ port_arguments['binding:host_id'] = binding_host_id
+ if security_groups:
+ sec_group_list = []
+ for sec_group_name in security_groups:
+ security_group = _neutron_module_call(
+ 'list_security_groups', name=sec_group_name, **connection_args)
+ if security_group:
+ sec_group_list.append(security_group[sec_group_name]['id'])
+ port_arguments['security_groups'] = sec_group_list
+
+ existing_networks = _neutron_module_call(
+ 'list_networks', tenant_id=tenant_id, name=network_name,
+ **connection_args)['networks']
+ if len(existing_networks) == 0:
+ LOG.error("Can't find network with name: {0}".format(network_name))
+ elif len(existing_networks) == 1:
+ network_id = existing_networks[0]['id']
+ elif len(existing_networks) > 1:
+ LOG.error("Multiple networks with name: {0} found.".format(network_name))
+
+ if network_id is None:
+ return _create_failed(name, 'port')
+
+ port_arguments['network_id'] = network_id
+
+ existing_ports = _neutron_module_call(
+ 'list_ports', network_id=network_id, tenant_id=tenant_id,
+ **connection_args)
+
+ if name:
+ for key, value in existing_ports.iteritems():
+ try:
+ if value['name'] == name and value['tenant_id'] == tenant_id:
+ port_exists = True
+ break
+ except KeyError:
+ pass
+
+ if not port_exists:
+ port_arguments.update(connection_args)
+ res = _neutron_module_call('create_port', **port_arguments)['port']
+ if res['name'] == name:
+ return _created(name, 'port', res)
+ return _create_failed(name, 'port')
+ else:
+ return _no_change('for instance {0}'.format(name), 'port')
+
+
def _created(name, resource, resource_definition):
changes_dict = {'name': name,
'changes': resource_definition,
diff --git a/metadata/service/client/init.yml b/metadata/service/client/init.yml
new file mode 100644
index 0000000..d156a6b
--- /dev/null
+++ b/metadata/service/client/init.yml
@@ -0,0 +1,6 @@
+applications:
+ - neutron
+parameters:
+ neutron:
+ client:
+ enabled: true
\ No newline at end of file
diff --git a/metadata/service/compute/opendaylight/single.yml b/metadata/service/compute/opendaylight/single.yml
new file mode 100644
index 0000000..aa9f8a4
--- /dev/null
+++ b/metadata/service/compute/opendaylight/single.yml
@@ -0,0 +1,11 @@
+parameters:
+ _param:
+ provider_mappings: physnet1:br-floating
+ opendaylight_service_host: 127.0.0.1
+ neutron:
+ compute:
+ opendaylight:
+ ovsdb_server_iface: ptcp:6639:127.0.0.1
+ ovsdb_odl_iface: tcp:${_param:opendaylight_service_host}:6640
+ tunnel_ip: ${_param:tenant_address}
+ provider_mappings: ${_param:provider_mappings}
diff --git a/metadata/service/compute/ovn/single.yml b/metadata/service/compute/ovn/single.yml
new file mode 100644
index 0000000..4697876
--- /dev/null
+++ b/metadata/service/compute/ovn/single.yml
@@ -0,0 +1,29 @@
+applications:
+- neutron
+classes:
+- service.neutron.support
+parameters:
+ _param:
+ ovn_external_bridge: br-floating
+ openstack_log_appender: false
+ openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
+ neutron:
+ compute:
+ enabled: true
+ version: ${_param:neutron_version}
+ local_ip: ${_param:tenant_address}
+ controller_vip: ${_param:cluster_vip_address}
+ external_access: true
+ external_bridge: ${_param:ovn_external_bridge}
+ backend:
+ engine: ovn
+ logging:
+ log_appender: ${_param:openstack_log_appender}
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
diff --git a/metadata/service/compute/single.yml b/metadata/service/compute/single.yml
index e1196b2..96f4268 100644
--- a/metadata/service/compute/single.yml
+++ b/metadata/service/compute/single.yml
@@ -3,6 +3,11 @@
classes:
- service.neutron.support
parameters:
+ _param:
+ openstack_log_appender: false
+ openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
+ compute_dhcp_agent_enabled: false
neutron:
compute:
enabled: true
@@ -16,7 +21,14 @@
virtual_host: '/openstack'
local_ip: ${_param:tenant_address}
dvr: false
+ dhcp_agent_enabled: ${_param:compute_dhcp_agent_enabled}
external_access: false
+ security_groups_enabled: true
+ qos: false
+ vlan_aware_vms: false
+ bgp_vpn:
+ enabled: false
+ driver: bagpipe
metadata:
host: ${_param:cluster_vip_address}
password: ${_param:metadata_password}
@@ -26,3 +38,12 @@
mechanism:
ovs:
driver: openvswitch
+ logging:
+ log_appender: ${_param:openstack_log_appender}
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index eaa8707..33ddaa2 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -5,11 +5,19 @@
parameters:
_param:
keystone_neutron_endpoint_type: internal
+ openstack_log_appender: false
+ openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
neutron:
server:
enabled: true
dns_domain: novalocal
+ vlan_aware_vms: false
+ bgp_vpn:
+ enabled: false
+ driver: bagpipe
version: ${_param:neutron_version}
+ controller_vip: ${_param:cluster_vip_address}
bind:
address: ${_param:cluster_local_address}
port: 9696
@@ -29,6 +37,15 @@
password: ${_param:keystone_neutron_password}
tenant: service
endpoint_type: ${_param:keystone_neutron_endpoint_type}
+ logging:
+ log_appender: ${_param:openstack_log_appender}
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
message_queue:
engine: rabbitmq
host: ${_param:cluster_vip_address}
@@ -42,3 +59,12 @@
user: nova
password: ${_param:keystone_nova_password}
tenant: service
+ backend:
+ extension:
+ dns:
+ enabled: False
+ engine: designate
+ protocol: http
+ host: ${_param:cluster_vip_address}
+ port: 9001
+ url: ${neutron:server:backend:extension:dns:protocol}://${neutron:server:backend:extension:dns:host}:${neutron:server:backend:extension:dns:port}/v2
diff --git a/metadata/service/control/container.yml b/metadata/service/control/container.yml
index bca3d9e..367167b 100644
--- a/metadata/service/control/container.yml
+++ b/metadata/service/control/container.yml
@@ -12,6 +12,7 @@
server:
enabled: true
dns_domain: novalocal
+ vlan_aware_vms: false
version: ${_param:neutron_version}
bind:
address: 0.0.0.0
diff --git a/metadata/service/control/services/l2gw.yml b/metadata/service/control/services/l2gw.yml
new file mode 100644
index 0000000..75a7ead
--- /dev/null
+++ b/metadata/service/control/services/l2gw.yml
@@ -0,0 +1,7 @@
+applications:
+- neutron
+parameters:
+ neutron:
+ server:
+ l2gw:
+ enabled: true
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index 3be2831..939856c 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -5,14 +5,23 @@
parameters:
_param:
keystone_neutron_endpoint_type: internal
+ openstack_log_appender: false
+ openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
neutron:
server:
enabled: true
- plugin: ml2
fwaas: false
dns_domain: novalocal
tunnel_type: vxlan
+ security_groups_enabled: true
+ qos: false
+ vlan_aware_vms: false
+ bgp_vpn:
+ enabled: false
+ driver: bagpipe
version: ${_param:neutron_version}
+ controller_vip: ${_param:single_address}
bind:
address: ${_param:single_address}
port: 9696
@@ -32,6 +41,15 @@
password: ${_param:keystone_neutron_password}
tenant: service
endpoint_type: ${_param:keystone_neutron_endpoint_type}
+ logging:
+ log_appender: ${_param:openstack_log_appender}
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
message_queue:
engine: rabbitmq
host: ${_param:single_address}
@@ -45,3 +63,12 @@
user: nova
password: ${_param:keystone_nova_password}
tenant: service
+ backend:
+ extension:
+ dns:
+ enabled: False
+ engine: designate
+ protocol: http
+ host: ${_param:single_address}
+ port: 9001
+ url: ${neutron:server:backend:extension:dns:protocol}://${neutron:server:backend:extension:dns:host}:${neutron:server:backend:extension:dns:port}/v2
diff --git a/metadata/service/fwaas/init.yml b/metadata/service/fwaas/init.yml
new file mode 100644
index 0000000..141af64
--- /dev/null
+++ b/metadata/service/fwaas/init.yml
@@ -0,0 +1,7 @@
+applications:
+ - neutron
+parameters:
+ neutron:
+ fwaas:
+ enabled: true
+ version: ${_param:neutron_version}
diff --git a/metadata/service/gateway/opendaylight/single.yml b/metadata/service/gateway/opendaylight/single.yml
new file mode 100644
index 0000000..36d6380
--- /dev/null
+++ b/metadata/service/gateway/opendaylight/single.yml
@@ -0,0 +1,17 @@
+classes:
+- service.neutron.gateway.single
+parameters:
+ _param:
+ opendaylight_router: odl-router_v2
+ provider_mappings: physnet1:br-floating
+ opendaylight_service_host: 127.0.0.1
+ neutron:
+ gateway:
+ backend:
+ router: ${_param:opendaylight_router}
+ ovsdb_connection: tcp:127.0.0.1:6639
+ opendaylight:
+ ovsdb_server_iface: ptcp:6639:127.0.0.1
+ ovsdb_odl_iface: tcp:${_param:opendaylight_service_host}:6640
+ tunnel_ip: ${_param:tenant_address}
+ provider_mappings: ${_param:provider_mappings}
diff --git a/metadata/service/gateway/single.yml b/metadata/service/gateway/single.yml
index 4ff30d1..2649449 100644
--- a/metadata/service/gateway/single.yml
+++ b/metadata/service/gateway/single.yml
@@ -3,6 +3,10 @@
classes:
- service.neutron.support
parameters:
+ _param:
+ openstack_log_appender: false
+ openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
neutron:
gateway:
enabled: true
@@ -17,6 +21,9 @@
local_ip: ${_param:tenant_address}
dvr: false
external_access: True
+ security_groups_enabled: true
+ qos: false
+ vlan_aware_vms: false
metadata:
host: ${_param:cluster_vip_address}
password: ${_param:metadata_password}
@@ -26,3 +33,12 @@
mechanism:
ovs:
driver: openvswitch
+ logging:
+ log_appender: ${_param:openstack_log_appender}
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
diff --git a/metadata/service/support.yml b/metadata/service/support.yml
index 9876a1e..cde8934 100644
--- a/metadata/service/support.yml
+++ b/metadata/service/support.yml
@@ -3,6 +3,8 @@
_support:
collectd:
enabled: true
+ fluentd:
+ enabled: true
heka:
enabled: true
sensu:
@@ -13,3 +15,7 @@
enabled: true
grafana:
enabled: true
+ prometheus:
+ enabled: true
+ telegraf:
+ enabled: true
diff --git a/neutron/agents/_l2gw.sls b/neutron/agents/_l2gw.sls
new file mode 100644
index 0000000..53e048a
--- /dev/null
+++ b/neutron/agents/_l2gw.sls
@@ -0,0 +1,32 @@
+{%- from "neutron/map.jinja" import gateway with context %}
+{%- if gateway.l2gw.get('enabled', False) %}
+
+l2gw_agent_packages:
+ pkg.installed:
+ - names: {{ gateway.pkgs_l2gw_agent }}
+
+/etc/neutron/l2gateway_agent.ini:
+ file.managed:
+ - source: salt://neutron/files/{{ gateway.version }}/l2gw/l2gateway_agent.ini
+ - template: jinja
+ - require:
+ - pkg: l2gw_agent_packages
+
+{%- if not grains.get('noservices', False) %}
+
+# TODO: use service.masked state instead once salt get updated to 2017.7.0+
+service.mask:
+ module.run:
+ - m_name: neutron-l2gateway-agent
+ - require_in:
+ - pkg: l2gw_agent_packages
+
+neutron-l2gateway-agent:
+ service.running:
+ - enable: true
+ - watch:
+ - file: /etc/neutron/l2gateway_agent.ini
+ - file: /etc/neutron/neutron.conf
+
+{%- endif %}
+{%- endif %}
diff --git a/neutron/client.sls b/neutron/client.sls
index e31e969..b4bb7ac 100644
--- a/neutron/client.sls
+++ b/neutron/client.sls
@@ -7,6 +7,26 @@
{%- for identity_name, identity in client.server.iteritems() %}
+
+{%- if identity.security_group is defined %}
+
+{%- for security_group_name, security_group in identity.security_group.iteritems() %}
+openstack_security_group_{{ security_group_name }}:
+ neutronng.security_group_present:
+ - name: {{ security_group_name }}
+ {%- if security_group.description is defined %}
+ - description: {{ security_group.description }}
+ {%- endif %}
+ - rules: {{ security_group.rules }}
+ - profile: {{ identity_name }}
+ - tenant: {{ security_group.tenant }}
+ {%- if identity.endpoint_type is defined %}
+ - endpoint_type: {{ identity.endpoint_type }}
+ {%- endif %}
+{%- endfor %}
+
+{%- endif %}
+
{%- if identity.network is defined %}
{%- for network_name, network in identity.network.iteritems() %}
@@ -38,6 +58,12 @@
{%- if network.provider_segmentation_id is defined %}
- provider_segmentation_id: {{ network.provider_segmentation_id }}
{%- endif %}
+ {%- if network.dns_domain is defined %}
+ - dns_domain: {{ network.dns_domain }}
+ {%- endif %}
+ {%- if network.is_default is defined %}
+ - is_default: {{ network.is_default }}
+ {%- endif %}
{%- if network.subnet is defined %}
@@ -80,6 +106,66 @@
{%- endif %}
+{%- if network.port is defined %}
+
+{%- for port_name, port in network.port.iteritems() %}
+neutron_openstack_port_{{ port_name }}:
+ neutronng.port_present:
+ - network_name: {{ network_name }}
+ - name: {{ port_name }}
+ - profile: {{ identity_name }}
+ - tenant: {{ network.tenant }}
+ {%- if identity.endpoint_type is defined %}
+ - endpoint_type: {{ identity.endpoint_type }}
+ {%- endif %}
+ {%- if port.description is defined %}
+ - description: {{ port.description }}
+ {%- endif %}
+ {%- if port.fixed_ips is defined %}
+ - fixed_ips: {{ port.fixed_ips }}
+ {%- endif %}
+ {%- if port.device_id is defined %}
+ - device_id: {{ port.device_id }}
+ {%- endif %}
+ {%- if port.device_owner is defined %}
+ - device_owner: {{ port.device_owner }}
+ {%- endif %}
+ {%- if port.binding_host_id is defined %}
+ - binding_host_id: {{ port.binding_host_id }}
+ {%- endif %}
+ {%- if port.admin_state_up is defined %}
+ - admin_state_up: {{ port.admin_state_up }}
+ {%- endif %}
+ {%- if port.mac_address is defined %}
+ - mac_address: {{ port.mac_address }}
+ {%- endif %}
+ {%- if port.vnic_type is defined %}
+ - vnic_type: {{ port.vnic_type }}
+ {%- endif %}
+ {%- if port.binding_profile is defined %}
+ - binding_profile: {{ port.binding_profile }}
+ {%- endif %}
+ {%- if port.security_groups is defined %}
+ - security_groups: {{ port.security_groups }}
+ {%- endif %}
+ {%- if port.extra_dhcp_opt is defined %}
+ - extra_dhcp_opt: {{ port.extra_dhcp_opt }}
+ {%- endif %}
+ {%- if port.qos_policy is defined %}
+ - qos_policy: {{ port.qos_policy }}
+ {%- endif %}
+ {%- if port.allowed_address_pair is defined %}
+ - allowed_address_pair: {{ port.allowed_address_pair }}
+ {%- endif %}
+ {%- if port.dns_name is defined %}
+ - dns_name: {{ port.dns_name }}
+ {%- endif %}
+ - require:
+ - neutronng: neutron_openstack_network_{{ network_name }}
+{%- endfor %}
+
+{%- endif %}
+
{%- endfor %}
{%- endif %}
@@ -102,23 +188,6 @@
{%- endif %}
-{%- if identity.security_group is defined %}
-
-{%- for security_group_name, security_group in identity.security_group.iteritems() %}
-openstack_security_group_{{ security_group_name }}:
- neutronng.security_group_present:
- - name: {{ security_group_name }}
- - description: {{ security_group.description }}
- - rules: {{ security_group.rules }}
- - profile: {{ identity_name }}
- - tenant: {{ security_group.tenant }}
- {%- if identity.endpoint_type is defined %}
- - endpoint_type: {{ identity.endpoint_type }}
- {%- endif %}
-{%- endfor %}
-
-{%- endif %}
-
{%- if identity.floating_ip is defined %}
{%- for instance_name, instance in identity.floating_ip.iteritems() %}
diff --git a/neutron/compute.sls b/neutron/compute.sls
index cb02136..2eefb6a 100644
--- a/neutron/compute.sls
+++ b/neutron/compute.sls
@@ -1,10 +1,44 @@
-{% from "neutron/map.jinja" import compute with context %}
+{% from "neutron/map.jinja" import compute, fwaas with context %}
{%- if compute.enabled %}
+{% if compute.backend.engine == "ml2" %}
+
+{% if compute.get('dhcp_agent_enabled', False) %}
+neutron_dhcp_agent_packages:
+ pkg.installed:
+ - names:
+ - neutron-dhcp-agent
+
+neutron_dhcp_agent:
+ service.running:
+ - enable: true
+ - names:
+ - neutron-dhcp-agent
+ - watch:
+ - file: /etc/neutron/dhcp_agent.ini
+ - require:
+ - pkg: neutron_dhcp_agent_packages
+
+/etc/neutron/dhcp_agent.ini:
+ file.managed:
+ - source: salt://neutron/files/{{ compute.version }}/dhcp_agent.ini
+ - template: jinja
+ - require:
+ - pkg: neutron_dhcp_agent_packages
+
+{% endif %}
+
+{%- if compute.opendaylight is defined %}
+{%- include "neutron/opendaylight/client.sls" %}
+{%- else %}
neutron_compute_packages:
pkg.installed:
- names: {{ compute.pkgs }}
+{% if compute.get('bgp_vpn', {}).get('enabled', False) and compute.bgp_vpn.driver == "bagpipe" %}
+{%- include "neutron/services/_bagpipe.sls" %}
+{% endif %}
+
/etc/neutron/neutron.conf:
file.managed:
- source: salt://neutron/files/{{ compute.version }}/neutron-generic.conf.{{ grains.os_family }}
@@ -41,11 +75,34 @@
- file: /etc/neutron/neutron.conf
- file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
- file: /etc/neutron/plugins/ml2/sriov_agent.ini
+ {%- if compute.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca_neutron_compute
+ {%- endif %}
{% endif %}
{% if compute.dvr %}
+{%- if fwaas.get('enabled', False) %}
+include:
+- neutron.fwaas
+{%- endif %}
+
+{%- if not grains.get('noservices', False) %}
+# NOTE(mpolenchuk): haproxy is used as a replacement for
+# neutron-ns-metadata-proxy Python implementation starting from Pike
+haproxy:
+ {%- if grains['saltversioninfo'] < [2017,7] %}
+ module.run:
+ - name: service.mask
+ - m_name: haproxy
+ {%- else %}
+ service.masked:
+ {%- endif %}
+ - prereq:
+ - pkg: neutron_dvr_packages
+{%- endif %}
+
neutron_dvr_packages:
pkg.installed:
- names:
@@ -59,8 +116,15 @@
- neutron-l3-agent
- neutron-metadata-agent
- watch:
+ - file: /etc/neutron/neutron.conf
- file: /etc/neutron/l3_agent.ini
- file: /etc/neutron/metadata_agent.ini
+ {%- if fwaas.get('enabled', False) %}
+ - file: /etc/neutron/fwaas_driver.ini
+ {% endif %}
+ {%- if compute.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca_neutron_compute
+ {%- endif %}
- require:
- pkg: neutron_dvr_packages
@@ -98,5 +162,153 @@
- watch:
- file: /etc/neutron/neutron.conf
- file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+ {%- if compute.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca_neutron_compute
+ {%- endif %}
+{%- set neutron_compute_services_list = compute.services %}
+{%- if compute.backend.sriov is defined %}
+ {%- do neutron_compute_services_list.append('neutron-sriov-agent') %}
+{%- endif %}
+{%- if compute.dvr %}
+ {%- do neutron_compute_services_list.extend(['neutron-l3-agent', 'neutron-metadata-agent']) %}
+{%- endif %}
+{%- if compute.get('dhcp_agent_enabled', False) %}
+ {%- do neutron_compute_services_list.append('neutron-dhcp-agent') %}
+{%- endif %}
+
+{%- for service_name in neutron_compute_services_list %}
+{{ service_name }}_default:
+ file.managed:
+ - name: /etc/default/{{ service_name }}
+ - source: salt://neutron/files/default
+ - template: jinja
+ - defaults:
+ service_name: {{ service_name }}
+ values: {{ compute }}
+ - require:
+ - pkg: neutron_compute_packages
+{% if compute.backend.sriov is defined %}
+ - pkg: neutron_sriov_package
+{% endif %}
+{% if compute.dvr %}
+ - pkg: neutron_dvr_packages
+{% endif %}
+ - watch_in:
+ - service: neutron_compute_services
+{% if compute.backend.sriov is defined %}
+ - service: neutron_sriov_service
+{% endif %}
+{% if compute.dvr %}
+ - service: neutron_dvr_agents
+{% endif %}
+{% endfor %}
+
+{%- if compute.logging.log_appender %}
+
+{%- if compute.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+neutron_compute_fluentd_logger_package:
+ pkg.installed:
+ - name: python-fluent-logger
+{%- endif %}
+
+{% for service_name in neutron_compute_services_list %}
+{{ service_name }}_logging_conf:
+ file.managed:
+ - name: /etc/neutron/logging/logging-{{ service_name }}.conf
+ - source: salt://neutron/files/logging.conf
+ - template: jinja
+ - makedirs: True
+ - user: neutron
+ - group: neutron
+ - defaults:
+ service_name: {{ service_name }}
+ values: {{ compute }}
+ - require:
+ - pkg: neutron_compute_packages
+{% if compute.backend.sriov is defined %}
+ - pkg: neutron_sriov_package
+{% endif %}
+{% if compute.dvr %}
+ - pkg: neutron_dvr_packages
+{% endif %}
+{%- if compute.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+ - pkg: neutron_compute_fluentd_logger_package
+{%- endif %}
+ - watch_in:
+ - service: neutron_compute_services
+{% if compute.backend.sriov is defined %}
+ - service: neutron_sriov_service
+{% endif %}
+{% if compute.dvr %}
+ - service: neutron_dvr_agents
+{% endif %}
+{% endfor %}
+
+{% endif %}
+
+{%- if compute.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbitmq_ca_neutron_compute:
+{%- if compute.message_queue.ssl.cacert is defined %}
+ file.managed:
+ - name: {{ compute.message_queue.ssl.cacert_file }}
+ - contents_pillar: neutron:compute:message_queue:ssl:cacert
+ - mode: 0444
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ compute.message_queue.ssl.get('cacert_file', compute.cacert_file) }}
+{%- endif %}
+{%- endif %}
+
+{%- endif %}{# !OpenDaylight #}
+
+{%- elif compute.backend.engine == "ovn" %}
+
+ovn_packages:
+ pkg.installed:
+ - names: {{ compute.pkgs_ovn }}
+
+{%- if not grains.get('noservices', False) %}
+
+remote_ovsdb_access:
+ cmd.run:
+ - name: "ovs-vsctl set open .
+ external-ids:ovn-remote=tcp:{{ compute.controller_vip }}:6642"
+
+enable_overlays:
+ cmd.run:
+ - name: "ovs-vsctl set open . external-ids:ovn-encap-type=geneve,vxlan"
+
+configure_local_endpoint:
+ cmd.run:
+ - name: "ovs-vsctl set open .
+ external-ids:ovn-encap-ip={{ compute.local_ip }}"
+
+{%- if compute.get('external_access', True) %}
+
+set_bridge_external_id:
+ cmd.run:
+ - name: "ovs-vsctl --no-wait br-set-external-id
+ {{ compute.external_bridge }} bridge-id {{ compute.external_bridge }}"
+
+set_bridge_mapping:
+ cmd.run:
+ - name: "ovs-vsctl set open .
+ external-ids:ovn-bridge-mappings=physnet1:{{ compute.external_bridge }}"
+
+{%- endif %}
+
+ovn_services:
+ service.running:
+ - names: {{ compute.services_ovn }}
+ - enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - require:
+ - pkg: ovn_packages
+
+{%- endif %}
+{%- endif %}
{%- endif %}
diff --git a/neutron/files/default b/neutron/files/default
new file mode 100644
index 0000000..60df58e
--- /dev/null
+++ b/neutron/files/default
@@ -0,0 +1,4 @@
+# Generated by Salt.
+{%- if values.logging.log_appender %}
+DAEMON_ARGS="${DAEMON_ARGS} --log-config-append=/etc/neutron/logging/logging-{{ service_name }}.conf"
+{%- endif %}
diff --git a/neutron/files/grafana_dashboards/neutron_openvswitch_prometheus.json b/neutron/files/grafana_dashboards/neutron_openvswitch_prometheus.json
new file mode 100755
index 0000000..9c4c498
--- /dev/null
+++ b/neutron/files/grafana_dashboards/neutron_openvswitch_prometheus.json
@@ -0,0 +1,1878 @@
+{% raw %}
+{
+ "annotations": {
+ "list": []
+ },
+ "description": "Monitors Neutron cluster using Prometheus. Shows overall cluster processes and usage.",
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [],
+ "refresh": "1m",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(50, 172, 45, 0.97)",
+ "rgba(237, 129, 40, 0.89)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 1,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(openstack_api_check_status{service=~\"neutron.*\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ service }}",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "0.5,1.5",
+ "title": "API Availability",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "DOWN",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ },
+ {
+ "op": "=",
+ "text": "UNKNOWN",
+ "value": "2"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 2,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": " / sec",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(irate(haproxy_http_response_5xx{proxy=~\"neutron.*\",sv=\"FRONTEND\"}[5m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "per sec",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "HTTP 5xx errors",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 3,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(haproxy_active_servers{proxy=~\"neutron.api\", sv=\"BACKEND\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Neutron API backends",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Service Status",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250",
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "prometheus",
+ "fill": 1,
+ "id": 4,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(openstack_neutron_http_response_times_rate{host=~\"^$host$\"}) by (http_status)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_status }}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Throughput",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "prometheus",
+ "fill": 1,
+ "id": 5,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_http_response_times_upper_90{host=~\"^$host$\"}) by (http_method)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_method }}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Latency",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "API Performances",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "100",
+ "panels": [
+ {
+ "content": "<br />\n<h3 align=\"center\"> Up </h3>",
+ "id": 6,
+ "links": [],
+ "mode": "html",
+ "span": 2,
+ "title": "",
+ "type": "text"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 8,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": null,
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-dhcp-agent\",state=\"up\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "DHCP",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 9,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-l3-agent\",state=\"up\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "L3",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 10,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-metadata-agent\",state=\"up\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Metadata",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 11,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-openvswitch-agent\",state=\"up\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "OpenvSwitch",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "content": "",
+ "id": 12,
+ "links": [],
+ "mode": "text",
+ "span": 2,
+ "title": "",
+ "transparent": true,
+ "type": "text"
+ },
+ {
+ "content": "<br />\n<h3 align=\"center\">Disabled</h3>",
+ "id": 13,
+ "links": [],
+ "mode": "html",
+ "span": 2,
+ "title": "",
+ "type": "text"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 14,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-dhcp-agent\",state=\"disabled\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "DHCP",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 15,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-l3-agent\",state=\"disabled\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "L3",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 16,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-metadata-agent\",state=\"disabled\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Metadata",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 17,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-openvswitch-agent\",state=\"disabled\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "OpenvSwitch",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "content": "",
+ "id": 18,
+ "links": [],
+ "mode": "text",
+ "span": 2,
+ "title": "",
+ "transparent": true,
+ "type": "text"
+ },
+ {
+ "content": "<br />\n<h3 align=\"center\">Down</h3>",
+ "id": 19,
+ "links": [],
+ "mode": "html",
+ "span": 2,
+ "title": "",
+ "type": "text"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 20,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-dhcp-agent\",state=\"down\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "DHCP",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 21,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-l3-agent\",state=\"down\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "L3",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 22,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-metadata-agent\",state=\"down\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Metadata",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 23,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-openvswitch-agent\",state=\"down\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "OpenvSwitch",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Neutron Agents",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": 250,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 25,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_networks_total",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Networks",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 26,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_subnets_total",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Subnets",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 27,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(openstack_neutron_ports{owner=~\"compute:.*\",state=\"active\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Compute ports",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 29,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_routers_total",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Routers",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 28,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_floatingips_total",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Floating IP addresses",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Resources",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "sharedCrosshair": true,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {},
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": true,
+ "name": "host",
+ "options": [],
+ "query": "label_values(openstack_neutron_http_response_times_count,host)",
+ "refresh": 1,
+ "refresh_on_load": true,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "browser",
+ "title": "Neutron",
+ "version": 36
+}
+{% endraw %}
diff --git a/neutron/files/grafana_dashboards/neutron_openvswitch_prometheus_fluentd.json b/neutron/files/grafana_dashboards/neutron_openvswitch_prometheus_fluentd.json
new file mode 100755
index 0000000..1a40767
--- /dev/null
+++ b/neutron/files/grafana_dashboards/neutron_openvswitch_prometheus_fluentd.json
@@ -0,0 +1,1878 @@
+{% raw %}
+{
+ "annotations": {
+ "list": []
+ },
+ "description": "Monitors Neutron cluster using Prometheus. Shows overall cluster processes and usage.",
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [],
+ "refresh": "1m",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(50, 172, 45, 0.97)",
+ "rgba(237, 129, 40, 0.89)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 1,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(openstack_api_check_status{service=~\"neutron.*\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ service }}",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "0.5,1.5",
+ "title": "API Availability",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "DOWN",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ },
+ {
+ "op": "=",
+ "text": "UNKNOWN",
+ "value": "2"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 2,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": " / sec",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(irate(haproxy_http_response_5xx{proxy=~\"neutron.*\",sv=\"FRONTEND\"}[5m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "per sec",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "HTTP 5xx errors",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 3,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(haproxy_active_servers{proxy=~\"neutron.api\", sv=\"BACKEND\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Neutron API backends",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Service Status",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250",
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "prometheus",
+ "fill": 1,
+ "id": 4,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(openstack_http_response_times_count{service=\"neutron\",host=~\"^$host$\"}[5m])) by (http_status)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_status }}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Throughput",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "prometheus",
+ "fill": 1,
+ "id": 5,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(openstack_http_response_times{service='heat',quantile=\"0.9\",host=~\"^$host$\"}) by (http_method)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_method }}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Latency",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "API Performances",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "100",
+ "panels": [
+ {
+ "content": "<br />\n<h3 align=\"center\"> Up </h3>",
+ "id": 6,
+ "links": [],
+ "mode": "html",
+ "span": 2,
+ "title": "",
+ "type": "text"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 8,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": null,
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-dhcp-agent\",state=\"up\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "DHCP",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 9,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-l3-agent\",state=\"up\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "L3",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 10,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-metadata-agent\",state=\"up\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Metadata",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 11,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-openvswitch-agent\",state=\"up\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "OpenvSwitch",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "content": "",
+ "id": 12,
+ "links": [],
+ "mode": "text",
+ "span": 2,
+ "title": "",
+ "transparent": true,
+ "type": "text"
+ },
+ {
+ "content": "<br />\n<h3 align=\"center\">Disabled</h3>",
+ "id": 13,
+ "links": [],
+ "mode": "html",
+ "span": 2,
+ "title": "",
+ "type": "text"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 14,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-dhcp-agent\",state=\"disabled\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "DHCP",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 15,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-l3-agent\",state=\"disabled\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "L3",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 16,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-metadata-agent\",state=\"disabled\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Metadata",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 17,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-openvswitch-agent\",state=\"disabled\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "OpenvSwitch",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "content": "",
+ "id": 18,
+ "links": [],
+ "mode": "text",
+ "span": 2,
+ "title": "",
+ "transparent": true,
+ "type": "text"
+ },
+ {
+ "content": "<br />\n<h3 align=\"center\">Down</h3>",
+ "id": 19,
+ "links": [],
+ "mode": "html",
+ "span": 2,
+ "title": "",
+ "type": "text"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 20,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-dhcp-agent\",state=\"down\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "DHCP",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 21,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-l3-agent\",state=\"down\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "L3",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 22,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-metadata-agent\",state=\"down\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Metadata",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 23,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 2,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_agents{service=\"neutron-openvswitch-agent\",state=\"down\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "OpenvSwitch",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Neutron Agents",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": 250,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 25,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_networks_total",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Networks",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 26,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_subnets_total",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Subnets",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 27,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(openstack_neutron_ports{owner=~\"compute:.*\",state=\"active\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Compute ports",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 29,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_routers_total",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Routers",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 28,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "openstack_neutron_floatingips_total",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Floating IP addresses",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Resources",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "sharedCrosshair": true,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {},
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": true,
+ "name": "host",
+ "options": [],
+ "query": "label_values(openstack_http_response_times_count,host)",
+ "refresh": 1,
+ "refresh_on_load": true,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "browser",
+ "title": "Neutron",
+ "version": 37
+}
+{% endraw %}
diff --git a/neutron/files/grafana_dashboards/neutron_prometheus.json b/neutron/files/grafana_dashboards/neutron_prometheus.json
new file mode 100755
index 0000000..500958e
--- /dev/null
+++ b/neutron/files/grafana_dashboards/neutron_prometheus.json
@@ -0,0 +1,894 @@
+{% raw %}
+{
+ "annotations": {
+ "list": []
+ },
+ "description": "Monitors Neutron cluster using Prometheus. Shows overall cluster processes and usage.",
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [],
+ "refresh": "1m",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(50, 172, 45, 0.97)",
+ "rgba(237, 129, 40, 0.89)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 1,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(openstack_api_check_status{service=~\"neutron.*\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ service }}",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "0.5,1.5",
+ "title": "API Availability",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "DOWN",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ },
+ {
+ "op": "=",
+ "text": "UNKNOWN",
+ "value": "2"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 2,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": " / sec",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(irate(haproxy_http_response_5xx{proxy=~\"neutron.*\",sv=\"FRONTEND\"}[5m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "per sec",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "HTTP 5xx errors",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 3,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(haproxy_active_servers{proxy=~\"neutron.api\", sv=\"BACKEND\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Neutron API backends",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Service Status",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250",
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "prometheus",
+ "fill": 1,
+ "id": 4,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(openstack_neutron_http_response_times_rate{host=~\"^$host$\"}) by (http_status)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_status }}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Throughput",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "prometheus",
+ "fill": 1,
+ "id": 5,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_http_response_times_upper_90{host=~\"^$host$\"}) by (http_method)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_method }}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Latency",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "API Performances",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": 250,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 25,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_networks_total)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Networks",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 26,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_subnets_total)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Subnets",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 27,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(openstack_neutron_ports{owner=~\"compute:.*\",state=\"active\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Compute ports",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 29,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_routers_total)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Routers",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 28,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_floatingips_total)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Floating IP addresses",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Resources",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "sharedCrosshair": true,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {},
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": true,
+ "name": "host",
+ "options": [],
+ "query": "label_values(openstack_neutron_http_response_times_count,host)",
+ "refresh": 1,
+ "refresh_on_load": true,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "browser",
+ "title": "Neutron",
+ "version": 4
+}
+{% endraw %}
diff --git a/neutron/files/grafana_dashboards/neutron_prometheus_fluentd.json b/neutron/files/grafana_dashboards/neutron_prometheus_fluentd.json
new file mode 100755
index 0000000..7132e80
--- /dev/null
+++ b/neutron/files/grafana_dashboards/neutron_prometheus_fluentd.json
@@ -0,0 +1,894 @@
+{% raw %}
+{
+ "annotations": {
+ "list": []
+ },
+ "description": "Monitors Neutron cluster using Prometheus. Shows overall cluster processes and usage.",
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [],
+ "refresh": "1m",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(50, 172, 45, 0.97)",
+ "rgba(237, 129, 40, 0.89)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 1,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 1,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(openstack_api_check_status{service=~\"neutron.*\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ service }}",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "0.5,1.5",
+ "title": "API Availability",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "DOWN",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ },
+ {
+ "op": "=",
+ "text": "UNKNOWN",
+ "value": "2"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 2,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": " / sec",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(irate(haproxy_http_response_5xx{proxy=~\"neutron.*\",sv=\"FRONTEND\"}[5m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "per sec",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "HTTP 5xx errors",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "prometheus",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 3,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "min(haproxy_active_servers{proxy=~\"neutron.api\", sv=\"BACKEND\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Neutron API backends",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Service Status",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250",
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "prometheus",
+ "fill": 1,
+ "id": 4,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(openstack_http_response_times_count{service=\"neutron\",host=~\"^$host$\"}[5m])) by (http_status)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_status }}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Throughput",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "prometheus",
+ "fill": 1,
+ "id": 5,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max(openstack_http_response_times{service='heat',quantile=\"0.9\",host=~\"^$host$\"}) by (http_method)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{ http_method }}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Latency",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "API Performances",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": 250,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 25,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_networks_total)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Networks",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 26,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_subnets_total)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Subnets",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 27,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(openstack_neutron_ports{owner=~\"compute:.*\",state=\"active\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Compute ports",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 29,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_routers_total)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Routers",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 28,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max(openstack_neutron_floatingips_total)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": "",
+ "title": "Floating IP addresses",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Resources",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "sharedCrosshair": true,
+ "style": "dark",
+ "tags": [
+ "openstack"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "current": {},
+ "datasource": "prometheus",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": true,
+ "name": "host",
+ "options": [],
+ "query": "label_values(openstack_http_response_times_count,host)",
+ "refresh": 1,
+ "refresh_on_load": true,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "browser",
+ "title": "Neutron",
+ "version": 5
+}
+{% endraw %}
diff --git a/neutron/files/juno/neutron-server b/neutron/files/juno/neutron-server
index 9b06503..3c91959 100644
--- a/neutron/files/juno/neutron-server
+++ b/neutron/files/juno/neutron-server
@@ -7,10 +7,10 @@
# neutron.conf
#NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
-{%- if server.plugin == "ml2" %}
+{%- if server.backend.engine == "ml2" %}
NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"
{%- endif %}
-{%- if server.plugin == "contrail" %}
+{%- if server.backend.engine == "contrail" %}
NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
-{%- endif %}
\ No newline at end of file
+{%- endif %}
diff --git a/neutron/files/liberty/neutron-server.conf.Debian b/neutron/files/liberty/neutron-server.conf.Debian
index 5e30e61..c374b9d 100644
--- a/neutron/files/liberty/neutron-server.conf.Debian
+++ b/neutron/files/liberty/neutron-server.conf.Debian
@@ -308,6 +308,9 @@
# worker thread in the current process. Greater than 0 launches that number of
# child processes as workers. The parent process manages them.
# api_workers = 0
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of separate RPC worker processes to spawn. The default, 0, runs the
# worker thread in the current process. Greater than 0 launches that number of
@@ -315,6 +318,9 @@
# This feature is experimental until issues are addressed and testing has been
# enabled for various plugins for compatibility.
# rpc_workers = 0
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- endif %}
# Timeout for client connections socket operations. If an
# incoming connection is idle for this number of seconds it
diff --git a/neutron/files/liberty/neutron-server.conf.RedHat b/neutron/files/liberty/neutron-server.conf.RedHat
index cba51e2..2aefb45 100644
--- a/neutron/files/liberty/neutron-server.conf.RedHat
+++ b/neutron/files/liberty/neutron-server.conf.RedHat
@@ -304,6 +304,9 @@
# worker thread in the current process. Greater than 0 launches that number of
# child processes as workers. The parent process manages them.
# api_workers = 0
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of separate RPC worker processes to spawn. The default, 0, runs the
# worker thread in the current process. Greater than 0 launches that number of
@@ -311,6 +314,9 @@
# This feature is experimental until issues are addressed and testing has been
# enabled for various plugins for compatibility.
# rpc_workers = 0
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- endif %}
# Timeout for client connections socket operations. If an
# incoming connection is idle for this number of seconds it
diff --git a/neutron/files/logging.conf b/neutron/files/logging.conf
new file mode 100644
index 0000000..9a03a32
--- /dev/null
+++ b/neutron/files/logging.conf
@@ -0,0 +1,81 @@
+{%- set log_handlers = [] -%}
+{%- for log_handler_name, log_handler_attrs in values.logging.log_handlers.items() %}
+ {%- if log_handler_attrs.get('enabled', False) %}
+ {%- do log_handlers.append(log_handler_name) -%}
+ {%- endif %}
+{%- endfor %}
+[loggers]
+keys = root, neutron, eventletwsgi
+
+[handlers]
+keys = {{ log_handlers | join(", ") }}
+
+[formatters]
+keys = context, default{% if values.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}, fluentd{% endif %}
+
+[logger_root]
+level = {{ values.logging.get('loggers', {}).get('root', {}).get('level', 'WARNING') }}
+handlers = {{ log_handlers | join(", ") }}
+
+[logger_neutron]
+level = {{ values.logging.get('loggers', {}).get('neutron', {}).get('level', 'INFO') }}
+handlers = {{ log_handlers | join(", ") }}
+qualname = neutron
+
+[logger_amqplib]
+level = {{ values.logging.get('loggers', {}).get('amqplib', {}).get('level', 'WARNING') }}
+handlers = {{ log_handlers | join(", ") }}
+qualname = amqplib
+
+[logger_sqlalchemy]
+level = {{ values.logging.get('loggers', {}).get('sqlalchemy', {}).get('level', 'WARNING') }}
+handlers = {{ log_handlers | join(", ") }}
+qualname = sqlalchemy
+
+[logger_boto]
+level = {{ values.logging.get('loggers', {}).get('boto', {}).get('level', 'WARNING') }}
+handlers = {{ log_handlers | join(", ") }}
+qualname = boto
+
+[logger_suds]
+level = {{ values.logging.get('loggers', {}).get('suds', {}).get('level', 'INFO') }}
+handlers = {{ log_handlers | join(", ") }}
+qualname = suds
+
+[logger_eventletwsgi]
+level = {{ values.logging.get('loggers', {}).get('eventletwsgi', {}).get('level', 'INFO') }}
+handlers = {{ log_handlers | join(", ") }}
+qualname = eventlet.wsgi.server
+
+{%- if values.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+[handler_fluentd]
+class = fluent.handler.FluentHandler
+args = ('openstack.{{ service_name | replace("-", ".", 1) }}', 'localhost', 24224)
+formatter = fluentd
+{%- endif %}
+
+{%- if values.logging.log_handlers.watchedfile.enabled %}
+[handler_watchedfile]
+class = handlers.WatchedFileHandler
+args = ('/var/log/neutron/{{ service_name }}.log',)
+formatter = context
+{%- endif %}
+
+{% if values.logging.log_handlers.get('ossyslog', {}).get('enabled', False) -%}
+{%- set ossyslog_args = values.logging.log_handlers.ossyslog.get('args', {}) -%}
+[handler_ossyslog]
+class = oslo_log.handlers.OSSysLogHandler
+args = ( handlers.SysLogHandler.{{ ossyslog_args.get('facility', 'LOG_USER') }}, )
+formatter = context
+{%- endif %}
+
+[formatter_context]
+class = oslo_log.formatters.ContextFormatter
+
+[formatter_default]
+format = %(message)s
+
+{%- if values.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+[formatter_fluentd]
+class = oslo_log.formatters.FluentFormatter
+{%- endif %}
diff --git a/neutron/files/mitaka/dhcp_agent.ini b/neutron/files/mitaka/dhcp_agent.ini
index 908086d..17a01ce 100644
--- a/neutron/files/mitaka/dhcp_agent.ini
+++ b/neutron/files/mitaka/dhcp_agent.ini
@@ -19,7 +19,7 @@
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
-interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = openvswitch
# Timeout in seconds for ovs-vsctl commands. If the timeout expires, ovs commands will fail with ALARMCLOCK error. (integer value)
#ovs_vsctl_timeout = 10
diff --git a/neutron/files/mitaka/fwaas_driver.ini b/neutron/files/mitaka/fwaas_driver.ini
new file mode 100644
index 0000000..40442a4
--- /dev/null
+++ b/neutron/files/mitaka/fwaas_driver.ini
@@ -0,0 +1,25 @@
+{%- from "neutron/map.jinja" import fwaas with context %}
+
+[DEFAULT]
+
+[fwaas]
+
+#
+# From firewall.agent
+#
+
+# Name of the FWaaS Driver (string value)
+#driver =
+driver = {{ fwaas.get('driver', fwaas[fwaas.api_version].get('driver')) }}
+
+# Enable FWaaS (boolean value)
+#enabled = false
+enabled = {{ fwaas.get('enabled', 'False') }}
+
+# Firewall agent class (string value)
+#agent_version = v1
+agent_version = {{ fwaas.api_version }}
+
+# Name of the FWaaS Conntrack Driver (string value)
+#conntrack_driver = conntrack
+conntrack_driver = {{ fwaas.get('conntrack_driver', 'conntrack') }}
diff --git a/neutron/files/mitaka/l3_agent.ini b/neutron/files/mitaka/l3_agent.ini
index 0095ab7..3916ec3 100644
--- a/neutron/files/mitaka/l3_agent.ini
+++ b/neutron/files/mitaka/l3_agent.ini
@@ -3,6 +3,7 @@
{%- else %}
{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}
+{%- from "neutron/map.jinja" import fwaas with context %}
[DEFAULT]
@@ -25,7 +26,7 @@
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
-interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = openvswitch
# Timeout in seconds for ovs-vsctl commands. If the timeout expires, ovs commands will fail with ALARMCLOCK error. (integer value)
#ovs_vsctl_timeout = 10
@@ -93,7 +94,7 @@
# Name of bridge used for external network traffic. This should be set to an empty value for the Linux Bridge. When this parameter is set,
# each L3 agent can be associated with no more than one external network. (string value)
#external_network_bridge = br-ex
-external_network_bridge =
+external_network_bridge =
# Seconds between running periodic tasks (integer value)
#periodic_interval = 40
@@ -228,3 +229,13 @@
# Log agent heartbeats (boolean value)
#log_agent_heartbeats = false
+{%- if fwaas.get('enabled', False) %}
+extensions = {{ fwaas[fwaas.api_version]['l3_extension'] }}
+{%- endif %}
+
+{%- if fwaas.get('enabled', False) %}
+[fwaas]
+driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
+enabled = {{ fwaas.get('enabled', 'False') }}
+agent_version = {{ fwaas.api_version }}
+{%- endif %}
diff --git a/neutron/files/mitaka/metadata_agent.ini b/neutron/files/mitaka/metadata_agent.ini
index 15c21ac..ccbb827 100644
--- a/neutron/files/mitaka/metadata_agent.ini
+++ b/neutron/files/mitaka/metadata_agent.ini
@@ -58,6 +58,9 @@
# Number of separate worker processes for metadata server (defaults to half of the number of CPUs) (integer value)
#metadata_workers = 4
+{%- if neutron.metadata.workers is defined %}
+metadata_workers = {{ neutron.metadata.workers }}
+{%- endif %}
# Number of backlog requests to configure the metadata server socket with (integer value)
#metadata_backlog = 4096
diff --git a/neutron/files/mitaka/ml2_conf.ini b/neutron/files/mitaka/ml2_conf.ini
index 67841f2..c6a7f12 100644
--- a/neutron/files/mitaka/ml2_conf.ini
+++ b/neutron/files/mitaka/ml2_conf.ini
@@ -96,7 +96,14 @@
# An ordered list of networking mechanism driver entrypoints to be loaded from the neutron.ml2.mechanism_drivers namespace. (list value)
#mechanism_drivers =openvswitch,l2population
-mechanism_drivers ={%- for backend_name, mechanism in server.backend.get('mechanism', {}).iteritems() %}{{ mechanism.driver }},{%- endfor %}l2population
+{%- set mechanism_drivers = [] %}
+{%- for mechanism_name, mechanism in server.get('backend', {}).get('mechanism', []).items() %}
+{%- do mechanism_drivers.append(mechanism.get('driver')) if 'driver' in mechanism %}
+{%- endfor %}
+{%- if "vxlan" in server.backend.tenant_network_types %}
+{%- do mechanism_drivers.append('l2population') %}
+{%- endif %}
+mechanism_drivers = {{ ','.join(mechanism_drivers) }}
# An ordered list of extension driver entrypoints to be loaded from the neutron.ml2.extension_drivers namespace. For example:
# extension_drivers = port_security,qos (list value)
@@ -106,12 +113,22 @@
# Maximum size of an IP packet (MTU) that can traverse the underlying physical network infrastructure without fragmentation for
# overlay/tunnel networks. In most cases, use the same value as the global_physnet_mtu option. (integer value)
#path_mtu = 1500
-path_mtu = {{ server.get('global_physnet_mtu', '1500') }}
+path_mtu = {{ server.get('path_mtu', server.get('global_physnet_mtu', '1500')) }}
# A list of mappings of physical networks to MTU values. The format of the mapping is <physnet>:<mtu val>. This mapping allows specifying a
# physical network MTU value that differs from the default global_physnet_mtu value. (list value)
#physical_network_mtus =
-physical_network_mtus =physnet1:{{ server.backend.get('external_mtu', '1500') }}{%- if "vlan" in server.backend.tenant_network_types %},physnet2:{{ server.backend.get('external_mtu', '1500') }}{%- endif %}
+{%- set physical_network_mtus = [] %}
+{%- if server.get('external_access', True) %}
+{%- do physical_network_mtus.append(['physnet1',server.backend.get('external_mtu', '1500')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do physical_network_mtus.append(['physnet2',server.backend.get('tenant_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do physical_network_mtus.append(['physnet3',server.backend.get('ironic_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+physical_network_mtus = {{ ','.join(physical_network_mtus) }}
# Default network type for external networks when no provider attributes are specified. By default it is None, which means that if provider
# attributes are not specified while creating external networks then they will have the same type as tenant networks. Allowed values for
@@ -168,8 +185,17 @@
# List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network> specifying physical_network names usable for VLAN provider and
# tenant networks, as well as ranges of VLAN tags on each available for allocation to tenant networks. (list value)
#network_vlan_ranges =
-network_vlan_ranges = physnet1{%- if server.backend.external_vlan_range is defined %}:{{ server.backend.external_vlan_range }}{%- endif %}{%- if "vlan" in server.backend.tenant_network_types %},physnet2:{{ server.backend.tenant_vlan_range }}{%- endif %}
-
+{%- set network_vlan_ranges = [] %}
+{%- if server.backend.external_vlan_range is defined %}
+{%- do network_vlan_ranges.append(['physnet1',server.backend.get('external_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do network_vlan_ranges.append(['physnet2',server.backend.get('tenant_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do network_vlan_ranges.append(['physnet3',server.backend.get('ironic_vlan_range')]|join(":")) %}
+{%- endif %}
+network_vlan_ranges = {{ ','.join(network_vlan_ranges) }}
[ml2_type_vxlan]
@@ -180,12 +206,12 @@
# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation
# (list value)
#vni_ranges =
-vni_ranges =2:65535
+vni_ranges = {{ server.get('vxlan', {}).vni_ranges|default('2:65535') }}
# Multicast group for VXLAN. When configured, will enable sending all broadcast traffic to this multicast group. When left unconfigured,
# will disable multicast VXLAN mode. (string value)
#vxlan_group = <None>
-vxlan_group = 224.0.0.1
+vxlan_group = {{ server.get('vxlan', {}).group|default('224.0.0.1') }}
[securitygroup]
@@ -199,7 +225,7 @@
{%- if server.dpdk %}
firewall_driver = openvswitch
{%- else %}
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+firewall_driver = iptables_hybrid
{%- endif %}
# Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the
diff --git a/neutron/files/mitaka/neutron-generic.conf.Debian b/neutron/files/mitaka/neutron-generic.conf.Debian
index 0741f47..6358414 100644
--- a/neutron/files/mitaka/neutron-generic.conf.Debian
+++ b/neutron/files/mitaka/neutron-generic.conf.Debian
@@ -130,6 +130,9 @@
# this machine. All the agents and services running on this machine must use
# the same host value. (string value)
#host = example.domain
+{% if neutron.host is defined %}
+host = {{ neutron.host }}
+{% endif %}
# Ensure that configured gateway is on subnet. For IPv6, validate only if
# gateway is not a link local address. Deprecated, to be removed during the
@@ -178,6 +181,7 @@
# value. Defaults to 1500, the standard value for Ethernet. (integer value)
# Deprecated group/name - [ml2]/segment_mtu
#global_physnet_mtu = 1500
+global_physnet_mtu = {{ neutron.get('global_physnet_mtu', '1500') }}
# Number of backlog requests to configure the socket with (integer value)
#backlog = 4096
@@ -518,7 +522,7 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
-rpc_response_timeout=60
+rpc_response_timeout=120
# A URL representing the messaging driver to use and its full configuration. If
# not set, we fall back to the rpc_backend option and driver specific
@@ -584,7 +588,7 @@
#use_helper_for_ns_read = true
# Root helper daemon application to use when possible. (string value)
-#root_helper_daemon = <None>
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
# Seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time. (floating
@@ -1268,14 +1272,27 @@
# Deprecated group/name - [DEFAULT]/rabbit_hosts
#rabbit_hosts = $rabbit_host:$rabbit_port
#
+{%- set rabbit_port = neutron.message_queue.get('port', 5671 if neutron.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if neutron.message_queue.members is defined %}
rabbit_hosts = {% for member in neutron.message_queue.members -%}
- {{ member.host }}:{{ member.get('port', 5672) }}
+ {{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
{%- else %}
rabbit_host = {{ neutron.message_queue.host }}
-rabbit_port = {{ neutron.message_queue.port }}
+rabbit_port = {{ rabbit_port }}
+{%- endif %}
+
+{%- if neutron.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if neutron.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ neutron.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.get('cacert_file', neutron.cacert_file) }}
{%- endif %}
rabbit_userid = {{ neutron.message_queue.user }}
diff --git a/neutron/files/mitaka/neutron-server b/neutron/files/mitaka/neutron-server
index 54f6ceb..ee68f08 100644
--- a/neutron/files/mitaka/neutron-server
+++ b/neutron/files/mitaka/neutron-server
@@ -13,4 +13,8 @@
{%- if server.backend.engine == "contrail" %}
NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
-{%- endif %}
\ No newline at end of file
+{%- endif %}
+
+{%- if server.logging.log_appender %}
+DAEMON_ARGS="${DAEMON_ARGS} --log-config-append=/etc/neutron/logging/logging-neutron-server.conf"
+{%- endif %}
diff --git a/neutron/files/mitaka/neutron-server.conf.Debian b/neutron/files/mitaka/neutron-server.conf.Debian
index f36b5fa..d676791 100644
--- a/neutron/files/mitaka/neutron-server.conf.Debian
+++ b/neutron/files/mitaka/neutron-server.conf.Debian
@@ -1,4 +1,5 @@
-{%- from "neutron/map.jinja" import server with context %}
+{%- from "neutron/map.jinja" import fwaas, server with context %}
+
[DEFAULT]
#
@@ -37,9 +38,9 @@
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin{%- if server.lbaas is defined -%}
-,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
-{%- endif -%}
+service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin
+{%- if server.lbaas is defined -%},neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2{%- endif -%}
+{%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%}
{% endif %}
@@ -214,13 +215,26 @@
# default is equal to the number of CPUs available for best performance.
# (integer value)
#api_workers = <None>
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of RPC worker processes for service (integer value)
#rpc_workers = 1
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- else %}
+rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
# Number of RPC worker processes dedicated to state reports queue (integer
# value)
#rpc_state_report_workers = 1
+{%- if server.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ server.rpc_state_report_workers }}
+{%- else %}
+rpc_state_report_workers = 4
+{%- endif %}
# Range of seconds to randomly delay when starting the periodic task scheduler
# to reduce stampeding. (Disable by setting to 0) (integer value)
@@ -332,6 +346,7 @@
# Automatically reschedule routers from offline L3 agents to online L3 agents.
# (boolean value)
#allow_automatic_l3agent_failover = false
+allow_automatic_l3agent_failover = true
# Enable HA mode for virtual routers. (boolean value)
#l3_ha = false
@@ -340,6 +355,7 @@
# Maximum number of L3 agents which a HA router will be scheduled on. If it is
# set to 0 then the router will be scheduled on every agent. (integer value)
#max_l3_agents_per_router = 3
+max_l3_agents_per_router = 0
# Minimum number of L3 agents which a HA router will be scheduled on. If it is
# set to 0 then the router will be scheduled on every agent. (integer value)
@@ -541,7 +557,7 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
-rpc_response_timeout=60
+rpc_response_timeout=120
# A URL representing the messaging driver to use and its full configuration. If
# not set, we fall back to the rpc_backend option and driver specific
@@ -609,7 +625,7 @@
#use_helper_for_ns_read = true
# Root helper daemon application to use when possible. (string value)
-#root_helper_daemon = <None>
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
# Seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time. (floating
@@ -745,7 +761,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
{% if server.backend.engine == "ml2" %}
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
{% else %}
connection = sqlite:////var/lib/neutron/neutron.sqlite
{% endif %}
@@ -775,7 +791,7 @@
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size = <None>
-max_pool_size = 20
+max_pool_size = {{ [grains.num_cpus * 5, 30] | sort | first }}
# Maximum number of database connection retries during startup. Set to -1 to
# specify an infinite retry count. (integer value)
@@ -840,7 +856,7 @@
auth_protocol=http
revocation_cache_time = 10
{% if server.backend.engine == "contrail" %}
-# LBaaS contrail neutron plugin for versions 3.x expects auth_type to be
+# LBaaS contrail neutron plugin for versions 3.x expects auth_type to be
# 'keystone' or 'noauth'
# This behaviour is fixed after the release MCP1.0 by using auth_strategy
# instead of auth_type, until this is backported to MCP1.0 auth_type must be
@@ -1361,14 +1377,27 @@
# Deprecated group/name - [DEFAULT]/rabbit_hosts
#rabbit_hosts = $rabbit_host:$rabbit_port
#
+{%- set rabbit_port = server.message_queue.get('port', 5671 if server.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if server.message_queue.members is defined %}
rabbit_hosts = {% for member in server.message_queue.members -%}
- {{ member.host }}:{{ member.get('port', 5672) }}
+ {{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
{%- else %}
rabbit_host = {{ server.message_queue.host }}
-rabbit_port = {{ server.message_queue.port }}
+rabbit_port = {{ rabbit_port }}
+{%- endif %}
+
+{%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if server.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ server.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
rabbit_userid = {{ server.message_queue.user }}
diff --git a/neutron/files/mitaka/openvswitch_agent.ini b/neutron/files/mitaka/openvswitch_agent.ini
index b93aaeb..50ba830 100644
--- a/neutron/files/mitaka/openvswitch_agent.ini
+++ b/neutron/files/mitaka/openvswitch_agent.ini
@@ -189,12 +189,22 @@
# a physical network interface configured as a port. All physical networks configured on the server should have mappings to appropriate
# bridges on each agent. Note: If you remove a bridge from this mapping, make sure to disconnect it from the integration bridge as it won't
# be managed by the agent anymore. Deprecated for ofagent. (list value)
-#bridge_mappings =
-{%- if "vlan" in neutron.backend.tenant_network_types %}
-bridge_mappings ={%- if neutron.get('external_access', True) %}physnet1:br-floating,{%- endif %}physnet2:br-prv
-{%- elif neutron.get('external_access', True) %}
-bridge_mappings =physnet1:br-floating
+{% set bridge_mappings=[] %}
+{%- if neutron.bridge_mappings is defined %}
+{%- for physnet,bridge in neutron.bridge_mappings.iteritems() %}{%- do bridge_mappings.append(physnet+':'+bridge) %}{%- endfor %}
{%- endif %}
+{%- if 'br-floating' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('external_access', True) %}
+{%- do bridge_mappings.append('physnet1:br-floating') %}{%- endif %}{%- endif %}
+{%- if 'br-prv' not in neutron.get('bridge_mappings', {}).values() %}{%- if "vlan" in neutron.backend.tenant_network_types %}
+{%- do bridge_mappings.append('physnet2:br-prv') %}{%- endif %}{%- endif %}
+{%- if 'br-baremetal' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('ironic_enabled', False) %}
+{%- do bridge_mappings.append('physnet3:br-baremetal') %}{%- endif %}{%- endif %}
+{%- if bridge_mappings %}
+bridge_mappings = {{ ','.join(bridge_mappings) }}
+{%- else %}
+#bridge_mappings =
+{%- endif %}
+
# Use veths instead of patch ports to interconnect the integration bridge to physical networks. Support kernel without Open vSwitch patch
# port support so long as it is set to True. (boolean value)
#use_veth_interconnection = false
@@ -213,6 +223,9 @@
# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch
+{%- if neutron.vhost_socket_dir is defined %}
+vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
+{%- endif %}
# Address to listen on for OpenFlow connections. Used only for 'native' driver. (IP address value)
#of_listen_address = 127.0.0.1
@@ -246,7 +259,7 @@
{%- if neutron.dpdk %}
firewall_driver = openvswitch
{%- else %}
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+firewall_driver = iptables_hybrid
{%- endif %}
# Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the
diff --git a/neutron/files/newton/dhcp_agent.ini b/neutron/files/newton/dhcp_agent.ini
index 908086d..17a01ce 100644
--- a/neutron/files/newton/dhcp_agent.ini
+++ b/neutron/files/newton/dhcp_agent.ini
@@ -19,7 +19,7 @@
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
-interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = openvswitch
# Timeout in seconds for ovs-vsctl commands. If the timeout expires, ovs commands will fail with ALARMCLOCK error. (integer value)
#ovs_vsctl_timeout = 10
diff --git a/neutron/files/newton/l3_agent.ini b/neutron/files/newton/l3_agent.ini
index 0095ab7..56bf297 100644
--- a/neutron/files/newton/l3_agent.ini
+++ b/neutron/files/newton/l3_agent.ini
@@ -25,7 +25,7 @@
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
-interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = openvswitch
# Timeout in seconds for ovs-vsctl commands. If the timeout expires, ovs commands will fail with ALARMCLOCK error. (integer value)
#ovs_vsctl_timeout = 10
@@ -90,10 +90,12 @@
# be used. (string value)
#external_ingress_mark = 0x2
-# Name of bridge used for external network traffic. This should be set to an empty value for the Linux Bridge. When this parameter is set,
-# each L3 agent can be associated with no more than one external network. (string value)
-#external_network_bridge = br-ex
-external_network_bridge =
+# DEPRECATED: Name of bridge used for external network traffic. When this parameter is set, the L3 agent will plug an interface directly
+# into an external bridge which will not allow any wiring by the L2 agent. Using this will result in incorrect port statuses. This option is
+# deprecated and will be removed in Ocata. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#external_network_bridge =
# Seconds between running periodic tasks (integer value)
#periodic_interval = 40
diff --git a/neutron/files/newton/metadata_agent.ini b/neutron/files/newton/metadata_agent.ini
index 15c21ac..ccbb827 100644
--- a/neutron/files/newton/metadata_agent.ini
+++ b/neutron/files/newton/metadata_agent.ini
@@ -58,6 +58,9 @@
# Number of separate worker processes for metadata server (defaults to half of the number of CPUs) (integer value)
#metadata_workers = 4
+{%- if neutron.metadata.workers is defined %}
+metadata_workers = {{ neutron.metadata.workers }}
+{%- endif %}
# Number of backlog requests to configure the metadata server socket with (integer value)
#metadata_backlog = 4096
diff --git a/neutron/files/newton/ml2_conf.ini b/neutron/files/newton/ml2_conf.ini
index 67841f2..c6a7f12 100644
--- a/neutron/files/newton/ml2_conf.ini
+++ b/neutron/files/newton/ml2_conf.ini
@@ -96,7 +96,14 @@
# An ordered list of networking mechanism driver entrypoints to be loaded from the neutron.ml2.mechanism_drivers namespace. (list value)
#mechanism_drivers =openvswitch,l2population
-mechanism_drivers ={%- for backend_name, mechanism in server.backend.get('mechanism', {}).iteritems() %}{{ mechanism.driver }},{%- endfor %}l2population
+{%- set mechanism_drivers = [] %}
+{%- for mechanism_name, mechanism in server.get('backend', {}).get('mechanism', []).items() %}
+{%- do mechanism_drivers.append(mechanism.get('driver')) if 'driver' in mechanism %}
+{%- endfor %}
+{%- if "vxlan" in server.backend.tenant_network_types %}
+{%- do mechanism_drivers.append('l2population') %}
+{%- endif %}
+mechanism_drivers = {{ ','.join(mechanism_drivers) }}
# An ordered list of extension driver entrypoints to be loaded from the neutron.ml2.extension_drivers namespace. For example:
# extension_drivers = port_security,qos (list value)
@@ -106,12 +113,22 @@
# Maximum size of an IP packet (MTU) that can traverse the underlying physical network infrastructure without fragmentation for
# overlay/tunnel networks. In most cases, use the same value as the global_physnet_mtu option. (integer value)
#path_mtu = 1500
-path_mtu = {{ server.get('global_physnet_mtu', '1500') }}
+path_mtu = {{ server.get('path_mtu', server.get('global_physnet_mtu', '1500')) }}
# A list of mappings of physical networks to MTU values. The format of the mapping is <physnet>:<mtu val>. This mapping allows specifying a
# physical network MTU value that differs from the default global_physnet_mtu value. (list value)
#physical_network_mtus =
-physical_network_mtus =physnet1:{{ server.backend.get('external_mtu', '1500') }}{%- if "vlan" in server.backend.tenant_network_types %},physnet2:{{ server.backend.get('external_mtu', '1500') }}{%- endif %}
+{%- set physical_network_mtus = [] %}
+{%- if server.get('external_access', True) %}
+{%- do physical_network_mtus.append(['physnet1',server.backend.get('external_mtu', '1500')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do physical_network_mtus.append(['physnet2',server.backend.get('tenant_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do physical_network_mtus.append(['physnet3',server.backend.get('ironic_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+physical_network_mtus = {{ ','.join(physical_network_mtus) }}
# Default network type for external networks when no provider attributes are specified. By default it is None, which means that if provider
# attributes are not specified while creating external networks then they will have the same type as tenant networks. Allowed values for
@@ -168,8 +185,17 @@
# List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network> specifying physical_network names usable for VLAN provider and
# tenant networks, as well as ranges of VLAN tags on each available for allocation to tenant networks. (list value)
#network_vlan_ranges =
-network_vlan_ranges = physnet1{%- if server.backend.external_vlan_range is defined %}:{{ server.backend.external_vlan_range }}{%- endif %}{%- if "vlan" in server.backend.tenant_network_types %},physnet2:{{ server.backend.tenant_vlan_range }}{%- endif %}
-
+{%- set network_vlan_ranges = [] %}
+{%- if server.backend.external_vlan_range is defined %}
+{%- do network_vlan_ranges.append(['physnet1',server.backend.get('external_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do network_vlan_ranges.append(['physnet2',server.backend.get('tenant_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do network_vlan_ranges.append(['physnet3',server.backend.get('ironic_vlan_range')]|join(":")) %}
+{%- endif %}
+network_vlan_ranges = {{ ','.join(network_vlan_ranges) }}
[ml2_type_vxlan]
@@ -180,12 +206,12 @@
# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation
# (list value)
#vni_ranges =
-vni_ranges =2:65535
+vni_ranges = {{ server.get('vxlan', {}).vni_ranges|default('2:65535') }}
# Multicast group for VXLAN. When configured, will enable sending all broadcast traffic to this multicast group. When left unconfigured,
# will disable multicast VXLAN mode. (string value)
#vxlan_group = <None>
-vxlan_group = 224.0.0.1
+vxlan_group = {{ server.get('vxlan', {}).group|default('224.0.0.1') }}
[securitygroup]
@@ -199,7 +225,7 @@
{%- if server.dpdk %}
firewall_driver = openvswitch
{%- else %}
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+firewall_driver = iptables_hybrid
{%- endif %}
# Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the
diff --git a/neutron/files/newton/neutron-generic.conf.Debian b/neutron/files/newton/neutron-generic.conf.Debian
index 2f4b89e..5144b71 100644
--- a/neutron/files/newton/neutron-generic.conf.Debian
+++ b/neutron/files/newton/neutron-generic.conf.Debian
@@ -130,6 +130,9 @@
# this machine. All the agents and services running on this machine must use
# the same host value. (string value)
#host = example.domain
+{% if neutron.host is defined %}
+host = {{ neutron.host }}
+{% endif %}
# Ensure that configured gateway is on subnet. For IPv6, validate only if
# gateway is not a link local address. Deprecated, to be removed during the
@@ -178,6 +181,7 @@
# value. Defaults to 1500, the standard value for Ethernet. (integer value)
# Deprecated group/name - [ml2]/segment_mtu
#global_physnet_mtu = 1500
+global_physnet_mtu = {{ neutron.get('global_physnet_mtu', '1500') }}
# Number of backlog requests to configure the socket with (integer value)
#backlog = 4096
@@ -518,26 +522,27 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
-rpc_response_timeout=60
+rpc_response_timeout=120
# A URL representing the messaging driver to use and its full configuration. If
# not set, we fall back to the rpc_backend option and driver specific
# configuration. (string value)
#transport_url = <None>
+
+{%- set rabbit_port = neutron.message_queue.get('port', 5671 if neutron.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if neutron.message_queue.members is defined %}
transport_url = rabbit://{% for member in neutron.message_queue.members -%}
- {{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ neutron.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ neutron.message_queue.port }}/{{ neutron.message_queue.virtual_host }}
+transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ rabbit_port }}/{{ neutron.message_queue.virtual_host }}
{%- endif %}
# The messaging driver to use, defaults to rabbit. Other drivers include amqp
# and zmq. (string value)
#rpc_backend = rabbit
-rpc_backend = rabbit
# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
@@ -593,7 +598,7 @@
#use_helper_for_ns_read = true
# Root helper daemon application to use when possible. (string value)
-#root_helper_daemon = <None>
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
# Seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time. (floating
@@ -1216,6 +1221,18 @@
# From oslo.messaging
#
+{%- if neutron.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if neutron.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ neutron.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.get('cacert_file', neutron.cacert_file) }}
+{%- endif %}
+
# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
@@ -1316,7 +1333,6 @@
# count). (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_max_retries
#rabbit_max_retries = 0
-rabbit_max_retries = 0
# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
diff --git a/neutron/files/newton/neutron-server b/neutron/files/newton/neutron-server
index 54f6ceb..ee68f08 100644
--- a/neutron/files/newton/neutron-server
+++ b/neutron/files/newton/neutron-server
@@ -13,4 +13,8 @@
{%- if server.backend.engine == "contrail" %}
NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
-{%- endif %}
\ No newline at end of file
+{%- endif %}
+
+{%- if server.logging.log_appender %}
+DAEMON_ARGS="${DAEMON_ARGS} --log-config-append=/etc/neutron/logging/logging-neutron-server.conf"
+{%- endif %}
diff --git a/neutron/files/newton/neutron-server.conf.Debian b/neutron/files/newton/neutron-server.conf.Debian
index 1ae886b..cf54c3e 100644
--- a/neutron/files/newton/neutron-server.conf.Debian
+++ b/neutron/files/newton/neutron-server.conf.Debian
@@ -214,13 +214,26 @@
# default is equal to the number of CPUs available for best performance.
# (integer value)
#api_workers = <None>
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of RPC worker processes for service (integer value)
#rpc_workers = 1
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- else %}
+rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
# Number of RPC worker processes dedicated to state reports queue (integer
# value)
#rpc_state_report_workers = 1
+{%- if server.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ server.rpc_state_report_workers }}
+{%- else %}
+rpc_state_report_workers = 4
+{%- endif %}
# Range of seconds to randomly delay when starting the periodic task scheduler
# to reduce stampeding. (Disable by setting to 0) (integer value)
@@ -332,6 +345,7 @@
# Automatically reschedule routers from offline L3 agents to online L3 agents.
# (boolean value)
#allow_automatic_l3agent_failover = false
+allow_automatic_l3agent_failover = true
# Enable HA mode for virtual routers. (boolean value)
#l3_ha = false
@@ -340,6 +354,7 @@
# Maximum number of L3 agents which a HA router will be scheduled on. If it is
# set to 0 then the router will be scheduled on every agent. (integer value)
#max_l3_agents_per_router = 3
+max_l3_agents_per_router = 0
# Minimum number of L3 agents which a HA router will be scheduled on. If it is
# set to 0 then the router will be scheduled on every agent. (integer value)
@@ -541,28 +556,29 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
-rpc_response_timeout=60
+rpc_response_timeout=120
# A URL representing the messaging driver to use and its full configuration. If
# not set, we fall back to the rpc_backend option and driver specific
# configuration. (string value)
#transport_url = <None>
-# The messaging driver to use, defaults to rabbit. Other drivers include amqp
-# and zmq. (string value)
-#rpc_backend = rabbit
-rpc_backend = rabbit
-
+{%- set rabbit_port = server.message_queue.get('port', 5671 if server.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if server.message_queue.members is defined %}
transport_url = rabbit://{% for member in server.message_queue.members -%}
- {{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ server.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}/{{ server.message_queue.virtual_host }}
+transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ rabbit_port }}/{{ server.message_queue.virtual_host }}
{%- endif %}
+# The messaging driver to use, defaults to rabbit. Other drivers include amqp
+# and zmq. (string value)
+#rpc_backend = rabbit
+
+
# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
#control_exchange = neutron
@@ -619,7 +635,7 @@
#use_helper_for_ns_read = true
# Root helper daemon application to use when possible. (string value)
-#root_helper_daemon = <None>
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
# Seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time. (floating
@@ -755,7 +771,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
{% if server.backend.engine == "ml2" %}
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
{% else %}
connection = sqlite:////var/lib/neutron/neutron.sqlite
{% endif %}
@@ -785,7 +801,7 @@
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size = <None>
-max_pool_size = 20
+max_pool_size = {{ [grains.num_cpus * 5, 30] | sort | first }}
# Maximum number of database connection retries during startup. Set to -1 to
# specify an infinite retry count. (integer value)
@@ -857,8 +873,11 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri=http://{{ server.identity.host }}:5000
-auth_url=http://{{ server.identity.host }}:35357
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
{%- if server.cache is defined %}
memcached_servers={%- for member in server.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
{%- endif %}
@@ -1094,7 +1113,10 @@
password = {{ server.compute.password }}
username = {{ server.compute.user }}
auth_type = password
-auth_url = http://{{ server.identity.host }}:35357
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
# Authentication type to load (unknown value)
# Deprecated group/name - [DEFAULT]/auth_plugin
@@ -1298,6 +1320,18 @@
# From oslo.messaging
#
+{%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if server.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ server.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+
# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
@@ -1398,7 +1432,6 @@
# count). (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_max_retries
#rabbit_max_retries = 0
-rabbit_max_retries = 0
# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
diff --git a/neutron/files/newton/openvswitch_agent.ini b/neutron/files/newton/openvswitch_agent.ini
index b93aaeb..50ba830 100644
--- a/neutron/files/newton/openvswitch_agent.ini
+++ b/neutron/files/newton/openvswitch_agent.ini
@@ -189,12 +189,22 @@
# a physical network interface configured as a port. All physical networks configured on the server should have mappings to appropriate
# bridges on each agent. Note: If you remove a bridge from this mapping, make sure to disconnect it from the integration bridge as it won't
# be managed by the agent anymore. Deprecated for ofagent. (list value)
-#bridge_mappings =
-{%- if "vlan" in neutron.backend.tenant_network_types %}
-bridge_mappings ={%- if neutron.get('external_access', True) %}physnet1:br-floating,{%- endif %}physnet2:br-prv
-{%- elif neutron.get('external_access', True) %}
-bridge_mappings =physnet1:br-floating
+{% set bridge_mappings=[] %}
+{%- if neutron.bridge_mappings is defined %}
+{%- for physnet,bridge in neutron.bridge_mappings.iteritems() %}{%- do bridge_mappings.append(physnet+':'+bridge) %}{%- endfor %}
{%- endif %}
+{%- if 'br-floating' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('external_access', True) %}
+{%- do bridge_mappings.append('physnet1:br-floating') %}{%- endif %}{%- endif %}
+{%- if 'br-prv' not in neutron.get('bridge_mappings', {}).values() %}{%- if "vlan" in neutron.backend.tenant_network_types %}
+{%- do bridge_mappings.append('physnet2:br-prv') %}{%- endif %}{%- endif %}
+{%- if 'br-baremetal' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('ironic_enabled', False) %}
+{%- do bridge_mappings.append('physnet3:br-baremetal') %}{%- endif %}{%- endif %}
+{%- if bridge_mappings %}
+bridge_mappings = {{ ','.join(bridge_mappings) }}
+{%- else %}
+#bridge_mappings =
+{%- endif %}
+
# Use veths instead of patch ports to interconnect the integration bridge to physical networks. Support kernel without Open vSwitch patch
# port support so long as it is set to True. (boolean value)
#use_veth_interconnection = false
@@ -213,6 +223,9 @@
# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch
+{%- if neutron.vhost_socket_dir is defined %}
+vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
+{%- endif %}
# Address to listen on for OpenFlow connections. Used only for 'native' driver. (IP address value)
#of_listen_address = 127.0.0.1
@@ -246,7 +259,7 @@
{%- if neutron.dpdk %}
firewall_driver = openvswitch
{%- else %}
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+firewall_driver = iptables_hybrid
{%- endif %}
# Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the
diff --git a/neutron/files/newton/sriov_agent.ini b/neutron/files/newton/sriov_agent.ini
index d4ac823..971f52f 100644
--- a/neutron/files/newton/sriov_agent.ini
+++ b/neutron/files/newton/sriov_agent.ini
@@ -43,3 +43,8 @@
# functions that should not be used for virtual networking. vfs_to_exclude is a semicolon-separated list of virtual functions to exclude
# from network_device. The network_device in the mapping should appear in the physical_device_mappings list. (list value)
#exclude_devices =
+
+{%- if pillar.neutron.compute is defined %}
+[securitygroup]
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+{%- endif %}
diff --git a/neutron/files/ocata/api-paste.ini.Debian b/neutron/files/ocata/api-paste.ini.Debian
index 580ee6f..dee1cfa 100644
--- a/neutron/files/ocata/api-paste.ini.Debian
+++ b/neutron/files/ocata/api-paste.ini.Debian
@@ -7,13 +7,18 @@
[composite:neutronapi_v2_0]
use = call:neutron.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
-keystone = cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions {% if server.audit.enabled %}audit {% endif %}neutronapiapp_v2_0
+keystone = cors http_proxy_to_wsgi {%- if server.backend.engine == "contrail" and server.backend.get('rbac', False) %} user_token {%- endif %} request_id catch_errors authtoken keystonecontext extensions {% if server.audit.enabled %}audit {% endif %}neutronapiapp_v2_0
[composite:neutronversions_composite]
use = call:neutron.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi neutronversions
keystone = cors http_proxy_to_wsgi {% if server.audit.enabled %}audit {% endif %}neutronversions
+{%- if server.backend.engine == "contrail" and server.backend.get('rbac', False) %}
+[filter:user_token]
+paste.filter_factory = neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory
+{%- endif %}
+
[filter:request_id]
paste.filter_factory = oslo_middleware:RequestId.factory
diff --git a/neutron/files/ocata/dhcp_agent.ini b/neutron/files/ocata/dhcp_agent.ini
index 293b968..d327e64 100644
--- a/neutron/files/ocata/dhcp_agent.ini
+++ b/neutron/files/ocata/dhcp_agent.ini
@@ -19,7 +19,7 @@
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
-interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = openvswitch
# Timeout in seconds for ovs-vsctl commands. If the timeout expires, ovs commands will fail with ALARMCLOCK error. (integer value)
#ovs_vsctl_timeout = 10
diff --git a/neutron/files/ocata/fwaas_driver.ini b/neutron/files/ocata/fwaas_driver.ini
new file mode 100644
index 0000000..40442a4
--- /dev/null
+++ b/neutron/files/ocata/fwaas_driver.ini
@@ -0,0 +1,25 @@
+{%- from "neutron/map.jinja" import fwaas with context %}
+
+[DEFAULT]
+
+[fwaas]
+
+#
+# From firewall.agent
+#
+
+# Name of the FWaaS Driver (string value)
+#driver =
+driver = {{ fwaas.get('driver', fwaas[fwaas.api_version].get('driver')) }}
+
+# Enable FWaaS (boolean value)
+#enabled = false
+enabled = {{ fwaas.get('enabled', 'False') }}
+
+# Firewall agent class (string value)
+#agent_version = v1
+agent_version = {{ fwaas.api_version }}
+
+# Name of the FWaaS Conntrack Driver (string value)
+#conntrack_driver = conntrack
+conntrack_driver = {{ fwaas.get('conntrack_driver', 'conntrack') }}
diff --git a/neutron/files/ocata/l3_agent.ini b/neutron/files/ocata/l3_agent.ini
index 44b27ff..7b386a5 100644
--- a/neutron/files/ocata/l3_agent.ini
+++ b/neutron/files/ocata/l3_agent.ini
@@ -3,6 +3,7 @@
{%- else %}
{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}
+{%- from "neutron/map.jinja" import fwaas with context %}
[DEFAULT]
@@ -20,7 +21,7 @@
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
-interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = openvswitch
# Timeout in seconds for ovs-vsctl commands. If the timeout expires, ovs
# commands will fail with ALARMCLOCK error. (integer value)
@@ -106,7 +107,6 @@
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#external_network_bridge =
-external_network_bridge =
# Seconds between running periodic tasks. (integer value)
#periodic_interval = 40
@@ -304,6 +304,9 @@
# Extensions list to use (list value)
#extensions =
+{%- if fwaas.get('enabled', False) %}
+extensions = {{ fwaas[fwaas.api_version]['l3_extension'] }}
+{%- endif %}
[ovs]
diff --git a/neutron/files/ocata/metadata_agent.ini b/neutron/files/ocata/metadata_agent.ini
index 9772781..082da7b 100644
--- a/neutron/files/ocata/metadata_agent.ini
+++ b/neutron/files/ocata/metadata_agent.ini
@@ -67,6 +67,9 @@
# Number of separate worker processes for metadata server (defaults to half of
# the number of CPUs) (integer value)
#metadata_workers = 2
+{%- if neutron.metadata.workers is defined %}
+metadata_workers = {{ neutron.metadata.workers }}
+{%- endif %}
# Number of backlog requests to configure the metadata server socket with
# (integer value)
diff --git a/neutron/files/ocata/ml2_conf.ini b/neutron/files/ocata/ml2_conf.ini
index 736ce2d..300afce 100644
--- a/neutron/files/ocata/ml2_conf.ini
+++ b/neutron/files/ocata/ml2_conf.ini
@@ -120,7 +120,6 @@
# List of network type driver entrypoints to be loaded from the
# neutron.ml2.type_drivers namespace. (list value)
#type_drivers = local,flat,vlan,gre,vxlan,geneve
-type_drivers = local,flat,vlan,gre,vxlan
# Ordered list of network_types to allocate as tenant networks. The default
# value 'local' is useful for single-box testing but provides no connectivity
@@ -131,27 +130,56 @@
# An ordered list of networking mechanism driver entrypoints to be loaded from
# the neutron.ml2.mechanism_drivers namespace. (list value)
#mechanism_drivers =
-mechanism_drivers ={%- for backend_name, mechanism in server.backend.get('mechanism', {}).iteritems() %}{{ mechanism.driver }},{%- endfor %}l2population
+{%- set mechanism_drivers = [] %}
+{%- for mechanism_name, mechanism in server.get('backend', {}).get('mechanism', []).items() %}
+{%- do mechanism_drivers.append(mechanism.get('driver')) if 'driver' in mechanism %}
+{%- endfor %}
+{%- if "vxlan" in server.backend.tenant_network_types %}
+{%- do mechanism_drivers.append('l2population') %}
+{%- endif %}
+mechanism_drivers = {{ ','.join(mechanism_drivers) }}
# An ordered list of extension driver entrypoints to be loaded from the
# neutron.ml2.extension_drivers namespace. For example: extension_drivers =
# port_security,qos (list value)
#extension_drivers =
-extension_drivers = port_security
+{# Get server:backend:extension mapping and prepare tmp_ext_list list with extentions where enabled = True #}
+{%- set tmp_ext_list = [] %}
+{%- for ext_name, ext_params in server.backend.get('extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) %}
+{%- endfor %}
+{# Below section is for backward compatible when extentions were separated properties without server:backend:extension pillar #}
+{%- do tmp_ext_list.append('port_security') if 'port_security' not in tmp_ext_list %}
+{%- do tmp_ext_list.append('qos') if server.get('qos', 'True') and 'qos' not in tmp_ext_list %}
+extension_drivers={{ tmp_ext_list|join(',') }}
# Maximum size of an IP packet (MTU) that can traverse the underlying physical
# network infrastructure without fragmentation when using an overlay/tunnel
# protocol. This option allows specifying a physical network MTU value that
# differs from the default global_physnet_mtu value. (integer value)
#path_mtu = 0
-path_mtu = {{ server.get('global_physnet_mtu', '1500') }}
+path_mtu = {{ server.get('path_mtu', server.get('global_physnet_mtu', '0')) }}
# A list of mappings of physical networks to MTU values. The format of the
# mapping is <physnet>:<mtu val>. This mapping allows specifying a physical
# network MTU value that differs from the default global_physnet_mtu value.
# (list value)
#physical_network_mtus =
-physical_network_mtus =physnet1:{{ server.backend.get('external_mtu', '1500') }}{%- if "vlan" in server.backend.tenant_network_types %},physnet2:{{ server.backend.get('external_mtu', '1500') }}{%- endif %}
+{%- set physical_network_mtus = [] %}
+{%- if server.get('external_access', True) %}
+{%- do physical_network_mtus.append(['physnet1',server.backend.get('external_mtu', '1500')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do physical_network_mtus.append(['physnet2',server.backend.get('tenant_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do physical_network_mtus.append(['physnet3',server.backend.get('ironic_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do physical_network_mtus.append([physnet, params.get('mtu')]|join(":")) if params.get('mtu', False) %}
+{%- endfor %}
+physical_network_mtus = {{ ','.join(physical_network_mtus) }}
# Default network type for external networks when no provider attributes are
# specified. By default it is None, which means that if provider attributes are
@@ -188,6 +216,7 @@
# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
# Geneve VNI IDs that are available for tenant network allocation (list value)
#vni_ranges =
+vni_ranges = {{ server.get('geneve', {}).vni_ranges|default('1:65536') }}
# Geneve encapsulation header size is dynamic, this value is used to calculate
# the maximum MTU for the driver. This is the sum of the sizes of the outer ETH
@@ -195,6 +224,7 @@
# which is the size of the Geneve header without any additional option headers.
# (integer value)
#max_header_size = 30
+max_header_size = 38
[ml2_type_gre]
@@ -220,8 +250,21 @@
# networks, as well as ranges of VLAN tags on each available for allocation to
# tenant networks. (list value)
#network_vlan_ranges =
-network_vlan_ranges = physnet1{%- if server.backend.external_vlan_range is defined %}:{{ server.backend.external_vlan_range }}{%- endif %}{%- if "vlan" in server.backend.tenant_network_types %},physnet2:{{ server.backend.tenant_vlan_range }}{%- endif %}
+{%- set network_vlan_ranges = [] %}
+{%- if server.backend.external_vlan_range is defined %}
+{%- do network_vlan_ranges.append(['physnet1',server.backend.get('external_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do network_vlan_ranges.append(['physnet2',server.backend.get('tenant_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do network_vlan_ranges.append(['physnet3',server.backend.get('ironic_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False) else physnet) %}
+{%- endfor %}
+network_vlan_ranges = {{ ','.join(network_vlan_ranges) }}
[ml2_type_vxlan]
@@ -232,13 +275,13 @@
# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
# VXLAN VNI IDs that are available for tenant network allocation (list value)
#vni_ranges =
-vni_ranges =2:65535
+vni_ranges = {{ server.get('vxlan', {}).vni_ranges|default('2:65535') }}
# Multicast group for VXLAN. When configured, will enable sending all broadcast
# traffic to this multicast group. When left unconfigured, will disable
# multicast VXLAN mode. (string value)
#vxlan_group = <None>
-vxlan_group = 224.0.0.1
+vxlan_group = {{ server.get('vxlan', {}).group|default('224.0.0.1') }}
[securitygroup]
@@ -249,18 +292,30 @@
# Driver for security groups firewall in the L2 agent (string value)
#firewall_driver = <None>
-{%- if server.dpdk %}
-firewall_driver = openvswitch
-{%- else %}
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
-{%- endif %}
# Controls whether the neutron security group API is enabled in the server. It
# should be false when using no security groups or using the nova security
# group API. (boolean value)
#enable_security_group = true
+
+{%- if not server.get('security_groups_enabled', True) %}
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+enable_security_group = False
+{%- elif server.dpdk or server.get('vlan_aware_vms', False) %}
+firewall_driver = openvswitch
enable_security_group = True
+{%- else %}
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
+{%- endif %}
# Use ipset to speed-up the iptables based security groups. Enabling ipset
# support requires that ipset is installed on L2 agent node. (boolean value)
#enable_ipset = true
+
+{%- if server.backend.engine == "ovn" %}
+[ovn]
+ovn_nb_connection = tcp:{{ server.controller_vip }}:6641
+ovn_sb_connection = tcp:{{ server.controller_vip }}:6642
+ovn_l3_scheduler = leastloaded
+{%- endif %}
diff --git a/neutron/files/ocata/neutron-generic.conf.Debian b/neutron/files/ocata/neutron-generic.conf.Debian
index 6275974..a5d66df 100644
--- a/neutron/files/ocata/neutron-generic.conf.Debian
+++ b/neutron/files/ocata/neutron-generic.conf.Debian
@@ -108,6 +108,9 @@
# this machine. All the agents and services running on this machine must use
# the same host value. (string value)
#host = example.domain
+{% if neutron.host is defined %}
+host = {{ neutron.host }}
+{% endif %}
# Send notification to nova when port status changes (boolean value)
#notify_nova_on_port_status_changes = true
@@ -142,6 +145,7 @@
# value. Defaults to 1500, the standard value for Ethernet. (integer value)
# Deprecated group/name - [ml2]/segment_mtu
#global_physnet_mtu = 1500
+global_physnet_mtu = {{ neutron.get('global_physnet_mtu', '1500') }}
# Number of backlog requests to configure the socket with (integer value)
#backlog = 4096
@@ -584,19 +588,21 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
-rpc_response_timeout=60
+rpc_response_timeout=120
# A URL representing the messaging driver to use and its full configuration.
# (string value)
#transport_url = <None>
+
+{%- set rabbit_port = neutron.message_queue.get('port', 5671 if neutron.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if neutron.message_queue.members is defined %}
transport_url = rabbit://{% for member in neutron.message_queue.members -%}
- {{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ neutron.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ neutron.message_queue.port }}/{{ neutron.message_queue.virtual_host }}
+transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ rabbit_port }}/{{ neutron.message_queue.virtual_host }}
{%- endif %}
# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
@@ -605,7 +611,6 @@
# Its value may be silently ignored in the future.
# Reason: Replaced by [DEFAULT]/transport_url
#rpc_backend = rabbit
-rpc_backend = rabbit
# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
@@ -666,7 +671,7 @@
# needs to execute commands in Dom0 in the hypervisor of XenServer, this item
# should be set to 'xenapi_root_helper', so that it will keep a XenAPI session
# to pass commands to Dom0. (string value)
-#root_helper_daemon = <None>
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
# Seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time. (floating
@@ -1524,6 +1529,18 @@
# From oslo.messaging
#
+{%- if neutron.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if neutron.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ neutron.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.get('cacert_file', neutron.cacert_file) }}
+{%- endif %}
+
# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
@@ -1646,7 +1663,6 @@
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#rabbit_max_retries = 0
-rabbit_max_retries = 0
# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
diff --git a/neutron/files/ocata/neutron-server b/neutron/files/ocata/neutron-server
index 54f6ceb..b2e8978 100644
--- a/neutron/files/ocata/neutron-server
+++ b/neutron/files/ocata/neutron-server
@@ -7,10 +7,14 @@
# neutron.conf
#NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
-{%- if server.backend.engine == "ml2" %}
+{%- if server.backend.engine in ["ml2", "ovn"] %}
NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"
{%- endif %}
{%- if server.backend.engine == "contrail" %}
NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
-{%- endif %}
\ No newline at end of file
+{%- endif %}
+
+{%- if server.logging.log_appender %}
+DAEMON_ARGS="${DAEMON_ARGS} --log-config-append=/etc/neutron/logging/logging-neutron-server.conf"
+{%- endif %}
diff --git a/neutron/files/ocata/neutron-server.conf.Debian b/neutron/files/ocata/neutron-server.conf.Debian
index 0047550..0875697 100644
--- a/neutron/files/ocata/neutron-server.conf.Debian
+++ b/neutron/files/ocata/neutron-server.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "neutron/map.jinja" import server with context %}
+{%- from "neutron/map.jinja" import fwaas, server with context %}
[DEFAULT]
#
@@ -39,13 +39,22 @@
core_plugin = neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
service_plugins = neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
-{% elif server.backend.engine == "ml2" %}
+
+{% elif server.backend.engine in ["ml2", "ovn"] %}
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin,trunk{%- if server.lbaas is defined -%}
-,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
-{%- endif -%}
+{% if server.backend.engine == "ml2" %}
+{% set l3_plugin = 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' %}
+{% elif server.backend.engine == "ovn" %}
+{% set l3_plugin = 'networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' %}
+{% endif %}
+
+service_plugins ={{ l3_plugin }}, neutron.services.metering.metering_plugin.MeteringPlugin
+{%- if server.lbaas is defined -%},lbaasv2{%- endif -%}
+{%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%}
+{%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%}
+{%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%}
{% endif %}
@@ -109,6 +118,9 @@
# Driver for external DNS integration. (string value)
#external_dns_driver = <None>
+{%- if server.backend.get('extension', {}).get('dns', {}).get('enabled', False) %}
+external_dns_driver={{ server.backend.get('extension', {}).get('dns', {}).get('engine', '') }}
+{%- endif %}
# Allow sending resource operation notification to DHCP agent (boolean value)
#dhcp_agent_notification = true
@@ -175,13 +187,27 @@
# default is equal to the number of CPUs available for best performance.
# (integer value)
#api_workers = <None>
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of RPC worker processes for service. (integer value)
#rpc_workers = 1
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- else %}
+rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
+
# Number of RPC worker processes dedicated to state reports queue. (integer
# value)
#rpc_state_report_workers = 1
+{%- if server.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ server.rpc_state_report_workers }}
+{%- else %}
+rpc_state_report_workers = 4
+{%- endif %}
# Range of seconds to randomly delay when starting the periodic task scheduler
# to reduce stampeding. (Disable by setting to 0) (integer value)
@@ -288,6 +314,7 @@
# Automatically reschedule routers from offline L3 agents to online L3 agents.
# (boolean value)
#allow_automatic_l3agent_failover = false
+allow_automatic_l3agent_failover = true
# Enable HA mode for virtual routers. (boolean value)
#l3_ha = false
@@ -296,6 +323,7 @@
# Maximum number of L3 agents which a HA router will be scheduled on. If it is
# set to 0 then the router will be scheduled on every agent. (integer value)
#max_l3_agents_per_router = 3
+max_l3_agents_per_router = 0
# Subnet used for the l3 HA admin network. (string value)
#l3_ha_net_cidr = 169.254.192.0/18
@@ -603,19 +631,21 @@
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
-rpc_response_timeout=60
+rpc_response_timeout=120
# A URL representing the messaging driver to use and its full configuration.
# (string value)
#transport_url = <None>
+
+{%- set rabbit_port = server.message_queue.get('port', 5671 if server.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if server.message_queue.members is defined %}
transport_url = rabbit://{% for member in server.message_queue.members -%}
- {{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+ {{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ server.message_queue.virtual_host }}
{%- else %}
-transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}/{{ server.message_queue.virtual_host }}
+transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ rabbit_port }}/{{ server.message_queue.virtual_host }}
{%- endif %}
# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
@@ -624,7 +654,6 @@
# Its value may be silently ignored in the future.
# Reason: Replaced by [DEFAULT]/transport_url
#rpc_backend = rabbit
-rpc_backend = rabbit
# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
@@ -686,7 +715,7 @@
# needs to execute commands in Dom0 in the hypervisor of XenServer, this item
# should be set to 'xenapi_root_helper', so that it will keep a XenAPI session
# to pass commands to Dom0. (string value)
-#root_helper_daemon = <None>
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
# Seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time. (floating
@@ -831,8 +860,9 @@
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
-{% if server.backend.engine == "ml2" %}
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8
+
+{% if server.backend.engine in ["ml2", "ovn"] %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
{% else %}
connection = sqlite:////var/lib/neutron/neutron.sqlite
{% endif %}
@@ -863,7 +893,7 @@
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size = 5
-max_pool_size = 20
+max_pool_size = {{ [grains.num_cpus * 5, 30] | sort | first }}
# Maximum number of database connection retries during startup. Set to -1 to
# specify an infinite retry count. (integer value)
@@ -937,8 +967,11 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri=http://{{ server.identity.host }}:5000
-auth_url=http://{{ server.identity.host }}:35357
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
{%- if server.cache is defined %}
memcached_servers={%- for member in server.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
{%- endif %}
@@ -1227,7 +1260,10 @@
password = {{ server.compute.password }}
username = {{ server.compute.user }}
auth_type = password
-auth_url = http://{{ server.identity.host }}:35357
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
# Authentication type to load (string value)
# Deprecated group/name - [nova]/auth_plugin
@@ -1599,6 +1635,18 @@
# From oslo.messaging
#
+{%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if server.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ server.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+
# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
@@ -1721,7 +1769,6 @@
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#rabbit_max_retries = 0
-rabbit_max_retries = 0
# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
@@ -2160,10 +2207,24 @@
{%- for lbaas_name, lbaas in server.lbaas.providers.iteritems() %}
-{%- if lbaas.engine == "avinetworks" -%}
service_provider=LOADBALANCERV2:{{ lbaas_name }}:{{ lbaas.get('driver_path', 'avi_lbaasv2.avi_driver.AviDriver') }}:default
[{{ lbaas_name }}]
+
+{% if lbaas.engine == "octavia" %}
+
+base_url = {{ lbaas.base_url }}
+request_poll_timeout = 3000
+
+[service_auth]
+auth_version = 2
+admin_password = {{ server.identity.password }}
+admin_user = {{ server.identity.user }}
+admin_tenant_name = {{ server.identity.tenant }}
+auth_url = http://{{ server.identity.host }}:35357/v2.0
+{%- endif -%}
+
+{% if lbaas.engine == "avinetworks" %}
address={{ lbaas.controller_address }}
user={{ lbaas.controller_user }}
password={{ lbaas.controller_password }}
@@ -2181,3 +2242,20 @@
{% include "neutron/files/"+server.version+"/ContrailPlugin.ini" %}
{% endif %}
+
+{%- if server.backend.get('extension', {}).get('dns', {}).get('enabled', False) and server.backend.get('extension', {}).get('dns', {}).get('engine', '') == 'designate' %}
+[designate]
+{%- if server.backend.get('extension', {}).get('dns', {}).get('url', False) %}
+url = {{ server.backend.extension.dns.url }}
+{%- else %}
+#url = <None>
+{%- endif %}
+auth_region={{ server.identity.region }}
+auth_type = password
+user_domain_id = {{ server.identity.get('domain', 'default') }}
+project_domain_id = {{ server.identity.get('domain', 'default') }}
+project_name = {{ server.identity.tenant }}
+username = {{ server.identity.user }}
+password = {{ server.identity.password }}
+auth_url=http://{{ server.identity.host }}:35357
+{%- endif %}
diff --git a/neutron/files/ocata/openvswitch_agent.ini b/neutron/files/ocata/openvswitch_agent.ini
index 0536d2a..fa94c21 100644
--- a/neutron/files/ocata/openvswitch_agent.ini
+++ b/neutron/files/ocata/openvswitch_agent.ini
@@ -195,8 +195,14 @@
#agent_type = Open vSwitch agent
# Extensions list to use (list value)
-#extensions =
-
+{# Get neutron:backend:extension mapping and prepare tmp_ext_list list with extentions where enabled = True #}
+{%- set tmp_ext_list = [] %}
+{%- for ext_name, ext_params in neutron.backend.get('extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) %}
+{%- endfor %}
+{# Below section is for backward compatible when extentions were separated properties without neutron:backend:extension pillar #}
+{%- do tmp_ext_list.append('qos') if neutron.get('qos', 'True') and 'qos' not in tmp_ext_list %}
+extensions={{ tmp_ext_list|join(',') }}
[ovs]
@@ -240,11 +246,20 @@
# have mappings to appropriate bridges on each agent. Note: If you remove a
# bridge from this mapping, make sure to disconnect it from the integration
# bridge as it won't be managed by the agent anymore. (list value)
+{% set bridge_mappings=[] %}
+{%- if neutron.bridge_mappings is defined %}
+{%- for physnet,bridge in neutron.bridge_mappings.iteritems() %}{%- do bridge_mappings.append(physnet+':'+bridge) %}{%- endfor %}
+{%- endif %}
+{%- if 'br-floating' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('external_access', True) %}
+{%- do bridge_mappings.append('physnet1:br-floating') %}{%- endif %}{%- endif %}
+{%- if 'br-prv' not in neutron.get('bridge_mappings', {}).values() %}{%- if "vlan" in neutron.backend.tenant_network_types %}
+{%- do bridge_mappings.append('physnet2:br-prv') %}{%- endif %}{%- endif %}
+{%- if 'br-baremetal' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('ironic_enabled', False) %}
+{%- do bridge_mappings.append('physnet3:br-baremetal') %}{%- endif %}{%- endif %}
+{%- if bridge_mappings %}
+bridge_mappings = {{ ','.join(bridge_mappings) }}
+{%- else %}
#bridge_mappings =
-{%- if "vlan" in neutron.backend.tenant_network_types %}
-bridge_mappings ={%- if neutron.get('external_access', True) %}physnet1:br-floating,{%- endif %}physnet2:br-prv
-{%- elif neutron.get('external_access', True) %}
-bridge_mappings =physnet1:br-floating
{%- endif %}
# Use veths instead of patch ports to interconnect the integration bridge to
@@ -267,6 +282,9 @@
# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch
+{%- if neutron.vhost_socket_dir is defined %}
+vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
+{%- endif %}
# Address to listen on for OpenFlow connections. Used only for 'native' driver.
# (IP address value)
@@ -304,17 +322,22 @@
# Driver for security groups firewall in the L2 agent (string value)
#firewall_driver = <None>
-{%- if neutron.dpdk %}
-firewall_driver = openvswitch
-{%- else %}
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
-{%- endif %}
# Controls whether the neutron security group API is enabled in the server. It
# should be false when using no security groups or using the nova security
# group API. (boolean value)
#enable_security_group = true
+
+{%- if not neutron.get('security_groups_enabled', True) %}
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+enable_security_group = False
+{%- elif neutron.dpdk or neutron.get('vlan_aware_vms', False) %}
+firewall_driver = openvswitch
enable_security_group = True
+{%- else %}
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
+{%- endif %}
# Use ipset to speed-up the iptables based security groups. Enabling ipset
# support requires that ipset is installed on L2 agent node. (boolean value)
diff --git a/neutron/files/ocata/ovn_central_options b/neutron/files/ocata/ovn_central_options
new file mode 100644
index 0000000..e59db5f
--- /dev/null
+++ b/neutron/files/ocata/ovn_central_options
@@ -0,0 +1,10 @@
+{%- from "neutron/map.jinja" import server with context %}
+# This is a POSIX shell fragment -*- sh -*-
+
+# OVN_CTL_OPTS: Extra options to pass to ovn-ctl. This is, for example,
+# a suitable place to specify --ovn-northd-wrapper=valgrind.
+{%- set ovn_ctl_opts = [] %}
+{%- for opt, value in server.get('ovn_ctl_opts', {}).iteritems() %}
+{%- do ovn_ctl_opts.append("--%s=%s"|format(opt, value)) %}
+{%- endfor %}
+OVN_CTL_OPTS='{{ ovn_ctl_opts|join(' ') }}'
diff --git a/neutron/files/ocata/sriov_agent.ini b/neutron/files/ocata/sriov_agent.ini
index 5f78a0e..3947dec 100644
--- a/neutron/files/ocata/sriov_agent.ini
+++ b/neutron/files/ocata/sriov_agent.ini
@@ -122,7 +122,14 @@
#
# Extensions list to use (list value)
-#extensions =
+{# Get neutron:backend:extension mapping and prepare tmp_ext_list list with extentions where enabled = True #}
+{%- set tmp_ext_list = [] %}
+{%- for ext_name, ext_params in neutron.backend.get('extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) %}
+{%- endfor %}
+{# Below section is for backward compatible when extentions were separated properties without neutron:backend:extension pillar #}
+{%- do tmp_ext_list.append('qos') if neutron.get('qos', 'True') and 'qos' not in tmp_ext_list %}
+extensions={{ tmp_ext_list|join(',') }}
[sriov_nic]
@@ -146,3 +153,8 @@
# network_device in the mapping should appear in the physical_device_mappings
# list. (list value)
#exclude_devices =
+
+{%- if pillar.neutron.compute is defined %}
+[securitygroup]
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+{%- endif %}
diff --git a/neutron/files/pike/ContrailPlugin.ini b/neutron/files/pike/ContrailPlugin.ini
new file mode 100644
index 0000000..2817f52
--- /dev/null
+++ b/neutron/files/pike/ContrailPlugin.ini
@@ -0,0 +1,13 @@
+{% from "neutron/map.jinja" import server with context %}
+[APISERVER]
+api_server_ip = {{ server.backend.host }}
+api_server_port = 8082
+multi_tenancy = True
+contrail_extensions = ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None
+
+[KEYSTONE]
+auth_url = http://{{ server.identity.host }}:35357/v2.0
+admin_token = {{ server.backend.token }}
+admin_user={{ server.backend.user }}
+admin_password={{ server.backend.password }}
+admin_tenant_name={{ server.backend.tenant }}
\ No newline at end of file
diff --git a/neutron/files/pike/api-paste.ini.Debian b/neutron/files/pike/api-paste.ini.Debian
new file mode 100644
index 0000000..dee1cfa
--- /dev/null
+++ b/neutron/files/pike/api-paste.ini.Debian
@@ -0,0 +1,57 @@
+{%- from "neutron/map.jinja" import server with context %}
+[composite:neutron]
+use = egg:Paste#urlmap
+/: neutronversions_composite
+/v2.0: neutronapi_v2_0
+
+[composite:neutronapi_v2_0]
+use = call:neutron.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
+keystone = cors http_proxy_to_wsgi {%- if server.backend.engine == "contrail" and server.backend.get('rbac', False) %} user_token {%- endif %} request_id catch_errors authtoken keystonecontext extensions {% if server.audit.enabled %}audit {% endif %}neutronapiapp_v2_0
+
+[composite:neutronversions_composite]
+use = call:neutron.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi neutronversions
+keystone = cors http_proxy_to_wsgi {% if server.audit.enabled %}audit {% endif %}neutronversions
+
+{%- if server.backend.engine == "contrail" and server.backend.get('rbac', False) %}
+[filter:user_token]
+paste.filter_factory = neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory
+{%- endif %}
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:catch_errors]
+paste.filter_factory = oslo_middleware:CatchErrors.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = neutron
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+
+[filter:keystonecontext]
+paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:extensions]
+paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory
+
+[app:neutronversions]
+paste.app_factory = neutron.api.versions:Versions.factory
+
+[app:neutronapiapp_v2_0]
+paste.app_factory = neutron.api.v2.router:APIRouter.factory
+
+{%- if server.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ server.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ server.get("audit", {}).get("map_file", "/etc/pycadf/neutron_api_audit_map.conf") }}
+{%- endif %}
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
diff --git a/neutron/files/pike/api-paste.ini.RedHat b/neutron/files/pike/api-paste.ini.RedHat
new file mode 100644
index 0000000..dee1cfa
--- /dev/null
+++ b/neutron/files/pike/api-paste.ini.RedHat
@@ -0,0 +1,57 @@
+{%- from "neutron/map.jinja" import server with context %}
+[composite:neutron]
+use = egg:Paste#urlmap
+/: neutronversions_composite
+/v2.0: neutronapi_v2_0
+
+[composite:neutronapi_v2_0]
+use = call:neutron.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
+keystone = cors http_proxy_to_wsgi {%- if server.backend.engine == "contrail" and server.backend.get('rbac', False) %} user_token {%- endif %} request_id catch_errors authtoken keystonecontext extensions {% if server.audit.enabled %}audit {% endif %}neutronapiapp_v2_0
+
+[composite:neutronversions_composite]
+use = call:neutron.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi neutronversions
+keystone = cors http_proxy_to_wsgi {% if server.audit.enabled %}audit {% endif %}neutronversions
+
+{%- if server.backend.engine == "contrail" and server.backend.get('rbac', False) %}
+[filter:user_token]
+paste.filter_factory = neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory
+{%- endif %}
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:catch_errors]
+paste.filter_factory = oslo_middleware:CatchErrors.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = neutron
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+
+[filter:keystonecontext]
+paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:extensions]
+paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory
+
+[app:neutronversions]
+paste.app_factory = neutron.api.versions:Versions.factory
+
+[app:neutronapiapp_v2_0]
+paste.app_factory = neutron.api.v2.router:APIRouter.factory
+
+{%- if server.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ server.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ server.get("audit", {}).get("map_file", "/etc/pycadf/neutron_api_audit_map.conf") }}
+{%- endif %}
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
diff --git a/neutron/files/pike/bagpipe-bgp.conf b/neutron/files/pike/bagpipe-bgp.conf
new file mode 100644
index 0000000..d4f8b5c
--- /dev/null
+++ b/neutron/files/pike/bagpipe-bgp.conf
@@ -0,0 +1,109 @@
+{%- from "neutron/map.jinja" import compute with context -%}
+[BGP]
+local_address = {{ compute.bgp_vpn.bagpipe.local_address }}
+peers = {{ compute.bgp_vpn.bagpipe.peers }}
+my_as = {{ compute.bgp_vpn.bagpipe.get('autonomous_system', 64512) }}
+enable_rtc = {{ compute.bgp_vpn.bagpipe.get('enable_rtc', True) }}
+
+[COMMON]
+# Root helper and root helper application
+# root_helper_daemon is designed to use oslo-rootwrap-daemon for commands
+# that need to be run as root.
+# If root_helper_daemon is unset, bagpipe-bgp will use 'root_help' to call
+# these commands, which defaults to 'sudo', and can be configured to use
+# oslo.rootwrap.
+#root_helper = sudo
+#root_helper = sudo /usr/local/bin/oslo-rootwrap /etc/bagpipe-bgp/rootwrap.conf
+root_helper_daemon = sudo /usr/bin/oslo-rootwrap-daemon /etc/bagpipe-bgp/rootwrap.conf
+
+# local IP address (that others will use to send us encapsulated packets, and that
+# we will use to send)
+# Note: does not need to be specified if different than the BGP local_address
+# Note: can be overwritten under each dataplane config
+# dataplane_local_address=eth1
+# dataplane_local_address=1.2.3.4
+
+[API]
+# BGP component API IP address and port
+host=localhost
+port=8082
+
+
+[DATAPLANE_DRIVER_IPVPN]
+
+# IP VPN dataplane driver class
+# Example values:
+#dataplane_driver = ovs
+#dataplane_driver = linux
+dataplane_driver = ovs
+
+# OVS bridge to use (defaults to br-int)
+ovs_bridge = br-mpls
+
+# MPLS outgoing interface (for linux and ovs drivers)
+#
+# (not specifying an mpls_interface or using the '*gre*' special value
+# means that the driver will instantiate a tunnel interface and use an
+# MPLS/GRE encapsulation)
+# mpls_interface=*gre*
+mpls_interface=*gre*
+
+# GRE tunnel to use (default to mpls_gre)
+#gre_tunnel=mpls_gre
+
+# Uncomment the following to allow the use of standard MPLS-o-GRE in OVS
+# (rather than MPLS-o-Eth-o-GRE).
+#
+# gre_tunnel_options="options:layer3=true"
+
+# Support VXLAN encapsulation of IP VPN traffic with the
+# ovs driver.
+#
+# Note well: this is non-standard and aimed at making it easier
+# to test IP VPN until OVS 2.4 is shipping
+#
+# WARNING: this option does *not* co-exist with the EVPN
+# linux (can't have both OVS and the linux
+# kernel native VXLAN stack process VXLAN)
+#
+#vxlan_encap=True
+
+# local IP address (that others will use to send us encapsulated packets, and that
+# we will use to send)
+# Note: does not need to be specified if different than the BGP local_address
+# dataplane_local_address=eth1
+# dataplane_local_address=1.2.3.4
+
+# (obsolete:)
+ovsbr_interfaces_mtu=4000
+
+# for ovs driver, control whether or not the VRF will
+# reply to all ARP requests on the subnet and impersonate the gateway
+# (defaults to True)
+proxy_arp=False
+
+[DATAPLANE_DRIVER_EVPN]
+
+# EVPN dataplane driver class
+# Example values:
+#dataplane_driver = linux
+dataplane_driver = dummy
+
+# (obsolete)
+ovsbr_interfaces_mtu=4000
+
+# The linux driver allows to force the VXLAN destination port IF iproute2 is
+# at version 3.14 or above (i.e. >= "ss140411" with "ip -V").
+#
+# to use standard IANA port for VXLAN:
+#vxlan_dst_port=4789
+#
+# to interoperate with switches or boxes not having the ability to
+# use another port than the linux kernel default 8472:
+#vxlan_dst_port=8472
+
+# local IP address (that others will use to send us encapsulated packets, and that
+# we will use to send)
+# Note: does not need to be specified if different than the BGP local_address
+# dataplane_local_address=eth1
+# dataplane_local_address=1.2.3.4
\ No newline at end of file
diff --git a/neutron/files/pike/dhcp_agent.ini b/neutron/files/pike/dhcp_agent.ini
new file mode 100644
index 0000000..0b2c60f
--- /dev/null
+++ b/neutron/files/pike/dhcp_agent.ini
@@ -0,0 +1,208 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+[DEFAULT]
+
+#
+# From neutron.base.agent
+#
+
+# Name of Open vSwitch bridge to use (string value)
+#ovs_integration_bridge = br-int
+
+# Uses veth for an OVS interface or not. Support kernels with limited namespace support (e.g. RHEL 6.5) so long as ovs_use_veth is set to
+# True. (boolean value)
+#ovs_use_veth = false
+
+# MTU setting for device. This option will be removed in Newton. Please use the system-wide global_physnet_mtu setting which the agents will
+# take into account when wiring VIFs. (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#network_device_mtu = <None>
+
+# The driver used to manage the virtual interface. (string value)
+#interface_driver = <None>
+interface_driver = openvswitch
+
+# Timeout in seconds for ovs-vsctl commands. If the timeout expires, ovs commands will fail with ALARMCLOCK error. (integer value)
+#ovs_vsctl_timeout = 10
+
+#
+# From neutron.dhcp.agent
+#
+
+# The DHCP agent will resync its state with Neutron to recover from any transient notification or RPC errors. The interval is number of
+# seconds between attempts. (integer value)
+#resync_interval = 5
+resync_interval = 30
+
+# The driver used to manage the DHCP server. (string value)
+#dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+
+# The DHCP server can assist with providing metadata support on isolated networks. Setting this value to True will cause the DHCP server to
+# append specific host routes to the DHCP request. The metadata service will only be activated when the subnet does not contain any router
+# port. The guest instance must be configured to request host routes via DHCP (Option 121). This option doesn't have any effect when
+# force_metadata is set to True. (boolean value)
+#enable_isolated_metadata = false
+enable_isolated_metadata = True
+
+# In some cases the Neutron router is not present to provide the metadata IP but the DHCP server can be used to provide this info. Setting
+# this value will force the DHCP server to append specific host routes to the DHCP request. If this option is set, then the metadata service
+# will be activated for all the networks. (boolean value)
+#force_metadata = false
+{%- if neutron.backend.router is defined or neutron.force_metadata|default(False) %}
+force_metadata = True
+{%- endif %}
+
+# Allows for serving metadata requests coming from a dedicated metadata access network whose CIDR is 169.254.169.254/16 (or larger prefix),
+# and is connected to a Neutron router from which the VMs send metadata:1 request. In this case DHCP Option 121 will not be injected in VMs,
+# as they will be able to reach 169.254.169.254 through a router. This option requires enable_isolated_metadata = True. (boolean value)
+#enable_metadata_network = false
+enable_metadata_network = False
+
+# Number of threads to use during sync process. Should not exceed connection pool size configured on server. (integer value)
+#num_sync_threads = 4
+
+# Location to store DHCP server config files. (string value)
+#dhcp_confs = $state_path/dhcp
+
+# Domain to use for building the hostnames. This option is deprecated. It has been moved to neutron.conf as dns_domain. It will be removed
+# in a future release. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#dhcp_domain = openstacklocal
+
+# Override the default dnsmasq settings with this file. (string value)
+#dnsmasq_config_file =
+
+# Comma-separated list of the DNS servers which will be used as forwarders. (list value)
+# Deprecated group/name - [DEFAULT]/dnsmasq_dns_server
+#dnsmasq_dns_servers = <None>
+
+# Base log dir for dnsmasq logging. The log contains DHCP and DNS log information and is useful for debugging issues with either DHCP or
+# DNS. If this section is null, disable dnsmasq log. (string value)
+#dnsmasq_base_log_dir = <None>
+
+# Enables the dnsmasq service to provide name resolution for instances via DNS resolvers on the host running the DHCP agent. Effectively
+# removes the '--no-resolv' option from the dnsmasq process arguments. Adding custom DNS resolvers to the 'dnsmasq_dns_servers' option
+# disables this feature. (boolean value)
+#dnsmasq_local_resolv = false
+
+# Limit number of leases to prevent a denial-of-service. (integer value)
+#dnsmasq_lease_max = 16777216
+
+# Use broadcast in DHCP replies. (boolean value)
+#dhcp_broadcast_reply = false
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default INFO level. (boolean value)
+#debug = false
+debug = False
+
+# If set to false, the logging level will be set to WARNING instead of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+
+# The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging
+# configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging configuration options are ignored (for example,
+# logging_context_format_string). (string value)
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.
+# (string value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified
+# path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if
+# log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is set. (boolean value)
+#use_stderr = true
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
+state_path=/var/lib/neutron
+
+
+[AGENT]
+
+#
+# From neutron.base.agent
+#
+
+# Seconds between nodes reporting state to server; should be less than agent_down_time, best if it is half or less than agent_down_time.
+# (floating point value)
+#report_interval = 30
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+[ovs]
+
+#
+# From neutron.base.agent
+#
+
+# The interface for interacting with the OVSDB (string value)
+# Allowed values: vsctl, native
+#ovsdb_interface = native
+
+# The connection string for the OVSDB backend. Will be used by ovsdb-client
+# when monitoring and used for the all ovsdb commands when native
+# ovsdb_interface is enabled (string value)
+#ovsdb_connection = tcp:127.0.0.1:6640
+
diff --git a/neutron/files/pike/fwaas_driver.ini b/neutron/files/pike/fwaas_driver.ini
new file mode 100644
index 0000000..40442a4
--- /dev/null
+++ b/neutron/files/pike/fwaas_driver.ini
@@ -0,0 +1,25 @@
+{%- from "neutron/map.jinja" import fwaas with context %}
+
+[DEFAULT]
+
+[fwaas]
+
+#
+# From firewall.agent
+#
+
+# Name of the FWaaS Driver (string value)
+#driver =
+driver = {{ fwaas.get('driver', fwaas[fwaas.api_version].get('driver')) }}
+
+# Enable FWaaS (boolean value)
+#enabled = false
+enabled = {{ fwaas.get('enabled', 'False') }}
+
+# Firewall agent class (string value)
+#agent_version = v1
+agent_version = {{ fwaas.api_version }}
+
+# Name of the FWaaS Conntrack Driver (string value)
+#conntrack_driver = conntrack
+conntrack_driver = {{ fwaas.get('conntrack_driver', 'conntrack') }}
diff --git a/neutron/files/pike/l2gw/l2gateway_agent.ini b/neutron/files/pike/l2gw/l2gateway_agent.ini
new file mode 100644
index 0000000..59a62fb
--- /dev/null
+++ b/neutron/files/pike/l2gw/l2gateway_agent.ini
@@ -0,0 +1,68 @@
+{%- from "neutron/map.jinja" import gateway with context -%}
+[DEFAULT]
+# Show debugging output in log (sets DEBUG log level output)
+debug = {{ gateway.l2gw.debug|default('False') }}
+
+[ovsdb]
+# (StrOpt) OVSDB server tuples in the format
+# <ovsdb_name>:<ip address>:<port>[,<ovsdb_name>:<ip address>:<port>]
+# - ovsdb_name: a symbolic name that helps identifies keys and certificate files
+# - ip address: the address or dns name for the ovsdb server
+# - port: the port (ssl is supported)
+{%- set ovsdb_hosts = [] %}
+{%- for opt, value in gateway.l2gw.get('ovsdb_hosts', {}).iteritems() %}
+{%- do ovsdb_hosts.append('%s:%s'|format(opt, value)) %}
+{%- endfor %}
+ovsdb_hosts = {{ ovsdb_hosts|join(',') }}
+# Example: ovsdb_hosts = 'ovsdb1:16.95.16.1:6632,ovsdb2:16.95.16.2:6632'
+
+# enable_manager = False
+# (BoolOpt) connection can be initiated by the ovsdb server.
+# By default 'enable_manager' value is False, turn on the variable to True
+# to initiate the connection from ovsdb server to l2gw agent.
+
+# manager_table_listening_port = 6632
+# (PortOpt) set port number for l2gateway agent, so that it can listen
+# for ovsdb server,whenever its IP is entered in manager table of ovsdb server.
+# by default it is set to port 6632.
+# you can use vtep-ctl utility to populate manager table of ovsdb.
+# For Example: sudo vtep-ctl set-manager tcp:x.x.x.x:6640,
+# where x.x.x.x is IP of l2gateway agent and 6640 is a port.
+
+# (StrOpt) Base path to private key file(s).
+# Agent will find key file named
+# $l2_gw_agent_priv_key_base_path/$ovsdb_name.key
+# l2_gw_agent_priv_key_base_path =
+# Example: l2_gw_agent_priv_key_base_path = '/home/someuser/keys'
+
+# (StrOpt) Base path to cert file(s).
+# Agent will find cert file named
+# $l2_gw_agent_cert_base_path/$ovsdb_name.cert
+# l2_gw_agent_cert_base_path =
+# Example: l2_gw_agent_cert_base_path = '/home/someuser/certs'
+
+# (StrOpt) Base path to ca cert file(s).
+# Agent will find ca cert file named
+# $l2_gw_agent_ca_cert_base_path/$ovsdb_name.ca_cert
+# l2_gw_agent_ca_cert_base_path =
+# Example: l2_gw_agent_ca_cert_base_path = '/home/someuser/ca_certs'
+
+# (IntOpt) The L2 gateway agent checks connection state with the OVSDB
+# servers.
+# The interval is number of seconds between attempts.
+# periodic_interval =
+# Example: periodic_interval = 20
+
+# (IntOpt) The L2 gateway agent retries to connect to the OVSDB server
+# if a socket does not get opened in the first attempt.
+# the max_connection_retries is the maximum number of such attempts
+# before giving up.
+# max_connection_retries =
+# Example: max_connection_retries = 10
+
+# (IntOpt) The remote OVSDB server sends echo requests every 4 seconds.
+# If there is no echo request on the socket for socket_timeout seconds,
+# by default socket_timeout is set to 30 seconds. The agent can
+# safely assume that the connection with the remote OVSDB server is lost.
+socket_timeout = {{ gateway.l2gw.socket_timeout|default('30') }}
+# Example: socket_timeout = 30
diff --git a/neutron/files/pike/l2gw/l2gw_plugin.ini b/neutron/files/pike/l2gw/l2gw_plugin.ini
new file mode 100644
index 0000000..8ea1bd7
--- /dev/null
+++ b/neutron/files/pike/l2gw/l2gw_plugin.ini
@@ -0,0 +1,26 @@
+{%- from "neutron/map.jinja" import server with context -%}
+[DEFAULT]
+# (StrOpt) default interface name of the l2 gateway
+# default_interface_name =
+# Example: default_interface_name = "FortyGigE1/0/1"
+
+# (StrOpt) default device name of the l2 gateway
+# default_device_name =
+# Example: default_device_name = "Switch1"
+
+# (IntOpt) quota of the l2 gateway
+quota_l2_gateway = {{ server.l2gw.quota_l2_gateway|default('10') }}
+# Example: quota_l2_gateway = 10
+
+# (IntOpt) The periodic interval at which the plugin
+# checks for the monitoring L2 gateway agent
+periodic_monitoring_interval = {{ server.l2gw.periodic_monitoring_interval|default('5') }}
+# Example: periodic_monitoring_interval = 5
+
+[service_providers]
+# Must be in form:
+# service_provider=<service_type>:<name>:<driver>[:default]
+# List of allowed service types includes L2GW
+# Combination of <service type> and <name> must be unique; <driver> must also be unique
+# This is multiline option
+service_provider = {{ server.l2gw.service_provider|default('L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.rpc_l2gw.L2gwRpcDriver:default') }}
diff --git a/neutron/files/pike/l3_agent.ini b/neutron/files/pike/l3_agent.ini
new file mode 100644
index 0000000..7b386a5
--- /dev/null
+++ b/neutron/files/pike/l3_agent.ini
@@ -0,0 +1,325 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+{%- from "neutron/map.jinja" import fwaas with context %}
+
+[DEFAULT]
+
+#
+# From neutron.base.agent
+#
+
+# Name of Open vSwitch bridge to use (string value)
+#ovs_integration_bridge = br-int
+
+# Uses veth for an OVS interface or not. Support kernels with limited namespace
+# support (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. (boolean
+# value)
+#ovs_use_veth = false
+
+# The driver used to manage the virtual interface. (string value)
+#interface_driver = <None>
+interface_driver = openvswitch
+
+# Timeout in seconds for ovs-vsctl commands. If the timeout expires, ovs
+# commands will fail with ALARMCLOCK error. (integer value)
+#ovs_vsctl_timeout = 10
+
+#
+# From neutron.l3.agent
+#
+
+# The working mode for the agent. Allowed modes are: 'legacy' - this preserves
+# the existing behavior where the L3 agent is deployed on a centralized
+# networking node to provide L3 services like DNAT, and SNAT. Use this mode if
+# you do not want to adopt DVR. 'dvr' - this mode enables DVR functionality and
+# must be used for an L3 agent that runs on a compute host. 'dvr_snat' - this
+# enables centralized SNAT support in conjunction with DVR. This mode must be
+# used for an L3 agent running on a centralized node (or in single-host
+# deployments, e.g. devstack) (string value)
+# Allowed values: dvr, dvr_snat, legacy
+#agent_mode = legacy
+agent_mode = {{ neutron.agent_mode }}
+
+# TCP Port used by Neutron metadata namespace proxy. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#metadata_port = 9697
+metadata_port = 8775
+
+# DEPRECATED: Send this many gratuitous ARPs for HA setup, if less than or
+# equal to 0, the feature is disabled (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#send_arp_for_ha = 3
+
+# Indicates that this L3 agent should also handle routers that do not have an
+# external network gateway configured. This option should be True only for a
+# single agent in a Neutron deployment, and may be False for all agents if all
+# routers must have an external network gateway. (boolean value)
+#handle_internal_only_routers = true
+
+# When external_network_bridge is set, each L3 agent can be associated with no
+# more than one external network. This value should be set to the UUID of that
+# external network. To allow L3 agent support multiple external networks, both
+# the external_network_bridge and gateway_external_network_id must be left
+# empty. (string value)
+#gateway_external_network_id =
+
+# With IPv6, the network used for the external gateway does not need to have an
+# associated subnet, since the automatically assigned link-local address (LLA)
+# can be used. However, an IPv6 gateway address is needed for use as the next-
+# hop for the default route. If no IPv6 gateway address is configured here,
+# (and only then) the neutron router will be configured to get its default
+# route from router advertisements (RAs) from the upstream router; in which
+# case the upstream router must also be configured to send these RAs. The
+# ipv6_gateway, when configured, should be the LLA of the interface on the
+# upstream router. If a next-hop using a global unique address (GUA) is
+# desired, it needs to be done via a subnet allocated to the network and not
+# through this parameter. (string value)
+#ipv6_gateway =
+
+# Driver used for ipv6 prefix delegation. This needs to be an entry point
+# defined in the neutron.agent.linux.pd_drivers namespace. See setup.cfg for
+# entry points included with the neutron source. (string value)
+#prefix_delegation_driver = dibbler
+
+# Allow running metadata proxy. (boolean value)
+#enable_metadata_proxy = true
+
+# Iptables mangle mark used to mark metadata valid requests. This mark will be
+# masked with 0xffff so that only the lower 16 bits will be used. (string
+# value)
+#metadata_access_mark = 0x1
+
+# Iptables mangle mark used to mark ingress from external network. This mark
+# will be masked with 0xffff so that only the lower 16 bits will be used.
+# (string value)
+#external_ingress_mark = 0x2
+
+# DEPRECATED: Name of bridge used for external network traffic. When this
+# parameter is set, the L3 agent will plug an interface directly into an
+# external bridge which will not allow any wiring by the L2 agent. Using this
+# will result in incorrect port statuses. This option is deprecated and will be
+# removed in Ocata. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#external_network_bridge =
+
+# Seconds between running periodic tasks. (integer value)
+#periodic_interval = 40
+
+# Number of separate API worker processes for service. If not specified, the
+# default is equal to the number of CPUs available for best performance.
+# (integer value)
+#api_workers = <None>
+
+# Number of RPC worker processes for service. (integer value)
+#rpc_workers = 1
+
+# Number of RPC worker processes dedicated to state reports queue. (integer
+# value)
+#rpc_state_report_workers = 1
+
+# Range of seconds to randomly delay when starting the periodic task scheduler
+# to reduce stampeding. (Disable by setting to 0) (integer value)
+#periodic_fuzzy_delay = 5
+
+# Location to store keepalived/conntrackd config files (string value)
+#ha_confs_path = $state_path/ha_confs
+
+# VRRP authentication type (string value)
+# Allowed values: AH, PASS
+#ha_vrrp_auth_type = PASS
+
+# VRRP authentication password (string value)
+#ha_vrrp_auth_password = <None>
+
+# The advertisement interval in seconds (integer value)
+#ha_vrrp_advert_int = 2
+
+# Number of concurrent threads for keepalived server connection requests. More
+# threads create a higher CPU load on the agent node. (integer value)
+# Minimum value: 1
+#ha_keepalived_state_change_server_threads = (1 + <num_of_cpus>) / 2
+
+# The VRRP health check interval in seconds. Values > 0 enable VRRP health
+# checks. Setting it to 0 disables VRRP health checks. Recommended value is 5.
+# This will cause pings to be sent to the gateway IP address(es) - requires
+# ICMP_ECHO_REQUEST to be enabled on the gateway. If gateway fails, all routers
+# will be reported as master, and master election will be repeated in round-
+# robin fashion, until one of the router restore the gateway connection.
+# (integer value)
+#ha_vrrp_health_check_interval = 0
+
+# Service to handle DHCPv6 Prefix delegation. (string value)
+#pd_dhcp_driver = dibbler
+
+# Location to store IPv6 RA config files (string value)
+#ra_confs = $state_path/ra
+
+# MinRtrAdvInterval setting for radvd.conf (integer value)
+#min_rtr_adv_interval = 30
+
+# MaxRtrAdvInterval setting for radvd.conf (integer value)
+#max_rtr_adv_interval = 100
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+debug = False
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+
+[agent]
+
+#
+# From neutron.az.agent
+#
+
+# Availability zone of this node (string value)
+#availability_zone = nova
+
+#
+# From neutron.base.agent
+#
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+#
+# From neutron.l3.agent
+#
+
+# Extensions list to use (list value)
+#extensions =
+{%- if fwaas.get('enabled', False) %}
+extensions = {{ fwaas[fwaas.api_version]['l3_extension'] }}
+{%- endif %}
+
+
+[ovs]
+
+#
+# From neutron.base.agent
+#
+
+# The interface for interacting with the OVSDB (string value)
+# Allowed values: vsctl, native
+#ovsdb_interface = native
+
+# The connection string for the OVSDB backend. Will be used by ovsdb-client
+# when monitoring and used for the all ovsdb commands when native
+# ovsdb_interface is enabled (string value)
+#ovsdb_connection = tcp:127.0.0.1:6640
diff --git a/neutron/files/pike/metadata_agent.ini b/neutron/files/pike/metadata_agent.ini
new file mode 100644
index 0000000..082da7b
--- /dev/null
+++ b/neutron/files/pike/metadata_agent.ini
@@ -0,0 +1,278 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+[DEFAULT]
+
+#
+# From neutron.metadata.agent
+#
+
+# Location for Metadata Proxy UNIX domain socket. (string value)
+#metadata_proxy_socket = $state_path/metadata_proxy
+
+# User (uid or name) running metadata proxy after its initialization (if empty:
+# agent effective user). (string value)
+#metadata_proxy_user =
+
+# Group (gid or name) running metadata proxy after its initialization (if
+# empty: agent effective group). (string value)
+#metadata_proxy_group =
+
+# Certificate Authority public key (CA cert) file for ssl (string value)
+#auth_ca_cert = <None>
+
+# IP address used by Nova metadata server. (string value)
+#nova_metadata_ip = 127.0.0.1
+nova_metadata_ip = {{ neutron.metadata.host }}
+
+# TCP Port used by Nova metadata server. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#nova_metadata_port = 8775
+
+# When proxying metadata requests, Neutron signs the Instance-ID header with a
+# shared secret to prevent spoofing. You may select any string for a secret,
+# but it must match here and in the configuration used by the Nova Metadata
+# Server. NOTE: Nova uses the same config key, but in [neutron] section.
+# (string value)
+#metadata_proxy_shared_secret =
+metadata_proxy_shared_secret = {{ neutron.metadata.password }}
+
+# Protocol to access nova metadata, http or https (string value)
+# Allowed values: http, https
+#nova_metadata_protocol = http
+nova_metadata_protocol = http
+
+# Allow to perform insecure SSL (https) requests to nova metadata (boolean
+# value)
+#nova_metadata_insecure = false
+
+# Client certificate for nova metadata api server. (string value)
+#nova_client_cert =
+
+# Private key of client certificate. (string value)
+#nova_client_priv_key =
+
+# Metadata Proxy UNIX domain socket mode, 4 values allowed: 'deduce': deduce
+# mode from metadata_proxy_user/group values, 'user': set metadata proxy socket
+# mode to 0o644, to use when metadata_proxy_user is agent effective user or
+# root, 'group': set metadata proxy socket mode to 0o664, to use when
+# metadata_proxy_group is agent effective group or root, 'all': set metadata
+# proxy socket mode to 0o666, to use otherwise. (string value)
+# Allowed values: deduce, user, group, all
+#metadata_proxy_socket_mode = deduce
+
+# Number of separate worker processes for metadata server (defaults to half of
+# the number of CPUs) (integer value)
+#metadata_workers = 2
+{%- if neutron.metadata.workers is defined %}
+metadata_workers = {{ neutron.metadata.workers }}
+{%- endif %}
+
+# Number of backlog requests to configure the metadata server socket with
+# (integer value)
+#metadata_backlog = 4096
+
+# DEPRECATED: URL to connect to the cache back end. This option is deprecated
+# in the Newton release and will be removed. Please add a [cache] group for
+# oslo.cache in your neutron.conf and add "enable" and "backend" options in
+# this section. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#cache_url =
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+debug = False
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+
+[agent]
+
+#
+# From neutron.metadata.agent
+#
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+
+[cache]
+
+#
+# From oslo.cache
+#
+
+# Prefix for building the configuration dictionary for the cache region. This
+# should not need to be changed unless there is another dogpile.cache region
+# with the same configuration name. (string value)
+#config_prefix = cache.oslo
+
+# Default TTL, in seconds, for any cached item in the dogpile.cache region.
+# This applies to any cached method that doesn't have an explicit cache
+# expiration time defined for it. (integer value)
+#expiration_time = 600
+
+# Dogpile.cache backend module. It is recommended that Memcache or Redis
+# (dogpile.cache.redis) be used in production deployments. For eventlet-based
+# or highly threaded servers, Memcache with pooling (oslo_cache.memcache_pool)
+# is recommended. For low thread servers, dogpile.cache.memcached is
+# recommended. Test environments with a single instance of the server can use
+# the dogpile.cache.memory backend. (string value)
+#backend = dogpile.cache.null
+
+# Arguments supplied to the backend module. Specify this option once per
+# argument to be passed to the dogpile.cache backend. Example format:
+# "<argname>:<value>". (multi valued)
+#backend_argument =
+
+# Proxy classes to import that will affect the way the dogpile.cache backend
+# functions. See the dogpile.cache documentation on changing-backend-behavior.
+# (list value)
+#proxies =
+
+# Global toggle for caching. (boolean value)
+#enabled = false
+
+# Extra debugging from the cache backend (cache keys, get/set/delete/etc
+# calls). This is only really useful if you need to see the specific cache-
+# backend get/set/delete calls with the keys/values. Typically this should be
+# left set to false. (boolean value)
+#debug_cache_backend = false
+
+# Memcache servers in the format of "host:port". (dogpile.cache.memcache and
+# oslo_cache.memcache_pool backends only). (list value)
+#memcache_servers = localhost:11211
+
+# Number of seconds memcached server is considered dead before it is tried
+# again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
+# (integer value)
+#memcache_dead_retry = 300
+
+# Timeout in seconds for every call to a server. (dogpile.cache.memcache and
+# oslo_cache.memcache_pool backends only). (integer value)
+#memcache_socket_timeout = 3
+
+# Max total number of open connections to every memcached server.
+# (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_maxsize = 10
+
+# Number of seconds a connection to memcached is held unused in the pool before
+# it is closed. (oslo_cache.memcache_pool backend only). (integer value)
+#memcache_pool_unused_timeout = 60
+
+# Number of seconds that an operation will wait to get a memcache client
+# connection. (integer value)
+#memcache_pool_connection_get_timeout = 10
diff --git a/neutron/files/pike/ml2_conf.ini b/neutron/files/pike/ml2_conf.ini
new file mode 100644
index 0000000..377ecd7
--- /dev/null
+++ b/neutron/files/pike/ml2_conf.ini
@@ -0,0 +1,345 @@
+{%- from "neutron/map.jinja" import server with context %}
+[DEFAULT]
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+
+[ml2]
+
+#
+# From neutron.ml2
+#
+
+# List of network type driver entrypoints to be loaded from the
+# neutron.ml2.type_drivers namespace. (list value)
+#type_drivers = local,flat,vlan,gre,vxlan,geneve
+
+# Ordered list of network_types to allocate as tenant networks. The default
+# value 'local' is useful for single-box testing but provides no connectivity
+# between hosts. (list value)
+#tenant_network_types = local
+tenant_network_types = {{ server.backend.tenant_network_types }}
+
+# An ordered list of networking mechanism driver entrypoints to be loaded from
+# the neutron.ml2.mechanism_drivers namespace. (list value)
+#mechanism_drivers =
+{%- set mechanism_drivers = [] %}
+{%- for mechanism_name, mechanism in server.get('backend', {}).get('mechanism', []).items() %}
+{%- do mechanism_drivers.append(mechanism.get('driver')) if 'driver' in mechanism %}
+{%- endfor %}
+{%- set opendaylight_enabled = true if 'opendaylight' in mechanism_drivers|join else false %}
+{%- if "vxlan" in server.backend.tenant_network_types and not opendaylight_enabled %}
+{%- do mechanism_drivers.append('l2population') %}
+{%- endif %}
+mechanism_drivers = {{ ','.join(mechanism_drivers) }}
+
+# An ordered list of extension driver entrypoints to be loaded from the
+# neutron.ml2.extension_drivers namespace. For example: extension_drivers =
+# port_security,qos (list value)
+#extension_drivers =
+{# Get server:backend:extension mapping and prepare tmp_ext_list list with extentions where enabled = True #}
+{%- set tmp_ext_list = [] %}
+{%- for ext_name, ext_params in server.backend.get('extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) %}
+{%- endfor %}
+{# Below section is for backward compatible when extentions were separated properties without server:backend:extension pillar #}
+{%- do tmp_ext_list.append('port_security') if 'port_security' not in tmp_ext_list %}
+{%- do tmp_ext_list.append('qos') if server.get('qos', 'True') and 'qos' not in tmp_ext_list %}
+extension_drivers={{ tmp_ext_list|join(',') }}
+
+# Maximum size of an IP packet (MTU) that can traverse the underlying physical
+# network infrastructure without fragmentation when using an overlay/tunnel
+# protocol. This option allows specifying a physical network MTU value that
+# differs from the default global_physnet_mtu value. (integer value)
+#path_mtu = 0
+path_mtu = {{ server.get('path_mtu', server.get('global_physnet_mtu', '0')) }}
+
+# A list of mappings of physical networks to MTU values. The format of the
+# mapping is <physnet>:<mtu val>. This mapping allows specifying a physical
+# network MTU value that differs from the default global_physnet_mtu value.
+# (list value)
+#physical_network_mtus =
+{%- set physical_network_mtus = [] %}
+{%- if server.get('external_access', True) %}
+{%- do physical_network_mtus.append(['physnet1',server.backend.get('external_mtu', '1500')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do physical_network_mtus.append(['physnet2',server.backend.get('tenant_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do physical_network_mtus.append(['physnet3',server.backend.get('ironic_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do physical_network_mtus.append([physnet, params.get('mtu')]|join(":")) if params.get('mtu', False) %}
+{%- endfor %}
+physical_network_mtus = {{ ','.join(physical_network_mtus) }}
+
+# Default network type for external networks when no provider attributes are
+# specified. By default it is None, which means that if provider attributes are
+# not specified while creating external networks then they will have the same
+# type as tenant networks. Allowed values for external_network_type config
+# option depend on the network type values configured in type_drivers config
+# option. (string value)
+#external_network_type = <None>
+
+# IP version of all overlay (tunnel) network endpoints. Use a value of 4 for
+# IPv4 or 6 for IPv6. (integer value)
+#overlay_ip_version = 4
+
+
+[ml2_type_flat]
+
+#
+# From neutron.ml2
+#
+
+# List of physical_network names with which flat networks can be created. Use
+# default '*' to allow flat networks with arbitrary physical_network names. Use
+# an empty list to disable flat networks. (list value)
+#flat_networks = *
+flat_networks = *
+
+
+[ml2_type_geneve]
+
+#
+# From neutron.ml2
+#
+
+# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
+# Geneve VNI IDs that are available for tenant network allocation (list value)
+#vni_ranges =
+vni_ranges = {{ server.get('geneve', {}).vni_ranges|default('1:65536') }}
+
+# Geneve encapsulation header size is dynamic, this value is used to calculate
+# the maximum MTU for the driver. This is the sum of the sizes of the outer ETH
+# + IP + UDP + GENEVE header sizes. The default size for this field is 50,
+# which is the size of the Geneve header without any additional option headers.
+# (integer value)
+#max_header_size = 30
+max_header_size = 38
+
+
+[ml2_type_gre]
+
+#
+# From neutron.ml2
+#
+
+# Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE
+# tunnel IDs that are available for tenant network allocation (list value)
+#tunnel_id_ranges =
+tunnel_id_ranges =2:65535
+
+
+[ml2_type_vlan]
+
+#
+# From neutron.ml2
+#
+
+# List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network>
+# specifying physical_network names usable for VLAN provider and tenant
+# networks, as well as ranges of VLAN tags on each available for allocation to
+# tenant networks. (list value)
+#network_vlan_ranges =
+{%- set network_vlan_ranges = [] %}
+{%- if server.backend.external_vlan_range is defined %}
+{%- do network_vlan_ranges.append(['physnet1',server.backend.get('external_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do network_vlan_ranges.append(['physnet2',server.backend.get('tenant_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do network_vlan_ranges.append(['physnet3',server.backend.get('ironic_vlan_range')]|join(":")) %}
+{%- endif %}
+
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False)) %}
+{%- endfor %}
+network_vlan_ranges = {{ ','.join(network_vlan_ranges) }}
+
+[ml2_type_vxlan]
+
+#
+# From neutron.ml2
+#
+
+# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
+# VXLAN VNI IDs that are available for tenant network allocation (list value)
+#vni_ranges =
+vni_ranges = {{ server.get('vxlan', {}).vni_ranges|default('2:65535') }}
+
+# Multicast group for VXLAN. When configured, will enable sending all broadcast
+# traffic to this multicast group. When left unconfigured, will disable
+# multicast VXLAN mode. (string value)
+#vxlan_group = <None>
+vxlan_group = {{ server.get('vxlan', {}).group|default('224.0.0.1') }}
+
+
+[securitygroup]
+
+#
+# From neutron.ml2
+#
+
+# Driver for security groups firewall in the L2 agent (string value)
+#firewall_driver = <None>
+
+# Controls whether the neutron security group API is enabled in the server. It
+# should be false when using no security groups or using the nova security
+# group API. (boolean value)
+#enable_security_group = true
+
+{%- if not server.get('security_groups_enabled', True) %}
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+enable_security_group = False
+{%- elif server.dpdk or server.get('vlan_aware_vms', False) %}
+firewall_driver = openvswitch
+enable_security_group = True
+{%- else %}
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
+{%- endif %}
+
+# Use ipset to speed-up the iptables based security groups. Enabling ipset
+# support requires that ipset is installed on L2 agent node. (boolean value)
+#enable_ipset = true
+
+{%- if server.backend.engine == "ovn" %}
+[ovn]
+ovn_nb_connection = tcp:{{ server.controller_vip }}:6641
+ovn_sb_connection = tcp:{{ server.controller_vip }}:6642
+ovn_l3_scheduler = leastloaded
+{%- endif %}
+
+{%- if opendaylight_enabled %}
+[ml2_odl]
+# HTTP URL of OpenDaylight REST interface. (string value)
+url = {{ server.backend.protocol|default('http') }}://{{ server.backend.host }}:{{ server.backend.rest_api_port }}/controller/nb/v2/neutron
+
+# HTTP username for authentication. (string value)
+username = {{ server.backend.user }}
+
+# HTTP password for authentication. (string value)
+password = {{ server.backend.password }}
+
+# Name of the controller to be used for port binding. (string value)
+port_binding_controller = pseudo-agentdb-binding
+
+# Enable websocket for pseudo-agent-port-binding. (boolean value)
+enable_websocket_pseudo_agentdb = {{ server.backend.enable_websocket|default('false') }}
+
+# Enables the networking-odl driver to supply special neutron ports of
+# "dhcp" type to OpenDaylight Controller for its use in providing DHCP
+# Service. (boolean value)
+enable_dhcp_service = {{ server.backend.enable_dhcp_service|default('false') }}
+{%- endif %}
diff --git a/neutron/files/pike/neutron-generic.conf.Debian b/neutron/files/pike/neutron-generic.conf.Debian
new file mode 100644
index 0000000..fe9feae
--- /dev/null
+++ b/neutron/files/pike/neutron-generic.conf.Debian
@@ -0,0 +1,2102 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+[DEFAULT]
+
+#
+# From neutron
+#
+
+# Where to store Neutron state files. This directory must be writable by the
+# agent. (string value)
+#state_path = /var/lib/neutron
+state_path = /var/lib/neutron
+
+# The host IP to bind to (string value)
+#bind_host = 0.0.0.0
+
+# The port to bind to (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#bind_port = 9696
+
+# The path for API extensions. Note that this can be a colon-separated list of
+# paths. For example: api_extensions_path =
+# extensions:/path/to/more/exts:/even/more/exts. The __path__ of
+# neutron.extensions is appended to this, so if your extensions are in there
+# you don't need to specify them here. (string value)
+#api_extensions_path =
+
+# The type of authentication to use (string value)
+#auth_strategy = keystone
+auth_strategy = keystone
+
+{% if neutron.backend.engine == "ml2" %}
+
+core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
+
+service_plugins = {{ neutron.backend.get('router', 'router')}}, metering
+
+{% endif %}
+
+# The service plugins Neutron will use (list value)
+#service_plugins =
+
+# The base MAC address Neutron will use for VIFs. The first 3 octets will
+# remain unchanged. If the 4th octet is not 00, it will also be used. The
+# others will be randomly generated. (string value)
+#base_mac = fa:16:3e:00:00:00
+
+# Allow the usage of the bulk API (boolean value)
+#allow_bulk = true
+
+# The maximum number of items returned in a single response, value was
+# 'infinite' or negative integer means no limit (string value)
+#pagination_max_limit = -1
+
+# Default value of availability zone hints. The availability zone aware
+# schedulers use this when the resources availability_zone_hints is empty.
+# Multiple availability zones can be specified by a comma separated string.
+# This value can be empty. In this case, even if availability_zone_hints for a
+# resource is empty, availability zone is considered for high availability
+# while scheduling the resource. (list value)
+#default_availability_zones =
+
+# Maximum number of DNS nameservers per subnet (integer value)
+#max_dns_nameservers = 5
+
+# Maximum number of host routes per subnet (integer value)
+#max_subnet_host_routes = 20
+
+# DEPRECATED: Maximum number of fixed ips per port. This option is deprecated
+# and will be removed in the Ocata release. (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#max_fixed_ips_per_port = 5
+
+# Enables IPv6 Prefix Delegation for automatic subnet CIDR allocation. Set to
+# True to enable IPv6 Prefix Delegation for subnet allocation in a PD-capable
+# environment. Users making subnet creation requests for IPv6 subnets without
+# providing a CIDR or subnetpool ID will be given a CIDR via the Prefix
+# Delegation mechanism. Note that enabling PD will override the behavior of the
+# default IPv6 subnetpool. (boolean value)
+#ipv6_pd_enabled = false
+
+# DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite
+# lease times. (integer value)
+#dhcp_lease_duration = 86400
+dhcp_lease_duration = {{ neutron.dhcp_lease_duration|default('600') }}
+
+# Domain to use for building the hostnames (string value)
+#dns_domain = openstacklocal
+
+# Driver for external DNS integration. (string value)
+#external_dns_driver = <None>
+
+# Allow sending resource operation notification to DHCP agent (boolean value)
+#dhcp_agent_notification = true
+
+# Allow overlapping IP support in Neutron. Attention: the following parameter
+# MUST be set to False if Neutron is being used in conjunction with Nova
+# security groups. (boolean value)
+#allow_overlapping_ips = false
+allow_overlapping_ips = True
+
+# Hostname to be used by the Neutron server, agents and services running on
+# this machine. All the agents and services running on this machine must use
+# the same host value. (string value)
+#host = example.domain
+{% if neutron.host is defined %}
+host = {{ neutron.host }}
+{% endif %}
+
+# Send notification to nova when port status changes (boolean value)
+#notify_nova_on_port_status_changes = true
+notify_nova_on_port_status_changes = True
+
+# Send notification to nova when port data (fixed_ips/floatingip) changes so
+# nova can update its cache. (boolean value)
+#notify_nova_on_port_data_changes = true
+notify_nova_on_port_data_changes = True
+
+# Number of seconds between sending events to nova if there are any events to
+# send. (integer value)
+#send_events_interval = 2
+
+# Neutron IPAM (IP address management) driver to use. By default, the reference
+# implementation of the Neutron IPAM driver is used. (string value)
+#ipam_driver = internal
+
+# If True, then allow plugins that support it to create VLAN transparent
+# networks. (boolean value)
+#vlan_transparent = false
+
+# This will choose the web framework in which to run the Neutron API server.
+# 'pecan' is a new experimental rewrite of the API server. (string value)
+# Allowed values: legacy, pecan
+#web_framework = legacy
+
+# MTU of the underlying physical network. Neutron uses this value to calculate
+# MTU for all virtual network components. For flat and VLAN networks, neutron
+# uses this value without modification. For overlay networks such as VXLAN,
+# neutron automatically subtracts the overlay protocol overhead from this
+# value. Defaults to 1500, the standard value for Ethernet. (integer value)
+# Deprecated group/name - [ml2]/segment_mtu
+#global_physnet_mtu = 1500
+global_physnet_mtu = {{ neutron.get('global_physnet_mtu', '1500') }}
+
+# Number of backlog requests to configure the socket with (integer value)
+#backlog = 4096
+
+# Number of seconds to keep retrying to listen (integer value)
+#retry_until_window = 30
+
+# Enable SSL on the API server (boolean value)
+#use_ssl = false
+
+# Seconds between running periodic tasks. (integer value)
+#periodic_interval = 40
+
+# Number of separate API worker processes for service. If not specified, the
+# default is equal to the number of CPUs available for best performance.
+# (integer value)
+#api_workers = <None>
+
+# Number of RPC worker processes for service. (integer value)
+#rpc_workers = 1
+
+# Number of RPC worker processes dedicated to state reports queue. (integer
+# value)
+#rpc_state_report_workers = 1
+
+# Range of seconds to randomly delay when starting the periodic task scheduler
+# to reduce stampeding. (Disable by setting to 0) (integer value)
+#periodic_fuzzy_delay = 5
+
+#
+# From neutron.agent
+#
+
+# The driver used to manage the virtual interface. (string value)
+#interface_driver = <None>
+
+# Location for Metadata Proxy UNIX domain socket. (string value)
+#metadata_proxy_socket = $state_path/metadata_proxy
+
+# User (uid or name) running metadata proxy after its initialization (if empty:
+# agent effective user). (string value)
+#metadata_proxy_user =
+
+# Group (gid or name) running metadata proxy after its initialization (if
+# empty: agent effective group). (string value)
+#metadata_proxy_group =
+
+# Enable/Disable log watch by metadata proxy. It should be disabled when
+# metadata_proxy_user/group is not allowed to read/write its log file and
+# copytruncate logrotate option must be used if logrotate is enabled on
+# metadata proxy log files. Option default value is deduced from
+# metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent
+# effective user id/name. (boolean value)
+#metadata_proxy_watch_log = <None>
+
+#
+# From neutron.db
+#
+
+# Representing the resource type whose load is being reported by the agent.
+# This can be "networks", "subnets" or "ports". When specified (Default is
+# networks), the server will extract particular load sent as part of its agent
+# configuration object from the agent report state, which is the number of
+# resources being consumed, at every report_interval.dhcp_load_type can be used
+# in combination with network_scheduler_driver =
+# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler When the
+# network_scheduler_driver is WeightScheduler, dhcp_load_type can be configured
+# to represent the choice for the resource being balanced. Example:
+# dhcp_load_type=networks (string value)
+# Allowed values: networks, subnets, ports
+#dhcp_load_type = networks
+
+# Agent starts with admin_state_up=False when enable_new_agents=False. In the
+# case, user's resources will not be scheduled automatically to the agent until
+# admin changes admin_state_up to True. (boolean value)
+#enable_new_agents = true
+
+# Maximum number of routes per router (integer value)
+#max_routes = 30
+
+# Define the default value of enable_snat if not provided in
+# external_gateway_info. (boolean value)
+#enable_snat_by_default = true
+
+# Driver to use for scheduling network to DHCP agent (string value)
+#network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
+
+# Allow auto scheduling networks to DHCP agent. (boolean value)
+#network_auto_schedule = true
+
+# Automatically remove networks from offline DHCP agents. (boolean value)
+#allow_automatic_dhcp_failover = true
+
+# Number of DHCP agents scheduled to host a tenant network. If this number is
+# greater than 1, the scheduler automatically assigns multiple DHCP agents for
+# a given tenant network, providing high availability for DHCP service.
+# (integer value)
+#dhcp_agents_per_network = 1
+
+# Enable services on an agent with admin_state_up False. If this option is
+# False, when admin_state_up of an agent is turned False, services on it will
+# be disabled. Agents with admin_state_up False are not selected for automatic
+# scheduling regardless of this option. But manual scheduling to such agents is
+# available if this option is True. (boolean value)
+#enable_services_on_agents_with_admin_state_down = false
+
+# The base mac address used for unique DVR instances by Neutron. The first 3
+# octets will remain unchanged. If the 4th octet is not 00, it will also be
+# used. The others will be randomly generated. The 'dvr_base_mac' *must* be
+# different from 'base_mac' to avoid mixing them up with MAC's allocated for
+# tenant ports. A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00.
+# The default is 3 octet (string value)
+#dvr_base_mac = fa:16:3f:00:00:00
+
+# System-wide flag to determine the type of router that tenants can create.
+# Only admin can override. (boolean value)
+#router_distributed = false
+
+# Driver to use for scheduling router to a default L3 agent (string value)
+#router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
+
+# Allow auto scheduling of routers to L3 agent. (boolean value)
+#router_auto_schedule = true
+
+# Automatically reschedule routers from offline L3 agents to online L3 agents.
+# (boolean value)
+#allow_automatic_l3agent_failover = false
+
+# Enable HA mode for virtual routers. (boolean value)
+#l3_ha = false
+
+# Maximum number of L3 agents which a HA router will be scheduled on. If it is
+# set to 0 then the router will be scheduled on every agent. (integer value)
+#max_l3_agents_per_router = 3
+
+# Subnet used for the l3 HA admin network. (string value)
+#l3_ha_net_cidr = 169.254.192.0/18
+
+# The network type to use when creating the HA network for an HA router. By
+# default or if empty, the first 'tenant_network_types' is used. This is
+# helpful when the VRRP traffic should use a specific network which is not the
+# default one. (string value)
+#l3_ha_network_type =
+
+# The physical network name with which the HA network can be created. (string
+# value)
+#l3_ha_network_physical_name =
+
+#
+# From neutron.extensions
+#
+
+# Maximum number of allowed address pairs (integer value)
+#max_allowed_address_pair = 10
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+#
+# From oslo.messaging
+#
+
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+zmq_linger = 30
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target
+# ( < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+agent_down_time = 30
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
+executor_thread_pool_size = 70
+
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout = 60
+rpc_response_timeout=120
+
+# A URL representing the messaging driver to use and its full configuration.
+# (string value)
+#transport_url = <None>
+
+{%- set rabbit_port = neutron.message_queue.get('port', 5671 if neutron.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
+{%- if neutron.message_queue.members is defined %}
+transport_url = rabbit://{% for member in neutron.message_queue.members -%}
+ {{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
+ {%- if not loop.last -%},{%- endif -%}
+ {%- endfor -%}
+ /{{ neutron.message_queue.virtual_host }}
+{%- else %}
+transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ rabbit_port }}/{{ neutron.message_queue.virtual_host }}
+{%- endif %}
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
+# include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rpc_backend = rabbit
+
+# The default exchange under which topics are scoped. May be overridden by an
+# exchange name specified in the transport_url option. (string value)
+#control_exchange = neutron
+
+#
+# From oslo.service.wsgi
+#
+
+# File name for the paste.deploy config for api service (string value)
+#api_paste_config = api-paste.ini
+
+# A python format string that is used as the template to generate log lines.
+# The following values can beformatted into it: client_ip, date_time,
+# request_line, status_code, body_length, wall_seconds. (string value)
+#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
+
+# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not
+# supported on OS X. (integer value)
+#tcp_keepidle = 600
+
+# Size of the pool of greenthreads used by wsgi (integer value)
+#wsgi_default_pool_size = 100
+
+# Maximum line size of message headers to be accepted. max_header_line may need
+# to be increased when using large tokens (typically those generated when
+# keystone is configured to use PKI tokens with big service catalogs). (integer
+# value)
+#max_header_line = 16384
+
+# If False, closes the client socket connection explicitly. (boolean value)
+#wsgi_keep_alive = true
+
+# Timeout for client connections' socket operations. If an incoming connection
+# is idle for this number of seconds it will be closed. A value of '0' means
+# wait forever. (integer value)
+#client_socket_timeout = 900
+
+
+[agent]
+
+#
+# From neutron.agent
+#
+
+# Root helper application. Use 'sudo neutron-rootwrap
+# /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to
+# 'sudo' to skip the filtering and just run the command directly. (string
+# value)
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+# Use the root helper when listing the namespaces on a system. This may not be
+# required depending on the security configuration. If the root helper is not
+# required, set this to False for a performance improvement. (boolean value)
+#use_helper_for_ns_read = true
+
+# Root helper daemon application to use when possible. For the agent which
+# needs to execute commands in Dom0 in the hypervisor of XenServer, this item
+# should be set to 'xenapi_root_helper', so that it will keep a XenAPI session
+# to pass commands to Dom0. (string value)
+{%- if neutron.root_helper_daemon|default(True) %}
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
+{%- else %}
+#root_helper_daemon = <None>
+{%- endif %}
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+report_interval = 10
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+# Add comments to iptables rules. Set to false to disallow the addition of
+# comments to generated iptables rules that describe each rule's purpose.
+# System must support the iptables comments module for addition of comments.
+# (boolean value)
+#comment_iptables_rules = true
+
+# Duplicate every iptables difference calculation to ensure the format being
+# generated matches the format of iptables-save. This option should not be
+# turned on for production systems because it imposes a performance penalty.
+# (boolean value)
+#debug_iptables_rules = false
+
+# Action to be executed when a child process dies (string value)
+# Allowed values: respawn, exit
+#check_child_processes_action = respawn
+
+# Interval between checks of child process liveness (seconds), use 0 to disable
+# (integer value)
+#check_child_processes_interval = 60
+
+# Availability zone of this node (string value)
+#availability_zone = nova
+availability_zone = {{ neutron.availability_zone|default('nova') }}
+
+
+[cors]
+
+#
+# From oslo.middleware.cors
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware.cors
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+
+
+[database]
+
+#
+# From neutron.db
+#
+
+# Database engine for which script will be generated when using offline
+# migration. (string value)
+#engine =
+
+#
+# From oslo.db
+#
+
+# DEPRECATED: The file name to use with SQLite. (string value)
+# Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect
+# the database.
+#sqlite_db = oslo.sqlite
+
+# If True, SQLite uses synchronous mode. (boolean value)
+# Deprecated group/name - [DEFAULT]/sqlite_synchronous
+#sqlite_synchronous = true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+connection = sqlite:////var/lib/neutron/neutron.sqlite
+
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
+#slave_connection = <None>
+
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set
+# by the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
+#mysql_sql_mode = TRADITIONAL
+
+# Timeout before idle SQL connections are reaped. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#idle_timeout = 3600
+
+# Minimum number of SQL connections to keep open in a pool. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a value of
+# 0 indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = 5
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
+
+# Interval between retries of opening a SQL connection. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
+
+# Enable the experimental use of database reconnect on connection lost.
+# (boolean value)
+#use_db_reconnect = false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
+
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
+#db_max_retry_interval = 10
+
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
+#db_max_retries = 20
+
+
+[keystone_authtoken]
+
+#
+# From keystonemiddleware.auth_token
+#
+
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. (string
+# value)
+#auth_uri = <None>
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
+#delay_auth_decision = false
+
+# Request timeout value for communicating with Identity API server. (integer
+# value)
+#http_connect_timeout = <None>
+
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
+#http_request_max_retries = 3
+
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
+#cache = <None>
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#signing_dir = <None>
+
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
+#memcached_servers = <None>
+
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set
+# to -1 to disable caching completely. (integer value)
+#token_cache_time = 300
+
+# DEPRECATED: Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of revocation
+# events combined with a low cache duration may significantly reduce
+# performance. Only valid for PKI tokens. This option has been deprecated in
+# the Ocata release and will be removed in the P release. (integer value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#revocation_cache_time = 10
+
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
+
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
+#memcache_secret_key = <None>
+
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
+#memcache_pool_dead_retry = 300
+
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
+#memcache_pool_maxsize = 10
+
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
+#memcache_pool_socket_timeout = 3
+
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
+#memcache_pool_unused_timeout = 60
+
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout = 10
+
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool = false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
+#enforce_token_bind = permissive
+
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#check_revocations_for_cached = false
+
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#hash_algorithms = md5
+
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
+#service_token_roles = service
+
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
+#service_token_roles_required = false
+
+# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
+# (string value)
+#auth_admin_prefix =
+
+# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+#auth_host = 127.0.0.1
+
+# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (integer value)
+#auth_port = 35357
+
+# Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+# Allowed values: http, https
+#auth_protocol = https
+
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
+#identity_uri = <None>
+
+# This option is deprecated and may be removed in a future release. Single
+# shared secret with the Keystone configuration used for bootstrapping a
+# Keystone installation, or otherwise bypassing the normal authentication
+# process. This option should not be used, use `admin_user` and
+# `admin_password` instead. (string value)
+#admin_token = <None>
+
+# Service username. (string value)
+#admin_user = <None>
+
+# Service user password. (string value)
+#admin_password = <None>
+
+# Service tenant name. (string value)
+#admin_tenant_name = admin
+
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section = <None>
+
+
+[matchmaker_redis]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Host to locate redis. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#host = 127.0.0.1
+
+# DEPRECATED: Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#port = 6379
+
+# DEPRECATED: Password for Redis server (optional). (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#password =
+
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
+# [host:port, host1:port ... ] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#sentinel_hosts =
+
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
+
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 2000
+
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations. (integer value)
+#socket_timeout = 10000
+
+
+[nova]
+
+#
+# From neutron
+#
+
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+
+# Type of the nova endpoint to use. This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Allowed values: public, admin, internal
+#endpoint_type = public
+
+#
+# From nova.auth
+#
+
+# Authentication URL (string value)
+#auth_url = <None>
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+# Deprecated group/name - [nova]/tenant-id
+#project_id = <None>
+
+# Project name to scope to (string value)
+# Deprecated group/name - [nova]/tenant-name
+#project_name = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User id (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [nova]/user-name
+#username = <None>
+
+
+[oslo_concurrency]
+
+#
+# From oslo.concurrency
+#
+
+# Enables or disables inter-process locks. (boolean value)
+# Deprecated group/name - [DEFAULT]/disable_process_locking
+#disable_process_locking = false
+
+# Directory to use for lock files. For security, the specified directory
+# should only be writable by the user running the processes that need locking.
+# Defaults to environment variable OSLO_LOCK_PATH. If OSLO_LOCK_PATH is not set
+# in the environment, use the Python tempfile.gettempdir function to find a
+# suitable location. If external locks are used, a lock path must be set.
+# (string value)
+# Deprecated group/name - [DEFAULT]/lock_path
+#lock_path = /tmp
+lock_path = $state_path/lock
+
+
+[oslo_messaging_amqp]
+
+#
+# From oslo.messaging
+#
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+
+# CA certificate PEM file used to verify the server's certificate (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Self-identifying certificate PEM file for client authentication (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign ssl_cert_file certificate (optional)
+# (string value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+
+# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Not applicable - not a SSL server
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval = 1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff = 2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max = 30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay = 10
+
+# The maximum number of attempts to re-send a reply message which failed due to
+# a recoverable error. (integer value)
+# Minimum value: -1
+#default_reply_retry = 0
+
+# The deadline for an rpc reply message delivery. (integer value)
+# Minimum value: 5
+#default_reply_timeout = 30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout = 30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout = 30
+
+# The duration to schedule a purge of idle sender links. Detach link after
+# expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout = 600
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy' - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic' - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode = dynamic
+
+# address prefix used when sending to a specific server (string value)
+# Deprecated group/name - [amqp1]/server_request_prefix
+#server_request_prefix = exclusive
+
+# address prefix used when broadcasting to all servers (string value)
+# Deprecated group/name - [amqp1]/broadcast_prefix
+#broadcast_prefix = broadcast
+
+# address prefix when sending to any server in group (string value)
+# Deprecated group/name - [amqp1]/group_request_prefix
+#group_request_prefix = unicast
+
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix = openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix = openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address = multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address = unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-
+# robin fashion across consumers. (string value)
+#anycast_address = anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange = <None>
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange = <None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit = 200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit = 100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit = 100
+
+# Send messages of this type pre-settled.
+# Pre-settled messages will not receive acknowledgement
+# from the peer. Note well: pre-settled messages may be
+# silently discarded if the delivery fails.
+# Permitted values:
+# 'rpc-call' - send RPC Calls pre-settled
+# 'rpc-reply'- send RPC Replies pre-settled
+# 'rpc-cast' - Send RPC Casts pre-settled
+# 'notify' - Send Notifications pre-settled
+# (multi valued)
+#pre_settled = rpc-cast
+#pre_settled = rpc-reply
+
+
+[oslo_messaging_kafka]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Default Kafka broker Host (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_host = localhost
+
+# DEPRECATED: Default Kafka broker Port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_port = 9092
+
+# Max fetch bytes of Kafka consumer (integer value)
+#kafka_max_fetch_bytes = 1048576
+
+# Default timeout(s) for Kafka consumers (integer value)
+#kafka_consumer_timeout = 1.0
+
+# Pool Size for Kafka Consumers (integer value)
+#pool_size = 10
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# Group id for Kafka consumer. Consumers in one group will coordinate message
+# consumption (string value)
+#consumer_group = oslo_messaging_consumer
+
+# Upper bound on the delay for KafkaProducer batching in seconds (floating
+# point value)
+#producer_batch_timeout = 0.0
+
+# Size of batch for the producer async send (integer value)
+#producer_batch_size = 16384
+
+
+[oslo_messaging_notifications]
+
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+{%- if neutron.notification is mapping %}
+driver = {{ neutron.notification.get('driver', 'messagingv2') }}
+{%- if neutron.notification.topics is defined %}
+topics = {{ neutron.notification.topics }}
+{%- endif %}
+{%- elif neutron.get('notification', False) %}
+driver = messagingv2
+{%- endif %}
+# A URL representing the messaging driver to use for notifications. If not set,
+# we fall back to the same configuration used for RPC. (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+
+[oslo_messaging_rabbit]
+
+#
+# From oslo.messaging
+#
+
+{%- if neutron.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if neutron.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ neutron.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.get('cacert_file', neutron.cacert_file) }}
+{%- endif %}
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+#amqp_auto_delete = false
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_version
+#kombu_ssl_version =
+
+# SSL key file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
+#kombu_ssl_keyfile =
+
+# SSL cert file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
+#kombu_ssl_certfile =
+
+# SSL certification authority file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
+#kombu_ssl_ca_certs =
+
+# How long to wait before reconnecting in response to an AMQP consumer cancel
+# notification. (floating point value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
+#kombu_reconnect_delay = 1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
+# be used. This option may not be available in future versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client before abandoning to send it its replies.
+# This value should not be longer than rpc_response_timeout. (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we are
+# currently connected to becomes unavailable. Takes effect only if more than
+# one RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy = round-robin
+
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_host = localhost
+
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
+# value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_port = 5672
+
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_hosts = $rabbit_host:$rabbit_port
+
+# Connect over SSL for RabbitMQ. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
+#rabbit_use_ssl = false
+
+# DEPRECATED: The RabbitMQ userid. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_userid = guest
+
+# DEPRECATED: The RabbitMQ password. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_password = guest
+
+# The RabbitMQ login method. (string value)
+# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
+# Deprecated group/name - [DEFAULT]/rabbit_login_method
+#rabbit_login_method = AMQPLAIN
+
+# DEPRECATED: The RabbitMQ virtual host. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_virtual_host = /
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval = 1
+rabbit_retry_interval = 1
+
+# How long to backoff for between retries when connecting to RabbitMQ. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
+#rabbit_retry_backoff = 2
+rabbit_retry_backoff = 2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
+# (integer value)
+#rabbit_interval_max = 30
+
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#rabbit_max_retries = 0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
+# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
+# is no longer controlled by the x-ha-policy argument when declaring a queue.
+# If you just want to make sure that all queues (except those with auto-
+# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
+# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
+#rabbit_ha_queues = false
+
+# Positive integer representing duration in seconds for queue TTL (x-expires).
+# Queues which are unused for the duration of the TTL are automatically
+# deleted. The parameter affects only reply and fanout queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+#rabbit_qos_prefetch_count = 0
+
+# Number of seconds after which the Rabbit broker is considered down if
+# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
+# value)
+#heartbeat_timeout_threshold = 60
+heartbeat_timeout_threshold = 0
+
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
+#heartbeat_rate = 2
+heartbeat_rate = 2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
+# Deprecated group/name - [DEFAULT]/fake_rabbit
+#fake_rabbit = false
+
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer value)
+#heartbeat_interval = 3
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point
+# value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error (floating
+# point value)
+#host_connection_reconnect_delay = 0.25
+
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory = single
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 30
+
+# Maximum number of connections to create above `pool_max_size`. (integer
+# value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available (integer
+# value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are considered stale
+# in seconds or None for no staleness. Stale connections are closed on acquire.
+# (integer value)
+#pool_stale = 60
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+#default_serializer_type = json
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during sending
+# notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending
+# notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to rpc
+# listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to rpc reply
+# listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during sending
+# reply. -1 means infinite retry during rpc_timeout (integer value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending
+# reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during sending RPC
+# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
+# request could be processed more than one time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending RPC
+# message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target
+# ( < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware.http_proxy_to_wsgi
+#
+
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing = false
+
+
+[oslo_policy]
+
+#
+# From oslo.policy
+#
+
+# The file that defines policies. (string value)
+# Deprecated group/name - [DEFAULT]/policy_file
+#policy_file = policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string value)
+# Deprecated group/name - [DEFAULT]/policy_default_rule
+#policy_default_rule = default
+
+# Directories where policy configuration files are stored. They can be relative
+# to any directory in the search path defined by the config_dir option, or
+# absolute paths. The file defined by policy_file must exist for these
+# directories to be searched. Missing or empty directories are ignored. (multi
+# valued)
+# Deprecated group/name - [DEFAULT]/policy_dirs
+#policy_dirs = policy.d
+
+
+[qos]
+
+#
+# From neutron.qos
+#
+
+# DEPRECATED: Drivers list to use to send the update notification. This option
+# will be unused in Pike. (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#notification_drivers = message_queue
+
+
+[quotas]
+
+#
+# From neutron
+#
+
+# Default number of resource allowed per tenant. A negative value means
+# unlimited. (integer value)
+#default_quota = -1
+
+# Number of networks allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_network = 10
+
+# Number of subnets allowed per tenant, A negative value means unlimited.
+# (integer value)
+#quota_subnet = 10
+
+# Number of ports allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_port = 50
+
+# Default driver to use for quota checks. (string value)
+#quota_driver = neutron.db.quota.driver.DbQuotaDriver
+
+# Keep in track in the database of current resource quota usage. Plugins which
+# do not leverage the neutron database should set this flag to False. (boolean
+# value)
+#track_quota_usage = true
+
+#
+# From neutron.extensions
+#
+
+# Number of routers allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_router = 10
+
+# Number of floating IPs allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_floatingip = 50
+
+# Number of security groups allowed per tenant. A negative value means
+# unlimited. (integer value)
+#quota_security_group = 10
+
+# Number of security rules allowed per tenant. A negative value means
+# unlimited. (integer value)
+#quota_security_group_rule = 100
+
+
+[ssl]
+
+#
+# From oslo.service.sslutils
+#
+
+# CA certificate file to use to verify connecting clients. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_ca_file
+#ca_file = <None>
+
+# Certificate file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_cert_file
+#cert_file = <None>
+
+# Private key file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_key_file
+#key_file = <None>
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+#version = <None>
+
+# Sets the list of available ciphers. value should be a string in the OpenSSL
+# cipher list format. (string value)
+#ciphers = <None>
+
+{%- if neutron.backend.ovsdb_connection is defined %}
+[ovs]
+ovsdb_connection = {{ neutron.backend.ovsdb_connection }}
+{%- endif %}
diff --git a/neutron/files/pike/neutron-server b/neutron/files/pike/neutron-server
new file mode 100644
index 0000000..d147249
--- /dev/null
+++ b/neutron/files/pike/neutron-server
@@ -0,0 +1,24 @@
+# Generated by Salt.
+{%- from "neutron/map.jinja" import server with context %}
+
+# defaults for neutron-server
+
+# path to config file corresponding to the core_plugin specified in
+# neutron.conf
+#NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
+
+{%- if server.backend.engine in ["ml2", "ovn"] %}
+NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"
+{%- endif %}
+
+{%- if server.backend.engine == "contrail" %}
+NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
+{%- endif %}
+
+{%- if server.logging.log_appender %}
+DAEMON_ARGS="${DAEMON_ARGS} --log-config-append=/etc/neutron/logging/logging-neutron-server.conf"
+{%- endif %}
+
+{%- if server.l2gw is defined and server.l2gw.get('enabled', False) %}
+DAEMON_ARGS="${DAEMON_ARGS} --config-file=/etc/neutron/l2gw_plugin.ini"
+{%- endif %}
diff --git a/neutron/files/pike/neutron-server.conf.Debian b/neutron/files/pike/neutron-server.conf.Debian
new file mode 100644
index 0000000..963aa65
--- /dev/null
+++ b/neutron/files/pike/neutron-server.conf.Debian
@@ -0,0 +1,2289 @@
+{%- from "neutron/map.jinja" import fwaas, server with context %}
+[DEFAULT]
+
+#
+# From neutron
+#
+
+# Where to store Neutron state files. This directory must be writable by the
+# agent. (string value)
+#state_path = /var/lib/neutron
+state_path = /var/lib/neutron
+
+# The host IP to bind to (string value)
+#bind_host = 0.0.0.0
+bind_host = {{ server.bind.address }}
+
+# The port to bind to (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#bind_port = 9696
+bind_port = {{ server.bind.port }}
+
+# The path for API extensions. Note that this can be a colon-separated list of
+# paths. For example: api_extensions_path =
+# extensions:/path/to/more/exts:/even/more/exts. The __path__ of
+# neutron.extensions is appended to this, so if your extensions are in there
+# you don't need to specify them here. (string value)
+#api_extensions_path =
+agent_down_time = 30
+
+# The type of authentication to use (string value)
+#auth_strategy = keystone
+auth_strategy = keystone
+
+{% if server.backend.engine == "contrail" %}
+
+api_extensions_path = extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/dist-packages/neutron_lbaas/extensions
+# The core plugin Neutron will use (string value)
+core_plugin = neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
+
+service_plugins = neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
+
+{% elif server.backend.engine in ["ml2", "ovn"] %}
+
+core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
+
+{% if server.backend.engine == "ml2" %}
+{% set l3_plugin = 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' %}
+{% elif server.backend.engine == "ovn" %}
+{% set l3_plugin = 'networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' %}
+{% endif %}
+
+service_plugins = {{ server.backend.get('router', l3_plugin)}},metering
+{%- if server.lbaas is defined -%},lbaasv2{%- endif -%}
+{%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%}
+{%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%}
+{%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%}
+{%- if server.l2gw is defined and server.l2gw.get('enabled', False) -%},networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin{%- endif -%}
+{%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%}
+
+{% endif %}
+
+# The service plugins Neutron will use (list value)
+#service_plugins =
+{% if server.get('allow_pagination', false) %}
+allow_pagination = True
+{% else %}
+allow_pagination = False
+{% endif %}
+
+# The base MAC address Neutron will use for VIFs. The first 3 octets will
+# remain unchanged. If the 4th octet is not 00, it will also be used. The
+# others will be randomly generated. (string value)
+#base_mac = fa:16:3e:00:00:00
+
+# Allow the usage of the bulk API (boolean value)
+#allow_bulk = true
+
+# The maximum number of items returned in a single response, value was
+# 'infinite' or negative integer means no limit (string value)
+#pagination_max_limit = -1
+pagination_max_limit = {{ server.pagination_max_limit|default('-1') }}
+
+# Default value of availability zone hints. The availability zone aware
+# schedulers use this when the resources availability_zone_hints is empty.
+# Multiple availability zones can be specified by a comma separated string.
+# This value can be empty. In this case, even if availability_zone_hints for a
+# resource is empty, availability zone is considered for high availability
+# while scheduling the resource. (list value)
+#default_availability_zones =
+
+# Maximum number of DNS nameservers per subnet (integer value)
+#max_dns_nameservers = 5
+
+# Maximum number of host routes per subnet (integer value)
+#max_subnet_host_routes = 20
+
+# DEPRECATED: Maximum number of fixed ips per port. This option is deprecated
+# and will be removed in the Ocata release. (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#max_fixed_ips_per_port = 5
+
+# Enables IPv6 Prefix Delegation for automatic subnet CIDR allocation. Set to
+# True to enable IPv6 Prefix Delegation for subnet allocation in a PD-capable
+# environment. Users making subnet creation requests for IPv6 subnets without
+# providing a CIDR or subnetpool ID will be given a CIDR via the Prefix
+# Delegation mechanism. Note that enabling PD will override the behavior of the
+# default IPv6 subnetpool. (boolean value)
+#ipv6_pd_enabled = false
+
+# DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite
+# lease times. (integer value)
+#dhcp_lease_duration = 86400
+dhcp_lease_duration = {{ server.dhcp_lease_duration|default('600') }}
+
+# Domain to use for building the hostnames (string value)
+#dns_domain = openstacklocal
+dns_domain = {{ server.dns_domain }}
+
+# Driver for external DNS integration. (string value)
+#external_dns_driver = <None>
+{%- if server.backend.get('extension', {}).get('dns', {}).get('enabled', False) %}
+external_dns_driver={{ server.backend.get('extension', {}).get('dns', {}).get('engine', '') }}
+{%- endif %}
+
+# Allow sending resource operation notification to DHCP agent (boolean value)
+#dhcp_agent_notification = true
+
+# Allow overlapping IP support in Neutron. Attention: the following parameter
+# MUST be set to False if Neutron is being used in conjunction with Nova
+# security groups. (boolean value)
+#allow_overlapping_ips = false
+allow_overlapping_ips = True
+
+# Hostname to be used by the Neutron server, agents and services running on
+# this machine. All the agents and services running on this machine must use
+# the same host value. (string value)
+#host = example.domain
+
+# Send notification to nova when port status changes (boolean value)
+#notify_nova_on_port_status_changes = true
+notify_nova_on_port_status_changes = true
+
+# Send notification to nova when port data (fixed_ips/floatingip) changes so
+# nova can update its cache. (boolean value)
+#notify_nova_on_port_data_changes = true
+notify_nova_on_port_data_changes = true
+
+# Number of seconds between sending events to nova if there are any events to
+# send. (integer value)
+#send_events_interval = 2
+
+# Neutron IPAM (IP address management) driver to use. By default, the reference
+# implementation of the Neutron IPAM driver is used. (string value)
+#ipam_driver = internal
+
+# If True, then allow plugins that support it to create VLAN transparent
+# networks. (boolean value)
+#vlan_transparent = false
+
+# This will choose the web framework in which to run the Neutron API server.
+# 'pecan' is a new experimental rewrite of the API server. (string value)
+# Allowed values: legacy, pecan
+#web_framework = legacy
+
+# MTU of the underlying physical network. Neutron uses this value to calculate
+# MTU for all virtual network components. For flat and VLAN networks, neutron
+# uses this value without modification. For overlay networks such as VXLAN,
+# neutron automatically subtracts the overlay protocol overhead from this
+# value. Defaults to 1500, the standard value for Ethernet. (integer value)
+# Deprecated group/name - [ml2]/segment_mtu
+#global_physnet_mtu = 1500
+global_physnet_mtu = {{ server.get('global_physnet_mtu', '1500') }}
+
+# Number of backlog requests to configure the socket with (integer value)
+#backlog = 4096
+
+# Number of seconds to keep retrying to listen (integer value)
+#retry_until_window = 30
+
+# Enable SSL on the API server (boolean value)
+#use_ssl = false
+
+# Seconds between running periodic tasks. (integer value)
+#periodic_interval = 40
+
+# Number of separate API worker processes for service. If not specified, the
+# default is equal to the number of CPUs available for best performance.
+# (integer value)
+#api_workers = <None>
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
+
+# Number of RPC worker processes for service. (integer value)
+#rpc_workers = 1
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- else %}
+rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
+
+
+# Number of RPC worker processes dedicated to state reports queue. (integer
+# value)
+#rpc_state_report_workers = 1
+{%- if server.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ server.rpc_state_report_workers }}
+{%- else %}
+rpc_state_report_workers = 4
+{%- endif %}
+
+# Range of seconds to randomly delay when starting the periodic task scheduler
+# to reduce stampeding. (Disable by setting to 0) (integer value)
+#periodic_fuzzy_delay = 5
+
+#
+# From neutron.agent
+#
+
+# The driver used to manage the virtual interface. (string value)
+#interface_driver = <None>
+
+# Location for Metadata Proxy UNIX domain socket. (string value)
+#metadata_proxy_socket = $state_path/metadata_proxy
+
+# User (uid or name) running metadata proxy after its initialization (if empty:
+# agent effective user). (string value)
+#metadata_proxy_user =
+
+# Group (gid or name) running metadata proxy after its initialization (if
+# empty: agent effective group). (string value)
+#metadata_proxy_group =
+
+# Enable/Disable log watch by metadata proxy. It should be disabled when
+# metadata_proxy_user/group is not allowed to read/write its log file and
+# copytruncate logrotate option must be used if logrotate is enabled on
+# metadata proxy log files. Option default value is deduced from
+# metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent
+# effective user id/name. (boolean value)
+#metadata_proxy_watch_log = <None>
+
+#
+# From neutron.db
+#
+
+# Representing the resource type whose load is being reported by the agent.
+# This can be "networks", "subnets" or "ports". When specified (Default is
+# networks), the server will extract particular load sent as part of its agent
+# configuration object from the agent report state, which is the number of
+# resources being consumed, at every report_interval.dhcp_load_type can be used
+# in combination with network_scheduler_driver =
+# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler When the
+# network_scheduler_driver is WeightScheduler, dhcp_load_type can be configured
+# to represent the choice for the resource being balanced. Example:
+# dhcp_load_type=networks (string value)
+# Allowed values: networks, subnets, ports
+#dhcp_load_type = networks
+
+# Agent starts with admin_state_up=False when enable_new_agents=False. In the
+# case, user's resources will not be scheduled automatically to the agent until
+# admin changes admin_state_up to True. (boolean value)
+#enable_new_agents = true
+
+# Maximum number of routes per router (integer value)
+#max_routes = 30
+
+# Define the default value of enable_snat if not provided in
+# external_gateway_info. (boolean value)
+#enable_snat_by_default = true
+
+# Driver to use for scheduling network to DHCP agent (string value)
+#network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
+
+# Allow auto scheduling networks to DHCP agent. (boolean value)
+#network_auto_schedule = true
+
+# Automatically remove networks from offline DHCP agents. (boolean value)
+#allow_automatic_dhcp_failover = true
+
+# Number of DHCP agents scheduled to host a tenant network. If this number is
+# greater than 1, the scheduler automatically assigns multiple DHCP agents for
+# a given tenant network, providing high availability for DHCP service.
+# (integer value)
+#dhcp_agents_per_network = 1
+dhcp_agents_per_network = 2
+
+# Enable services on an agent with admin_state_up False. If this option is
+# False, when admin_state_up of an agent is turned False, services on it will
+# be disabled. Agents with admin_state_up False are not selected for automatic
+# scheduling regardless of this option. But manual scheduling to such agents is
+# available if this option is True. (boolean value)
+#enable_services_on_agents_with_admin_state_down = false
+
+# The base mac address used for unique DVR instances by Neutron. The first 3
+# octets will remain unchanged. If the 4th octet is not 00, it will also be
+# used. The others will be randomly generated. The 'dvr_base_mac' *must* be
+# different from 'base_mac' to avoid mixing them up with MAC's allocated for
+# tenant ports. A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00.
+# The default is 3 octet (string value)
+#dvr_base_mac = fa:16:3f:00:00:00
+
+# System-wide flag to determine the type of router that tenants can create.
+# Only admin can override. (boolean value)
+#router_distributed = false
+router_distributed = {{ server.get('dvr', 'False') }}
+
+# Driver to use for scheduling router to a default L3 agent (string value)
+#router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
+router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
+
+# Allow auto scheduling of routers to L3 agent. (boolean value)
+#router_auto_schedule = true
+
+# Automatically reschedule routers from offline L3 agents to online L3 agents.
+# (boolean value)
+#allow_automatic_l3agent_failover = false
+allow_automatic_l3agent_failover = true
+
+# Enable HA mode for virtual routers. (boolean value)
+#l3_ha = false
+l3_ha = {{ server.get('l3_ha', 'False') }}
+
+# Maximum number of L3 agents which a HA router will be scheduled on. If it is
+# set to 0 then the router will be scheduled on every agent. (integer value)
+#max_l3_agents_per_router = 3
+max_l3_agents_per_router = 0
+
+# Subnet used for the l3 HA admin network. (string value)
+#l3_ha_net_cidr = 169.254.192.0/18
+
+# The network type to use when creating the HA network for an HA router. By
+# default or if empty, the first 'tenant_network_types' is used. This is
+# helpful when the VRRP traffic should use a specific network which is not the
+# default one. (string value)
+#l3_ha_network_type =
+
+# The physical network name with which the HA network can be created. (string
+# value)
+#l3_ha_network_physical_name =
+
+#
+# From neutron.extensions
+#
+
+# Maximum number of allowed address pairs (integer value)
+#max_allowed_address_pair = 10
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+#
+# From oslo.messaging
+#
+
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+zmq_linger = 30
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target
+# ( < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
+executor_thread_pool_size = 70
+
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout = 60
+rpc_response_timeout=120
+
+# A URL representing the messaging driver to use and its full configuration.
+# (string value)
+#transport_url = <None>
+
+{%- set rabbit_port = server.message_queue.get('port', 5671 if server.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
+{%- if server.message_queue.members is defined %}
+transport_url = rabbit://{% for member in server.message_queue.members -%}
+ {{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
+ {%- if not loop.last -%},{%- endif -%}
+ {%- endfor -%}
+ /{{ server.message_queue.virtual_host }}
+{%- else %}
+transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ rabbit_port }}/{{ server.message_queue.virtual_host }}
+{%- endif %}
+
+# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
+# include amqp and zmq. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rpc_backend = rabbit
+
+# The default exchange under which topics are scoped. May be overridden by an
+# exchange name specified in the transport_url option. (string value)
+#control_exchange = neutron
+
+#
+# From oslo.service.wsgi
+#
+
+# File name for the paste.deploy config for api service (string value)
+#api_paste_config = api-paste.ini
+
+# A python format string that is used as the template to generate log lines.
+# The following values can beformatted into it: client_ip, date_time,
+# request_line, status_code, body_length, wall_seconds. (string value)
+#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
+
+# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not
+# supported on OS X. (integer value)
+#tcp_keepidle = 600
+
+# Size of the pool of greenthreads used by wsgi (integer value)
+#wsgi_default_pool_size = 100
+
+# Maximum line size of message headers to be accepted. max_header_line may need
+# to be increased when using large tokens (typically those generated when
+# keystone is configured to use PKI tokens with big service catalogs). (integer
+# value)
+#max_header_line = 16384
+
+# If False, closes the client socket connection explicitly. (boolean value)
+#wsgi_keep_alive = true
+
+# Timeout for client connections' socket operations. If an incoming connection
+# is idle for this number of seconds it will be closed. A value of '0' means
+# wait forever. (integer value)
+#client_socket_timeout = 900
+nova_url = http://{{ server.compute.host }}:8774/v2
+
+
+[agent]
+
+#
+# From neutron.agent
+#
+
+# Root helper application. Use 'sudo neutron-rootwrap
+# /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to
+# 'sudo' to skip the filtering and just run the command directly. (string
+# value)
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+# Use the root helper when listing the namespaces on a system. This may not be
+# required depending on the security configuration. If the root helper is not
+# required, set this to False for a performance improvement. (boolean value)
+#use_helper_for_ns_read = true
+
+# Root helper daemon application to use when possible. For the agent which
+# needs to execute commands in Dom0 in the hypervisor of XenServer, this item
+# should be set to 'xenapi_root_helper', so that it will keep a XenAPI session
+# to pass commands to Dom0. (string value)
+{%- if server.root_helper_daemon|default(True) %}
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
+{%- else %}
+#root_helper_daemon = <None>
+{%- endif %}
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+report_interval = 10
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+# Add comments to iptables rules. Set to false to disallow the addition of
+# comments to generated iptables rules that describe each rule's purpose.
+# System must support the iptables comments module for addition of comments.
+# (boolean value)
+#comment_iptables_rules = true
+
+# Duplicate every iptables difference calculation to ensure the format being
+# generated matches the format of iptables-save. This option should not be
+# turned on for production systems because it imposes a performance penalty.
+# (boolean value)
+#debug_iptables_rules = false
+
+# Action to be executed when a child process dies (string value)
+# Allowed values: respawn, exit
+#check_child_processes_action = respawn
+
+# Interval between checks of child process liveness (seconds), use 0 to disable
+# (integer value)
+#check_child_processes_interval = 60
+
+# Availability zone of this node (string value)
+#availability_zone = nova
+
+
+[cors]
+
+#
+# From oslo.middleware.cors
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin = <None>
+{%- if server.cors.allowed_origin is defined %}
+allowed_origin = {{ server.cors.allowed_origin }}
+{%- endif %}
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
+{%- if server.cors.allow_credentials is defined %}
+allow_credentials = {{ server.cors.allow_credentials }}
+{%- endif %}
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion
+{%- if server.cors.expose_headers is defined %}
+expose_headers = {{ server.cors.expose_headers }}
+{%- endif %}
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+{%- if server.cors.max_age is defined %}
+max_age = {{ server.cors.max_age }}
+{%- endif %}
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+{%- if server.cors.allow_methods is defined %}
+allow_methods = {{ server.cors.allow_methods }}
+{%- endif %}
+
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+{%- if server.cors.allow_headers is defined %}
+allow_headers = {{ server.cors.allow_headers }}
+{%- endif %}
+
+[cors.subdomain]
+
+#
+# From oslo.middleware.cors
+#
+
+# Indicate whether this resource may be shared with the domain received in the
+# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
+# slash. Example: https://horizon.example.com (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
+# Headers. (list value)
+#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual request.
+# (list value)
+#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+
+
+[database]
+
+#
+# From neutron.db
+#
+
+# Database engine for which script will be generated when using offline
+# migration. (string value)
+#engine =
+
+#
+# From oslo.db
+#
+
+# DEPRECATED: The file name to use with SQLite. (string value)
+# Deprecated group/name - [DEFAULT]/sqlite_db
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Should use config option connection or slave_connection to connect
+# the database.
+#sqlite_db = oslo.sqlite
+
+# If True, SQLite uses synchronous mode. (boolean value)
+# Deprecated group/name - [DEFAULT]/sqlite_synchronous
+#sqlite_synchronous = true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database. (string
+# value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+
+{% if server.backend.engine in ["ml2", "ovn"] %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
+{% else %}
+connection = sqlite:////var/lib/neutron/neutron.sqlite
+{% endif %}
+# The SQLAlchemy connection string to use to connect to the slave database.
+# (string value)
+#slave_connection = <None>
+
+# The SQL mode to be used for MySQL sessions. This option, including the
+# default, overrides any server-set SQL mode. To use whatever SQL mode is set
+# by the server configuration, set this to no value. Example: mysql_sql_mode=
+# (string value)
+#mysql_sql_mode = TRADITIONAL
+
+# Timeout before idle SQL connections are reaped. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#idle_timeout = 3600
+idle_timeout = 3600
+
+# Minimum number of SQL connections to keep open in a pool. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool. Setting a value of
+# 0 indicates no limit. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = 5
+max_pool_size = {{ [grains.num_cpus * 5, 30] | sort | first }}
+
+# Maximum number of database connection retries during startup. Set to -1 to
+# specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
+max_retries = -1
+
+# Interval between retries of opening a SQL connection. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
+retry_interval = 2
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
+max_overflow = 20
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
+# value)
+# Minimum value: 0
+# Maximum value: 100
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
+
+# Enable the experimental use of database reconnect on connection lost.
+# (boolean value)
+#use_db_reconnect = false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
+
+# If True, increases the interval between retries of a database operation up to
+# db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries of a
+# database operation. (integer value)
+#db_max_retry_interval = 10
+
+# Maximum retries in case of connection error or deadlock error before error is
+# raised. Set to -1 to specify an infinite retry count. (integer value)
+#db_max_retries = 20
+
+
+[keystone_authtoken]
+{% if server.backend.engine == "contrail" %}
+admin_token = {{ server.backend.token }}
+admin_user={{ server.backend.user }}
+admin_password={{ server.backend.password }}
+admin_tenant_name={{ server.backend.tenant }}
+{%- endif %}
+auth_region={{ server.identity.region }}
+auth_protocol=http
+revocation_cache_time = 10
+auth_type = password
+auth_host = {{ server.identity.host }}
+auth_port = 35357
+user_domain_id = {{ server.identity.get('domain', 'default') }}
+project_domain_id = {{ server.identity.get('domain', 'default') }}
+project_name = {{ server.identity.tenant }}
+username = {{ server.identity.user }}
+password = {{ server.identity.password }}
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+{%- if server.cache is defined %}
+memcached_servers={%- for member in server.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+{%- endif %}
+#
+# From keystonemiddleware.auth_token
+#
+
+# Complete "public" Identity API endpoint. This endpoint should not be an
+# "admin" endpoint, as it should be accessible by all end users.
+# Unauthenticated clients are redirected to this endpoint to authenticate.
+# Although this endpoint should ideally be unversioned, client support in the
+# wild varies. If you're using a versioned v2 endpoint here, then this should
+# *not* be the same endpoint the service user utilizes for validating tokens,
+# because normal end users may not be able to reach that endpoint. (string
+# value)
+#auth_uri = <None>
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+# Do not handle authorization requests within the middleware, but delegate the
+# authorization decision to downstream WSGI components. (boolean value)
+#delay_auth_decision = false
+
+# Request timeout value for communicating with Identity API server. (integer
+# value)
+#http_connect_timeout = <None>
+
+# How many times are we trying to reconnect when communicating with Identity
+# API Server. (integer value)
+#http_request_max_retries = 3
+
+# Request environment key where the Swift cache object is stored. When
+# auth_token middleware is deployed with a Swift cache, use this option to have
+# the middleware share a caching backend with swift. Otherwise, use the
+# ``memcached_servers`` option instead. (string value)
+#cache = <None>
+
+# Required if identity server requires client certificate (string value)
+#certfile = <None>
+
+# Required if identity server requires client certificate (string value)
+#keyfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
+# DEPRECATED: Directory used to cache files related to PKI tokens. This option
+# has been deprecated in the Ocata release and will be removed in the P
+# release. (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#signing_dir = <None>
+
+# Optionally specify a list of memcached server(s) to use for caching. If left
+# undefined, tokens will instead be cached in-process. (list value)
+# Deprecated group/name - [keystone_authtoken]/memcache_servers
+#memcached_servers = <None>
+
+# In order to prevent excessive effort spent validating tokens, the middleware
+# caches previously-seen tokens for a configurable duration (in seconds). Set
+# to -1 to disable caching completely. (integer value)
+#token_cache_time = 300
+
+# DEPRECATED: Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of revocation
+# events combined with a low cache duration may significantly reduce
+# performance. Only valid for PKI tokens. This option has been deprecated in
+# the Ocata release and will be removed in the P release. (integer value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#revocation_cache_time = 10
+
+# (Optional) If defined, indicate whether token data should be authenticated or
+# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
+# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
+# cache. If the value is not one of these options or empty, auth_token will
+# raise an exception on initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
+
+# (Optional, mandatory if memcache_security_strategy is defined) This string is
+# used for key derivation. (string value)
+#memcache_secret_key = <None>
+
+# (Optional) Number of seconds memcached server is considered dead before it is
+# tried again. (integer value)
+#memcache_pool_dead_retry = 300
+
+# (Optional) Maximum total number of open connections to every memcached
+# server. (integer value)
+#memcache_pool_maxsize = 10
+
+# (Optional) Socket timeout in seconds for communicating with a memcached
+# server. (integer value)
+#memcache_pool_socket_timeout = 3
+
+# (Optional) Number of seconds a connection to memcached is held unused in the
+# pool before it is closed. (integer value)
+#memcache_pool_unused_timeout = 60
+
+# (Optional) Number of seconds that an operation will wait to get a memcached
+# client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout = 10
+
+# (Optional) Use the advanced (eventlet safe) memcached client pool. The
+# advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool = false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
+# middleware will not ask for service catalog on token validation and will not
+# set the X-Service-Catalog header. (boolean value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to: "disabled"
+# to not check token binding. "permissive" (default) to validate binding
+# information if the bind type is of a form known to the server and ignore it
+# if not. "strict" like "permissive" but if the bind type is unknown the token
+# will be rejected. "required" any form of token binding is needed to be
+# allowed. Finally the name of a binding method that must be present in tokens.
+# (string value)
+#enforce_token_bind = permissive
+
+# DEPRECATED: If true, the revocation list will be checked for cached tokens.
+# This requires that PKI tokens are configured on the identity server. (boolean
+# value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#check_revocations_for_cached = false
+
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given, so put
+# the preferred one first for performance. The result of the first hash will be
+# stored in the cache. This will typically be set to multiple values only while
+# migrating from a less secure algorithm to a more secure one. Once all the old
+# tokens are expired this option should be set to a single value for better
+# performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
+#hash_algorithms = md5
+
+# A choice of roles that must be present in a service token. Service tokens are
+# allowed to request that an expired token can be used and so this check should
+# tightly control that only actual services should be sending this token. Roles
+# here are applied as an ANY check so any role in this list must be present.
+# For backwards compatibility reasons this currently only affects the
+# allow_expired check. (list value)
+#service_token_roles = service
+
+# For backwards compatibility reasons we must let valid service tokens pass
+# that don't pass the service_token_roles check as valid. Setting this true
+# will become the default in a future release and should be enabled if
+# possible. (boolean value)
+#service_token_roles_required = false
+
+# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
+# (string value)
+#auth_admin_prefix =
+
+# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+#auth_host = 127.0.0.1
+
+# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (integer value)
+#auth_port = 35357
+
+# Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
+# (string value)
+# Allowed values: http, https
+#auth_protocol = https
+
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
+#identity_uri = <None>
+
+# This option is deprecated and may be removed in a future release. Single
+# shared secret with the Keystone configuration used for bootstrapping a
+# Keystone installation, or otherwise bypassing the normal authentication
+# process. This option should not be used, use `admin_user` and
+# `admin_password` instead. (string value)
+#admin_token = <None>
+
+# Service username. (string value)
+#admin_user = <None>
+
+# Service user password. (string value)
+#admin_password = <None>
+
+# Service tenant name. (string value)
+#admin_tenant_name = admin
+
+# Authentication type to load (string value)
+# Deprecated group/name - [keystone_authtoken]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (string value)
+#auth_section = <None>
+
+
+[matchmaker_redis]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Host to locate redis. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#host = 127.0.0.1
+
+# DEPRECATED: Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#port = 6379
+
+# DEPRECATED: Password for Redis server (optional). (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#password =
+
+# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
+# [host:port, host1:port ... ] (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#sentinel_hosts =
+
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
+
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 2000
+
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations. (integer value)
+#socket_timeout = 10000
+
+
+[nova]
+
+#
+# From neutron
+#
+
+# Name of nova region to use. Useful if keystone manages more than one region.
+# (string value)
+#region_name = <None>
+region_name = {{ server.compute.region }}
+
+# Type of the nova endpoint to use. This endpoint will be looked up in the
+# keystone catalog and should be one of public, internal or admin. (string
+# value)
+# Allowed values: public, admin, internal
+#endpoint_type = public
+endpoint_type = {{ server.identity.get('endpoint_type', 'public') }}
+
+#
+# From nova.auth
+#
+
+# Authentication URL (string value)
+#auth_url = <None>
+user_domain_id = {{ server.identity.get('domain', 'default') }}
+project_domain_id = {{ server.identity.get('domain', 'default') }}
+project_name = {{ server.identity.tenant }}
+password = {{ server.compute.password }}
+username = {{ server.compute.user }}
+auth_type = password
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+
+# Authentication type to load (string value)
+# Deprecated group/name - [nova]/auth_plugin
+#auth_type = <None>
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# (string value)
+#cafile = <None>
+
+# PEM encoded client certificate cert file (string value)
+#certfile = <None>
+
+# Optional domain ID to use with v3 and v2 parameters. It will be used for both
+# the user and project domain in v3 and ignored in v2 authentication. (string
+# value)
+#default_domain_id = <None>
+
+# Optional domain name to use with v3 API and v2 parameters. It will be used
+# for both the user and project domain in v3 and ignored in v2 authentication.
+# (string value)
+#default_domain_name = <None>
+
+# Domain ID to scope to (string value)
+#domain_id = <None>
+
+# Domain name to scope to (string value)
+#domain_name = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# PEM encoded client certificate key file (string value)
+#keyfile = <None>
+
+# User's password (string value)
+#password = <None>
+
+# Domain ID containing project (string value)
+#project_domain_id = <None>
+
+# Domain name containing project (string value)
+#project_domain_name = <None>
+
+# Project ID to scope to (string value)
+# Deprecated group/name - [nova]/tenant-id
+#project_id = <None>
+
+# Project name to scope to (string value)
+# Deprecated group/name - [nova]/tenant-name
+#project_name = <None>
+
+# Tenant ID (string value)
+#tenant_id = <None>
+
+# Tenant Name (string value)
+#tenant_name = <None>
+
+# Timeout value for http requests (integer value)
+#timeout = <None>
+
+# Trust ID (string value)
+#trust_id = <None>
+
+# User's domain id (string value)
+#user_domain_id = <None>
+
+# User's domain name (string value)
+#user_domain_name = <None>
+
+# User id (string value)
+#user_id = <None>
+
+# Username (string value)
+# Deprecated group/name - [nova]/user-name
+#username = <None>
+
+
+[oslo_concurrency]
+
+#
+# From oslo.concurrency
+#
+
+# Enables or disables inter-process locks. (boolean value)
+# Deprecated group/name - [DEFAULT]/disable_process_locking
+#disable_process_locking = false
+
+# Directory to use for lock files. For security, the specified directory
+# should only be writable by the user running the processes that need locking.
+# Defaults to environment variable OSLO_LOCK_PATH. If OSLO_LOCK_PATH is not set
+# in the environment, use the Python tempfile.gettempdir function to find a
+# suitable location. If external locks are used, a lock path must be set.
+# (string value)
+# Deprecated group/name - [DEFAULT]/lock_path
+#lock_path = /tmp
+lock_path = $state_path/lock
+
+
+[oslo_messaging_amqp]
+
+#
+# From oslo.messaging
+#
+
+# Name for the AMQP container. must be globally unique. Defaults to a generated
+# UUID (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+
+# CA certificate PEM file used to verify the server's certificate (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Self-identifying certificate PEM file for client authentication (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign ssl_cert_file certificate (optional)
+# (string value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+
+# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Not applicable - not a SSL server
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+# Seconds to pause before attempting to re-connect. (integer value)
+# Minimum value: 1
+#connection_retry_interval = 1
+
+# Increase the connection_retry_interval by this many seconds after each
+# unsuccessful failover attempt. (integer value)
+# Minimum value: 0
+#connection_retry_backoff = 2
+
+# Maximum limit for connection_retry_interval + connection_retry_backoff
+# (integer value)
+# Minimum value: 1
+#connection_retry_interval_max = 30
+
+# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
+# recoverable error. (integer value)
+# Minimum value: 1
+#link_retry_delay = 10
+
+# The maximum number of attempts to re-send a reply message which failed due to
+# a recoverable error. (integer value)
+# Minimum value: -1
+#default_reply_retry = 0
+
+# The deadline for an rpc reply message delivery. (integer value)
+# Minimum value: 5
+#default_reply_timeout = 30
+
+# The deadline for an rpc cast or call message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_send_timeout = 30
+
+# The deadline for a sent notification message delivery. Only used when caller
+# does not provide a timeout expiry. (integer value)
+# Minimum value: 5
+#default_notify_timeout = 30
+
+# The duration to schedule a purge of idle sender links. Detach link after
+# expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout = 600
+
+# Indicates the addressing mode used by the driver.
+# Permitted values:
+# 'legacy' - use legacy non-routable addressing
+# 'routable' - use routable addresses
+# 'dynamic' - use legacy addresses if the message bus does not support routing
+# otherwise use routable addressing (string value)
+#addressing_mode = dynamic
+
+# address prefix used when sending to a specific server (string value)
+# Deprecated group/name - [amqp1]/server_request_prefix
+#server_request_prefix = exclusive
+
+# address prefix used when broadcasting to all servers (string value)
+# Deprecated group/name - [amqp1]/broadcast_prefix
+#broadcast_prefix = broadcast
+
+# address prefix when sending to any server in group (string value)
+# Deprecated group/name - [amqp1]/group_request_prefix
+#group_request_prefix = unicast
+
+# Address prefix for all generated RPC addresses (string value)
+#rpc_address_prefix = openstack.org/om/rpc
+
+# Address prefix for all generated Notification addresses (string value)
+#notify_address_prefix = openstack.org/om/notify
+
+# Appended to the address prefix when sending a fanout message. Used by the
+# message bus to identify fanout messages. (string value)
+#multicast_address = multicast
+
+# Appended to the address prefix when sending to a particular RPC/Notification
+# server. Used by the message bus to identify messages sent to a single
+# destination. (string value)
+#unicast_address = unicast
+
+# Appended to the address prefix when sending to a group of consumers. Used by
+# the message bus to identify messages that should be delivered in a round-
+# robin fashion across consumers. (string value)
+#anycast_address = anycast
+
+# Exchange name used in notification addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_notification_exchange if set
+# else control_exchange if set
+# else 'notify' (string value)
+#default_notification_exchange = <None>
+
+# Exchange name used in RPC addresses.
+# Exchange name resolution precedence:
+# Target.exchange if set
+# else default_rpc_exchange if set
+# else control_exchange if set
+# else 'rpc' (string value)
+#default_rpc_exchange = <None>
+
+# Window size for incoming RPC Reply messages. (integer value)
+# Minimum value: 1
+#reply_link_credit = 200
+
+# Window size for incoming RPC Request messages (integer value)
+# Minimum value: 1
+#rpc_server_credit = 100
+
+# Window size for incoming Notification messages (integer value)
+# Minimum value: 1
+#notify_server_credit = 100
+
+# Send messages of this type pre-settled.
+# Pre-settled messages will not receive acknowledgement
+# from the peer. Note well: pre-settled messages may be
+# silently discarded if the delivery fails.
+# Permitted values:
+# 'rpc-call' - send RPC Calls pre-settled
+# 'rpc-reply'- send RPC Replies pre-settled
+# 'rpc-cast' - Send RPC Casts pre-settled
+# 'notify' - Send Notifications pre-settled
+# (multi valued)
+#pre_settled = rpc-cast
+#pre_settled = rpc-reply
+
+
+[oslo_messaging_kafka]
+
+#
+# From oslo.messaging
+#
+
+# DEPRECATED: Default Kafka broker Host (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_host = localhost
+
+# DEPRECATED: Default Kafka broker Port (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#kafka_default_port = 9092
+
+# Max fetch bytes of Kafka consumer (integer value)
+#kafka_max_fetch_bytes = 1048576
+
+# Default timeout(s) for Kafka consumers (integer value)
+#kafka_consumer_timeout = 1.0
+
+# Pool Size for Kafka Consumers (integer value)
+#pool_size = 10
+
+# The pool size limit for connections expiration policy (integer value)
+#conn_pool_min_size = 2
+
+# The time-to-live in sec of idle connections in the pool (integer value)
+#conn_pool_ttl = 1200
+
+# Group id for Kafka consumer. Consumers in one group will coordinate message
+# consumption (string value)
+#consumer_group = oslo_messaging_consumer
+
+# Upper bound on the delay for KafkaProducer batching in seconds (floating
+# point value)
+#producer_batch_timeout = 0.0
+
+# Size of batch for the producer async send (integer value)
+#producer_batch_size = 16384
+
+
+[oslo_messaging_notifications]
+
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+{%- if server.notification is mapping %}
+driver = {{ server.notification.get('driver', 'messagingv2') }}
+{%- if server.notification.topics is defined %}
+topics = {{ server.notification.topics }}
+{%- endif %}
+{%- elif server.notification %}
+driver = messagingv2
+{%- endif %}
+
+# A URL representing the messaging driver to use for notifications. If not set,
+# we fall back to the same configuration used for RPC. (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+
+[oslo_messaging_rabbit]
+
+#
+# From oslo.messaging
+#
+
+{%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbit_use_ssl=true
+
+{%- if server.message_queue.ssl.version is defined %}
+kombu_ssl_version = {{ server.message_queue.ssl.version }}
+{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
+kombu_ssl_version = TLSv1_2
+{%- endif %}
+
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+#amqp_auto_delete = false
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_version
+#kombu_ssl_version =
+
+# SSL key file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
+#kombu_ssl_keyfile =
+
+# SSL cert file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
+#kombu_ssl_certfile =
+
+# SSL certification authority file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
+#kombu_ssl_ca_certs =
+
+# How long to wait before reconnecting in response to an AMQP consumer cancel
+# notification. (floating point value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
+#kombu_reconnect_delay = 1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
+# be used. This option may not be available in future versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client before abandoning to send it its replies.
+# This value should not be longer than rpc_response_timeout. (integer value)
+# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we are
+# currently connected to becomes unavailable. Takes effect only if more than
+# one RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy = round-robin
+
+# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_host = localhost
+
+# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
+# value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rabbit_port
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_port = 5672
+
+# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/rabbit_hosts
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_hosts = $rabbit_host:$rabbit_port
+
+# Connect over SSL for RabbitMQ. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
+#rabbit_use_ssl = false
+
+# DEPRECATED: The RabbitMQ userid. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_userid
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_userid = guest
+
+# DEPRECATED: The RabbitMQ password. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_password
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_password = guest
+
+# The RabbitMQ login method. (string value)
+# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
+# Deprecated group/name - [DEFAULT]/rabbit_login_method
+#rabbit_login_method = AMQPLAIN
+
+# DEPRECATED: The RabbitMQ virtual host. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Replaced by [DEFAULT]/transport_url
+#rabbit_virtual_host = /
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval = 1
+rabbit_retry_interval = 1
+
+# How long to backoff for between retries when connecting to RabbitMQ. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
+#rabbit_retry_backoff = 2
+rabbit_retry_backoff = 2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
+# (integer value)
+#rabbit_interval_max = 30
+
+# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#rabbit_max_retries = 0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
+# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
+# is no longer controlled by the x-ha-policy argument when declaring a queue.
+# If you just want to make sure that all queues (except those with auto-
+# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
+# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
+#rabbit_ha_queues = false
+
+# Positive integer representing duration in seconds for queue TTL (x-expires).
+# Queues which are unused for the duration of the TTL are automatically
+# deleted. The parameter affects only reply and fanout queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+#rabbit_qos_prefetch_count = 0
+
+# Number of seconds after which the Rabbit broker is considered down if
+# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
+# value)
+#heartbeat_timeout_threshold = 60
+heartbeat_timeout_threshold = 0
+
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
+#heartbeat_rate = 2
+heartbeat_rate = 2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
+# Deprecated group/name - [DEFAULT]/fake_rabbit
+#fake_rabbit = false
+
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer value)
+#heartbeat_interval = 3
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point
+# value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error (floating
+# point value)
+#host_connection_reconnect_delay = 0.25
+
+# Connection factory implementation (string value)
+# Allowed values: new, single, read_write
+#connection_factory = single
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 30
+
+# Maximum number of connections to create above `pool_max_size`. (integer
+# value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available (integer
+# value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are considered stale
+# in seconds or None for no staleness. Stale connections are closed on acquire.
+# (integer value)
+#pool_stale = 60
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+#default_serializer_type = json
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during sending
+# notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending
+# notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to rpc
+# listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to rpc reply
+# listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during sending
+# reply. -1 means infinite retry during rpc_timeout (integer value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending
+# reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during sending RPC
+# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
+# request could be processed more than one time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during sending RPC
+# message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_messaging_zmq]
+
+#
+# From oslo.messaging
+#
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, sentinel, dummy
+# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
+#rpc_zmq_matchmaker = redis
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic. Default is
+# unlimited. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
+# "host" option, if running Nova. (string value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_host
+#rpc_zmq_host = localhost
+
+# Number of seconds to wait before all pending messages will be sent after
+# closing a socket. The default value of -1 specifies an infinite linger
+# period. The value of 0 specifies no linger period. Pending messages shall be
+# discarded immediately when the socket is closed. Positive values specify an
+# upper bound for the linger period. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
+#zmq_linger = -1
+
+# The default number of seconds that poll should wait. Poll raises timeout
+# exception when timeout expired. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about existing target
+# ( < 0 means no timeout). (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_expire
+#zmq_target_expire = 300
+
+# Update period in seconds of a name service record about existing target.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/zmq_target_update
+#zmq_target_update = 180
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
+# value)
+# Deprecated group/name - [DEFAULT]/use_pub_sub
+#use_pub_sub = false
+
+# Use ROUTER remote proxy. (boolean value)
+# Deprecated group/name - [DEFAULT]/use_router_proxy
+#use_router_proxy = false
+
+# This option makes direct connections dynamic or static. It makes sense only
+# with use_router_proxy=False which means to use direct connections for direct
+# message types (ignored otherwise). (boolean value)
+#use_dynamic_connections = false
+
+# How many additional connections to a host will be made for failover reasons.
+# This option is actual only in dynamic connections mode. (integer value)
+#zmq_failover_connections = 2
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
+#rpc_zmq_min_port = 49153
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with ZMQBindError.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
+#rpc_zmq_bind_port_retries = 100
+
+# Default serialization mechanism for serializing/deserializing
+# outgoing/incoming messages (string value)
+# Allowed values: json, msgpack
+# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
+#rpc_zmq_serialization = json
+
+# This option configures round-robin mode in zmq socket. True means not keeping
+# a queue when server side disconnects. False means to keep queue and messages
+# even if server is disconnected, when the server appears we send all
+# accumulated messages to it. (boolean value)
+#zmq_immediate = true
+
+# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
+# other negative value) means to skip any overrides and leave it to OS default;
+# 0 and 1 (or any other positive value) mean to disable and enable the option
+# respectively. (integer value)
+#zmq_tcp_keepalive = -1
+
+# The duration between two keepalive transmissions in idle condition. The unit
+# is platform dependent, for example, seconds in Linux, milliseconds in Windows
+# etc. The default value of -1 (or any other negative value and 0) means to
+# skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_idle = -1
+
+# The number of retransmissions to be carried out before declaring that remote
+# end is not available. The default value of -1 (or any other negative value
+# and 0) means to skip any overrides and leave it to OS default. (integer
+# value)
+#zmq_tcp_keepalive_cnt = -1
+
+# The duration between two successive keepalive retransmissions, if
+# acknowledgement to the previous keepalive transmission is not received. The
+# unit is platform dependent, for example, seconds in Linux, milliseconds in
+# Windows etc. The default value of -1 (or any other negative value and 0)
+# means to skip any overrides and leave it to OS default. (integer value)
+#zmq_tcp_keepalive_intvl = -1
+
+# Maximum number of (green) threads to work concurrently. (integer value)
+#rpc_thread_pool_size = 100
+
+# Expiration timeout in seconds of a sent/received message after which it is
+# not tracked anymore by a client/server. (integer value)
+#rpc_message_ttl = 300
+
+# Wait for message acknowledgements from receivers. This mechanism works only
+# via proxy without PUB/SUB. (boolean value)
+#rpc_use_acks = false
+
+# Number of seconds to wait for an ack from a cast/call. After each retry
+# attempt this timeout is multiplied by some specified multiplier. (integer
+# value)
+#rpc_ack_timeout_base = 15
+
+# Number to multiply base ack timeout by after each retry attempt. (integer
+# value)
+#rpc_ack_timeout_multiplier = 2
+
+# Default number of message sending attempts in case of any problems occurred:
+# positive value N means at most N retries, 0 means no retries, None or -1 (or
+# any other negative values) mean to retry forever. This option is used only if
+# acknowledgments are enabled. (integer value)
+#rpc_retry_attempts = 3
+
+# List of publisher hosts SubConsumer can subscribe on. This option has higher
+# priority then the default publishers list taken from the matchmaker. (list
+# value)
+#subscribe_on =
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware.http_proxy_to_wsgi
+#
+
+# Whether the application is behind a proxy or not. This determines if the
+# middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing = false
+
+
+[oslo_policy]
+
+#
+# From oslo.policy
+#
+
+# The file that defines policies. (string value)
+# Deprecated group/name - [DEFAULT]/policy_file
+#policy_file = policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string value)
+# Deprecated group/name - [DEFAULT]/policy_default_rule
+#policy_default_rule = default
+
+# Directories where policy configuration files are stored. They can be relative
+# to any directory in the search path defined by the config_dir option, or
+# absolute paths. The file defined by policy_file must exist for these
+# directories to be searched. Missing or empty directories are ignored. (multi
+# valued)
+# Deprecated group/name - [DEFAULT]/policy_dirs
+#policy_dirs = policy.d
+
+
+[qos]
+
+#
+# From neutron.qos
+#
+
+# DEPRECATED: Drivers list to use to send the update notification. This option
+# will be unused in Pike. (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#notification_drivers = message_queue
+
+
+[quotas]
+
+#
+# From neutron
+#
+
+# Default number of resource allowed per tenant. A negative value means
+# unlimited. (integer value)
+#default_quota = -1
+
+# Number of networks allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_network = 10
+
+# Number of subnets allowed per tenant, A negative value means unlimited.
+# (integer value)
+#quota_subnet = 10
+
+# Number of ports allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_port = 50
+
+# Default driver to use for quota checks. (string value)
+#quota_driver = neutron.db.quota.driver.DbQuotaDriver
+{% if server.backend.engine == "contrail" %}
+quota_driver = neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
+{% endif %}
+# Keep in track in the database of current resource quota usage. Plugins which
+# do not leverage the neutron database should set this flag to False. (boolean
+# value)
+#track_quota_usage = true
+
+#
+# From neutron.extensions
+#
+
+# Number of routers allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_router = 10
+
+# Number of floating IPs allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_floatingip = 50
+
+# Number of security groups allowed per tenant. A negative value means
+# unlimited. (integer value)
+#quota_security_group = 10
+
+# Number of security rules allowed per tenant. A negative value means
+# unlimited. (integer value)
+#quota_security_group_rule = 100
+
+
+[ssl]
+
+#
+# From oslo.service.sslutils
+#
+
+# CA certificate file to use to verify connecting clients. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_ca_file
+#ca_file = <None>
+
+# Certificate file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_cert_file
+#cert_file = <None>
+
+# Private key file to use when starting the server securely. (string value)
+# Deprecated group/name - [DEFAULT]/ssl_key_file
+#key_file = <None>
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+#version = <None>
+
+# Sets the list of available ciphers. value should be a string in the OpenSSL
+# cipher list format. (string value)
+#ciphers = <None>
+[service_providers]
+
+{% if server.get('bgp_vpn', {}).get('enabled', False) -%}
+
+{%- if server.bgp_vpn.driver == "bagpipe" -%}
+
+service_provider = BGPVPN:BaGPipe:networking_bgpvpn.neutron.services.service_drivers.bagpipe.bagpipe.BaGPipeBGPVPNDriver:default
+
+{%- elif server.bgp_vpn.driver == "opencontrail" -%}
+
+service_provider = BGPVPN:OpenContrail:networking_bgpvpn.neutron.services.service_drivers.opencontrail.opencontrail.OpenContrailBGPVPNDriver:default
+
+{%- elif server.bgp_vpn.driver == "opendaylight" -%}
+
+service_provider = BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default
+
+{%- endif -%}
+{%- endif -%}
+
+{% if server.lbaas is defined -%}
+
+{%- if server.lbaas.enabled -%}
+
+{%- for lbaas_name, lbaas in server.lbaas.providers.iteritems() %}
+
+service_provider=LOADBALANCERV2:{{ lbaas_name }}:{{ lbaas.get('driver_path', 'avi_lbaasv2.avi_driver.AviDriver') }}:default
+
+[{{ lbaas_name }}]
+
+{% if lbaas.engine == "octavia" %}
+
+base_url = {{ lbaas.base_url }}
+request_poll_timeout = 3000
+
+[service_auth]
+auth_version = 2
+admin_password = {{ server.identity.password }}
+admin_user = {{ server.identity.user }}
+admin_tenant_name = {{ server.identity.tenant }}
+auth_url = http://{{ server.identity.host }}:35357/v2.0
+{%- endif -%}
+
+{% if lbaas.engine == "avinetworks" %}
+address={{ lbaas.controller_address }}
+user={{ lbaas.controller_user }}
+password={{ lbaas.controller_password }}
+cloud={{ lbaas.controller_cloud_name }}
+{%- endif -%}
+
+{%- endfor -%}
+
+{% endif %}
+
+{% elif server.backend.engine == "contrail" %}
+
+service_provider = LOADBALANCERV2:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDummyDriver:default
+
+{% include "neutron/files/"+server.version+"/ContrailPlugin.ini" %}
+
+{% endif %}
+
+{%- if server.backend.get('extension', {}).get('dns', {}).get('enabled', False) and server.backend.get('extension', {}).get('dns', {}).get('engine', '') == 'designate' %}
+[designate]
+{%- if server.backend.get('extension', {}).get('dns', {}).get('url', False) %}
+url = {{ server.backend.extension.dns.url }}
+{%- else %}
+#url = <None>
+{%- endif %}
+auth_region={{ server.identity.region }}
+auth_type = password
+user_domain_id = {{ server.identity.get('domain', 'default') }}
+project_domain_id = {{ server.identity.get('domain', 'default') }}
+project_name = {{ server.identity.tenant }}
+username = {{ server.identity.user }}
+password = {{ server.identity.password }}
+auth_url=http://{{ server.identity.host }}:35357
+{%- endif %}
+
+{%- if server.backend.ovsdb_connection is defined %}
+[ovs]
+ovsdb_connection = {{ server.backend.ovsdb_connection }}
+{%- endif %}
diff --git a/neutron/files/pike/openvswitch_agent.ini b/neutron/files/pike/openvswitch_agent.ini
new file mode 100644
index 0000000..dc997df
--- /dev/null
+++ b/neutron/files/pike/openvswitch_agent.ini
@@ -0,0 +1,365 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+
+[DEFAULT]
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+
+[agent]
+
+#
+# From neutron.ml2.ovs.agent
+#
+
+# The number of seconds the agent will wait between polling for local device
+# changes. (integer value)
+#polling_interval = 2
+
+# Minimize polling by monitoring ovsdb for interface changes. (boolean value)
+#minimize_polling = true
+
+# The number of seconds to wait before respawning the ovsdb monitor after
+# losing communication with it. (integer value)
+#ovsdb_monitor_respawn_interval = 30
+
+{%- if "vxlan" in neutron.backend.tenant_network_types %}
+tunnel_types =vxlan
+
+# The UDP port to use for VXLAN tunnels. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#vxlan_udp_port = 4789
+vxlan_udp_port = 4789
+
+# MTU size of veth interfaces (integer value)
+#veth_mtu = 9000
+
+# Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve tunnel scalability. (boolean value)
+#l2_population = false
+l2_population = True
+
+# Enable local ARP responder if it is supported. Requires OVS 2.1 and ML2 l2population driver. Allows the switch (when supporting an
+# overlay) to respond to an ARP request locally without performing a costly ARP broadcast into the overlay. (boolean value)
+#arp_responder = false
+arp_responder = True
+{%- endif %}
+
+# DEPRECATED: Enable suppression of ARP responses that don't match an IP
+# address that belongs to the port from which they originate. Note: This
+# prevents the VMs attached to this agent from spoofing, it doesn't protect
+# them from other devices which have the capability to spoof (e.g. bare metal
+# or VMs attached to agents without this flag set to True). Spoofing rules will
+# not be added to any ports that have port security disabled. For LinuxBridge,
+# this requires ebtables. For OVS, it requires a version that supports matching
+# ARP headers. This option will be removed in Ocata so the only way to disable
+# protection will be via the port security extension. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#prevent_arp_spoofing = true
+
+# Set or un-set the don't fragment (DF) bit on outgoing IP packet carrying
+# GRE/VXLAN tunnel. (boolean value)
+#dont_fragment = true
+
+# Make the l2 agent run in DVR mode. (boolean value)
+#enable_distributed_routing = false
+enable_distributed_routing = {{ neutron.get('dvr', 'False') }}
+
+# Set new timeout in seconds for new rpc calls after agent receives SIGTERM. If
+# value is set to 0, rpc timeout won't be changed (integer value)
+#quitting_rpc_timeout = 10
+
+# Reset flow table on start. Setting this to True will cause brief traffic
+# interruption. (boolean value)
+#drop_flows_on_start = false
+drop_flows_on_start = False
+
+# Set or un-set the tunnel header checksum on outgoing IP packet carrying
+# GRE/VXLAN tunnel. (boolean value)
+#tunnel_csum = false
+
+# DEPRECATED: Selects the Agent Type reported (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#agent_type = Open vSwitch agent
+
+# Extensions list to use (list value)
+{# Get neutron:backend:extension mapping and prepare tmp_ext_list list with extentions where enabled = True #}
+{%- set tmp_ext_list = [] %}
+
+{%- for ext_name, ext_params in neutron.backend.get('ovs_extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) %}
+{%- endfor %}
+
+{%- for ext_name, ext_params in neutron.backend.get('extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) and ext_name not in tmp_ext_list %}
+{%- endfor %}
+{# Below section is for backward compatible when extentions were separated properties without neutron:backend:extension pillar #}
+{%- do tmp_ext_list.append('qos') if neutron.get('qos', 'True') and 'qos' not in tmp_ext_list %}
+extensions={{ tmp_ext_list|join(',') }}
+
+[ovs]
+
+#
+# From neutron.ml2.ovs.agent
+#
+
+# Integration bridge to use. Do not change this parameter unless you have a
+# good reason to. This is the name of the OVS integration bridge. There is one
+# per hypervisor. The integration bridge acts as a virtual 'patch bay'. All VM
+# VIFs are attached to this bridge and then 'patched' according to their
+# network connectivity. (string value)
+#integration_bridge = br-int
+integration_bridge = br-int
+
+# Tunnel bridge to use. (string value)
+#tunnel_bridge = br-tun
+tunnel_bridge = br-tun
+
+# Peer patch port in integration bridge for tunnel bridge. (string value)
+#int_peer_patch_port = patch-tun
+
+# Peer patch port in tunnel bridge for integration bridge. (string value)
+#tun_peer_patch_port = patch-int
+
+# IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or
+# IPv6 address that resides on one of the host network interfaces. The IP
+# version of this value must match the value of the 'overlay_ip_version' option
+# in the ML2 plug-in configuration file on the neutron server node(s). (IP
+# address value)
+#local_ip = <None>
+{%- if "vxlan" in neutron.backend.tenant_network_types %}
+local_ip = {{ neutron.local_ip }}
+{%- endif %}
+
+# Comma-separated list of <physical_network>:<bridge> tuples mapping physical
+# network names to the agent's node-specific Open vSwitch bridge names to be
+# used for flat and VLAN networks. The length of bridge names should be no more
+# than 11. Each bridge must exist, and should have a physical network interface
+# configured as a port. All physical networks configured on the server should
+# have mappings to appropriate bridges on each agent. Note: If you remove a
+# bridge from this mapping, make sure to disconnect it from the integration
+# bridge as it won't be managed by the agent anymore. (list value)
+{% set bridge_mappings=[] %}
+{%- if neutron.bridge_mappings is defined %}
+{%- for physnet,bridge in neutron.bridge_mappings.iteritems() %}{%- do bridge_mappings.append(physnet+':'+bridge) %}{%- endfor %}
+{%- endif %}
+{%- if 'br-floating' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('external_access', True) %}
+{%- do bridge_mappings.append('physnet1:br-floating') %}{%- endif %}{%- endif %}
+{%- if 'br-prv' not in neutron.get('bridge_mappings', {}).values() %}{%- if "vlan" in neutron.backend.tenant_network_types %}
+{%- do bridge_mappings.append('physnet2:br-prv') %}{%- endif %}{%- endif %}
+{%- if 'br-baremetal' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('ironic_enabled', False) %}
+{%- do bridge_mappings.append('physnet3:br-baremetal') %}{%- endif %}{%- endif %}
+{%- if bridge_mappings %}
+bridge_mappings = {{ ','.join(bridge_mappings) }}
+{%- else %}
+#bridge_mappings =
+{%- endif %}
+
+# Use veths instead of patch ports to interconnect the integration bridge to
+# physical networks. Support kernel without Open vSwitch patch port support so
+# long as it is set to True. (boolean value)
+#use_veth_interconnection = false
+
+# OpenFlow interface to use. (string value)
+# Allowed values: ovs-ofctl, native
+#of_interface = native
+
+# OVS datapath to use. 'system' is the default value and corresponds to the
+# kernel datapath. To enable the userspace datapath set this value to 'netdev'.
+# (string value)
+# Allowed values: system, netdev
+#datapath_type = system
+{%- if neutron.dpdk %}
+datapath_type = netdev
+{%- endif %}
+
+# OVS vhost-user socket directory. (string value)
+#vhostuser_socket_dir = /var/run/openvswitch
+{%- if neutron.vhost_socket_dir is defined %}
+vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
+{%- endif %}
+
+# Address to listen on for OpenFlow connections. Used only for 'native' driver.
+# (IP address value)
+#of_listen_address = 127.0.0.1
+
+# Port to listen on for OpenFlow connections. Used only for 'native' driver.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#of_listen_port = 6633
+
+# Timeout in seconds to wait for the local switch connecting the controller.
+# Used only for 'native' driver. (integer value)
+#of_connect_timeout = 30
+
+# Timeout in seconds to wait for a single OpenFlow request. Used only for
+# 'native' driver. (integer value)
+#of_request_timeout = 10
+
+# The interface for interacting with the OVSDB (string value)
+# Allowed values: vsctl, native
+#ovsdb_interface = native
+
+# The connection string for the OVSDB backend. Will be used by ovsdb-client
+# when monitoring and used for the all ovsdb commands when native
+# ovsdb_interface is enabled (string value)
+#ovsdb_connection = tcp:127.0.0.1:6640
+
+
+[securitygroup]
+
+#
+# From neutron.ml2.ovs.agent
+#
+
+# Driver for security groups firewall in the L2 agent (string value)
+#firewall_driver = <None>
+
+# Controls whether the neutron security group API is enabled in the server. It
+# should be false when using no security groups or using the nova security
+# group API. (boolean value)
+#enable_security_group = true
+
+{%- if not neutron.get('security_groups_enabled', True) %}
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+enable_security_group = False
+{%- elif neutron.dpdk or neutron.get('vlan_aware_vms', False) %}
+firewall_driver = openvswitch
+enable_security_group = True
+{%- else %}
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
+{%- endif %}
+
+# Use ipset to speed-up the iptables based security groups. Enabling ipset
+# support requires that ipset is installed on L2 agent node. (boolean value)
+#enable_ipset = true
+
+
+[xenapi]
+
+#
+# From neutron.ml2.xenapi
+#
+
+# URL for connection to XenServer/Xen Cloud Platform. (string value)
+#connection_url = <None>
+
+# Username for connection to XenServer/Xen Cloud Platform. (string value)
+#connection_username = <None>
+
+# Password for connection to XenServer/Xen Cloud Platform. (string value)
+#connection_password = <None>
diff --git a/neutron/files/pike/ovn_central_options b/neutron/files/pike/ovn_central_options
new file mode 100644
index 0000000..e59db5f
--- /dev/null
+++ b/neutron/files/pike/ovn_central_options
@@ -0,0 +1,10 @@
+{%- from "neutron/map.jinja" import server with context %}
+# This is a POSIX shell fragment -*- sh -*-
+
+# OVN_CTL_OPTS: Extra options to pass to ovn-ctl. This is, for example,
+# a suitable place to specify --ovn-northd-wrapper=valgrind.
+{%- set ovn_ctl_opts = [] %}
+{%- for opt, value in server.get('ovn_ctl_opts', {}).iteritems() %}
+{%- do ovn_ctl_opts.append("--%s=%s"|format(opt, value)) %}
+{%- endfor %}
+OVN_CTL_OPTS='{{ ovn_ctl_opts|join(' ') }}'
diff --git a/neutron/files/pike/sriov_agent.ini b/neutron/files/pike/sriov_agent.ini
new file mode 100644
index 0000000..734c7bd
--- /dev/null
+++ b/neutron/files/pike/sriov_agent.ini
@@ -0,0 +1,165 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+[DEFAULT]
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+
+[agent]
+
+#
+# From neutron.ml2.sriov.agent
+#
+
+# Extensions list to use (list value)
+{# Get neutron:backend:extension mapping and prepare tmp_ext_list list with extentions where enabled = True #}
+{%- set tmp_ext_list = [] %}
+
+{%- for ext_name, ext_params in neutron.backend.get('sriov_extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) %}
+{%- endfor %}
+
+{%- for ext_name, ext_params in neutron.backend.get('extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) and ext_name != 'bagpipe_bgpvpn' and ext_name not in tmp_ext_list %}
+{%- endfor %}
+{# Below section is for backward compatible when extentions were separated properties without neutron:backend:extension pillar #}
+{%- do tmp_ext_list.append('qos') if neutron.get('qos', 'True') and 'qos' not in tmp_ext_list %}
+extensions={{ tmp_ext_list|join(',') }}
+
+
+[sriov_nic]
+
+#
+# From neutron.ml2.sriov.agent
+#
+
+# Comma-separated list of <physical_network>:<network_device> tuples mapping
+# physical network names to the agent's node-specific physical network device
+# interfaces of SR-IOV physical function to be used for VLAN networks. All
+# physical networks listed in network_vlan_ranges on the server should have
+# mappings to appropriate interfaces on each agent. (list value)
+#physical_device_mappings =
+physical_device_mappings = {%- for nic_name, sriov in neutron.backend.sriov.iteritems() %}{{ sriov.physical_network }}:{{ sriov.devname }}{% if not loop.last %},{% endif %}{%- endfor %}
+
+# Comma-separated list of <network_device>:<vfs_to_exclude> tuples, mapping
+# network_device to the agent's node-specific list of virtual functions that
+# should not be used for virtual networking. vfs_to_exclude is a semicolon-
+# separated list of virtual functions to exclude from network_device. The
+# network_device in the mapping should appear in the physical_device_mappings
+# list. (list value)
+#exclude_devices =
+
+{%- if pillar.neutron.compute is defined %}
+[securitygroup]
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+{%- endif %}
diff --git a/neutron/files/queens/ContrailPlugin.ini b/neutron/files/queens/ContrailPlugin.ini
new file mode 100644
index 0000000..e00d234
--- /dev/null
+++ b/neutron/files/queens/ContrailPlugin.ini
@@ -0,0 +1,13 @@
+{% from "neutron/map.jinja" import server with context %}
+[APISERVER]
+api_server_ip = {{ server.backend.host }}
+api_server_port = 8082
+multi_tenancy = True
+contrail_extensions = ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None
+
+[KEYSTONE]
+auth_url = http://{{ server.identity.host }}:5000
+admin_token = {{ server.backend.token }}
+admin_user={{ server.backend.user }}
+admin_password={{ server.backend.password }}
+admin_tenant_name={{ server.backend.tenant }}
\ No newline at end of file
diff --git a/neutron/files/queens/api-paste.ini.Debian b/neutron/files/queens/api-paste.ini.Debian
new file mode 100644
index 0000000..9036078
--- /dev/null
+++ b/neutron/files/queens/api-paste.ini.Debian
@@ -0,0 +1,57 @@
+{%- from "neutron/map.jinja" import server with context %}
+[composite:neutron]
+use = egg:Paste#urlmap
+/: neutronversions_composite
+/v2.0: neutronapi_v2_0
+
+[composite:neutronapi_v2_0]
+use = call:neutron.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
+keystone = cors http_proxy_to_wsgi {%- if server.backend.engine == "contrail" and server.backend.get('rbac', False) %} user_token {%- endif %} request_id catch_errors authtoken keystonecontext extensions {% if server.audit.enabled %}audit {% endif %}neutronapiapp_v2_0
+
+[composite:neutronversions_composite]
+use = call:neutron.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi neutronversions
+keystone = cors http_proxy_to_wsgi {% if server.audit.enabled %}audit {% endif %}neutronversions
+
+{%- if server.backend.engine == "contrail" and server.backend.get('rbac', False) %}
+[filter:user_token]
+paste.filter_factory = neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory
+{%- endif %}
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:catch_errors]
+paste.filter_factory = oslo_middleware:CatchErrors.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = neutron
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+
+[filter:keystonecontext]
+paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:extensions]
+paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory
+
+[app:neutronversions]
+paste.app_factory = neutron.pecan_wsgi.app:versions_factory
+
+[app:neutronapiapp_v2_0]
+paste.app_factory = neutron.api.v2.router:APIRouter.factory
+
+{%- if server.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ server.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ server.get("audit", {}).get("map_file", "/etc/pycadf/neutron_api_audit_map.conf") }}
+{%- endif %}
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
diff --git a/neutron/files/queens/api-paste.ini.RedHat b/neutron/files/queens/api-paste.ini.RedHat
new file mode 120000
index 0000000..08fd76a
--- /dev/null
+++ b/neutron/files/queens/api-paste.ini.RedHat
@@ -0,0 +1 @@
+api-paste.ini.Debian
\ No newline at end of file
diff --git a/neutron/files/queens/bagpipe-bgp.conf b/neutron/files/queens/bagpipe-bgp.conf
new file mode 100644
index 0000000..d4f8b5c
--- /dev/null
+++ b/neutron/files/queens/bagpipe-bgp.conf
@@ -0,0 +1,109 @@
+{%- from "neutron/map.jinja" import compute with context -%}
+[BGP]
+local_address = {{ compute.bgp_vpn.bagpipe.local_address }}
+peers = {{ compute.bgp_vpn.bagpipe.peers }}
+my_as = {{ compute.bgp_vpn.bagpipe.get('autonomous_system', 64512) }}
+enable_rtc = {{ compute.bgp_vpn.bagpipe.get('enable_rtc', True) }}
+
+[COMMON]
+# Root helper and root helper application
+# root_helper_daemon is designed to use oslo-rootwrap-daemon for commands
+# that need to be run as root.
+# If root_helper_daemon is unset, bagpipe-bgp will use 'root_help' to call
+# these commands, which defaults to 'sudo', and can be configured to use
+# oslo.rootwrap.
+#root_helper = sudo
+#root_helper = sudo /usr/local/bin/oslo-rootwrap /etc/bagpipe-bgp/rootwrap.conf
+root_helper_daemon = sudo /usr/bin/oslo-rootwrap-daemon /etc/bagpipe-bgp/rootwrap.conf
+
+# local IP address (that others will use to send us encapsulated packets, and that
+# we will use to send)
+# Note: does not need to be specified if different than the BGP local_address
+# Note: can be overwritten under each dataplane config
+# dataplane_local_address=eth1
+# dataplane_local_address=1.2.3.4
+
+[API]
+# BGP component API IP address and port
+host=localhost
+port=8082
+
+
+[DATAPLANE_DRIVER_IPVPN]
+
+# IP VPN dataplane driver class
+# Example values:
+#dataplane_driver = ovs
+#dataplane_driver = linux
+dataplane_driver = ovs
+
+# OVS bridge to use (defaults to br-int)
+ovs_bridge = br-mpls
+
+# MPLS outgoing interface (for linux and ovs drivers)
+#
+# (not specifying an mpls_interface or using the '*gre*' special value
+# means that the driver will instantiate a tunnel interface and use an
+# MPLS/GRE encapsulation)
+# mpls_interface=*gre*
+mpls_interface=*gre*
+
+# GRE tunnel to use (default to mpls_gre)
+#gre_tunnel=mpls_gre
+
+# Uncomment the following to allow the use of standard MPLS-o-GRE in OVS
+# (rather than MPLS-o-Eth-o-GRE).
+#
+# gre_tunnel_options="options:layer3=true"
+
+# Support VXLAN encapsulation of IP VPN traffic with the
+# ovs driver.
+#
+# Note well: this is non-standard and aimed at making it easier
+# to test IP VPN until OVS 2.4 is shipping
+#
+# WARNING: this option does *not* co-exist with the EVPN
+# linux (can't have both OVS and the linux
+# kernel native VXLAN stack process VXLAN)
+#
+#vxlan_encap=True
+
+# local IP address (that others will use to send us encapsulated packets, and that
+# we will use to send)
+# Note: does not need to be specified if different than the BGP local_address
+# dataplane_local_address=eth1
+# dataplane_local_address=1.2.3.4
+
+# (obsolete:)
+ovsbr_interfaces_mtu=4000
+
+# for ovs driver, control whether or not the VRF will
+# reply to all ARP requests on the subnet and impersonate the gateway
+# (defaults to True)
+proxy_arp=False
+
+[DATAPLANE_DRIVER_EVPN]
+
+# EVPN dataplane driver class
+# Example values:
+#dataplane_driver = linux
+dataplane_driver = dummy
+
+# (obsolete)
+ovsbr_interfaces_mtu=4000
+
+# The linux driver allows to force the VXLAN destination port IF iproute2 is
+# at version 3.14 or above (i.e. >= "ss140411" with "ip -V").
+#
+# to use standard IANA port for VXLAN:
+#vxlan_dst_port=4789
+#
+# to interoperate with switches or boxes not having the ability to
+# use another port than the linux kernel default 8472:
+#vxlan_dst_port=8472
+
+# local IP address (that others will use to send us encapsulated packets, and that
+# we will use to send)
+# Note: does not need to be specified if different than the BGP local_address
+# dataplane_local_address=eth1
+# dataplane_local_address=1.2.3.4
\ No newline at end of file
diff --git a/neutron/files/queens/bgpvpn.conf b/neutron/files/queens/bgpvpn.conf
new file mode 100644
index 0000000..976d0e1
--- /dev/null
+++ b/neutron/files/queens/bgpvpn.conf
@@ -0,0 +1,20 @@
+# BGPVPN config
+
+[service_providers]
+
+{% if server.get('bgp_vpn', {}).get('enabled', False) -%}
+
+{%- if server.bgp_vpn.driver == "bagpipe" %}
+
+service_provider = BGPVPN:BaGPipe:networking_bgpvpn.neutron.services.service_drivers.bagpipe.bagpipe.BaGPipeBGPVPNDriver:default
+
+{%- elif server.bgp_vpn.driver == "opencontrail" -%}
+
+service_provider = BGPVPN:OpenContrail:networking_bgpvpn.neutron.services.service_drivers.opencontrail.opencontrail.OpenContrailBGPVPNDriver:default
+
+{%- elif server.bgp_vpn.driver == "opendaylight" -%}
+
+service_provider = BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default
+
+{%- endif -%}
+{%- endif -%}
diff --git a/neutron/files/queens/dhcp_agent.ini b/neutron/files/queens/dhcp_agent.ini
new file mode 100644
index 0000000..ec530ed
--- /dev/null
+++ b/neutron/files/queens/dhcp_agent.ini
@@ -0,0 +1,160 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+[DEFAULT]
+
+#
+# From neutron.base.agent
+#
+
+# Name of Open vSwitch bridge to use (string value)
+#ovs_integration_bridge = br-int
+
+# Uses veth for an OVS interface or not. Support kernels with limited namespace
+# support (e.g. RHEL 6.5) and rate limiting on router's gateway port so long as
+# ovs_use_veth is set to True. (boolean value)
+#ovs_use_veth = false
+
+# The driver used to manage the virtual interface. (string value)
+#interface_driver = <None>
+interface_driver = openvswitch
+
+#
+# From neutron.dhcp.agent
+#
+
+# The DHCP agent will resync its state with Neutron to recover from any
+# transient notification or RPC errors. The interval is number of seconds
+# between attempts. (integer value)
+#resync_interval = 5
+resync_interval = 30
+
+# The driver used to manage the DHCP server. (string value)
+#dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+
+# The DHCP server can assist with providing metadata support on isolated
+# networks. Setting this value to True will cause the DHCP server to append
+# specific host routes to the DHCP request. The metadata service will only be
+# activated when the subnet does not contain any router port. The guest
+# instance must be configured to request host routes via DHCP (Option 121).
+# This option doesn't have any effect when force_metadata is set to True.
+# (boolean value)
+#enable_isolated_metadata = false
+enable_isolated_metadata = True
+
+# In some cases the Neutron router is not present to provide the metadata IP
+# but the DHCP server can be used to provide this info. Setting this value will
+# force the DHCP server to append specific host routes to the DHCP request. If
+# this option is set, then the metadata service will be activated for all the
+# networks. (boolean value)
+#force_metadata = false
+{%- if neutron.backend.router is defined or neutron.force_metadata|default(False) %}
+force_metadata = True
+{%- endif %}
+
+# Allows for serving metadata requests coming from a dedicated metadata access
+# network whose CIDR is 169.254.169.254/16 (or larger prefix), and is connected
+# to a Neutron router from which the VMs send metadata:1 request. In this case
+# DHCP Option 121 will not be injected in VMs, as they will be able to reach
+# 169.254.169.254 through a router. This option requires
+# enable_isolated_metadata = True. (boolean value)
+#enable_metadata_network = false
+enable_metadata_network = False
+
+# Number of threads to use during sync process. Should not exceed connection
+# pool size configured on server. (integer value)
+#num_sync_threads = 4
+
+# Location to store DHCP server config files. (string value)
+#dhcp_confs = $state_path/dhcp
+
+# Override the default dnsmasq settings with this file. (string value)
+#dnsmasq_config_file =
+
+# Comma-separated list of the DNS servers which will be used as forwarders.
+# (list value)
+#dnsmasq_dns_servers =
+
+# Base log dir for dnsmasq logging. The log contains DHCP and DNS log
+# information and is useful for debugging issues with either DHCP or DNS. If
+# this section is null, disable dnsmasq log. (string value)
+#dnsmasq_base_log_dir = <None>
+
+# Enables the dnsmasq service to provide name resolution for instances via DNS
+# resolvers on the host running the DHCP agent. Effectively removes the '--no-
+# resolv' option from the dnsmasq process arguments. Adding custom DNS
+# resolvers to the 'dnsmasq_dns_servers' option disables this feature. (boolean
+# value)
+#dnsmasq_local_resolv = false
+
+# Limit number of leases to prevent a denial-of-service. (integer value)
+#dnsmasq_lease_max = 16777216
+
+# Use broadcast in DHCP replies. (boolean value)
+#dhcp_broadcast_reply = false
+
+{%- if neutron.logging is defined %}
+{%- set _data = neutron.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+[agent]
+
+#
+# From neutron.az.agent
+#
+
+# Availability zone of this node (string value)
+#availability_zone = nova
+
+#
+# From neutron.base.agent
+#
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+[ovs]
+
+#
+# From neutron.base.agent
+#
+
+# DEPRECATED: The interface for interacting with the OVSDB (string value)
+# Possible values:
+# native - <No description provided>
+# vsctl - <No description provided>
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#ovsdb_interface = native
+
+# The connection string for the OVSDB backend. Will be used by ovsdb-client
+# when monitoring and used for the all ovsdb commands when native
+# ovsdb_interface is enabled (string value)
+#ovsdb_connection = tcp:127.0.0.1:6640
+
+# The SSL private key file to use when interacting with OVSDB. Required when
+# using an "ssl:" prefixed ovsdb_connection (string value)
+#ssl_key_file = <None>
+
+# The SSL certificate file to use when interacting with OVSDB. Required when
+# using an "ssl:" prefixed ovsdb_connection (string value)
+#ssl_cert_file = <None>
+
+# The Certificate Authority (CA) certificate to use when interacting with
+# OVSDB. Required when using an "ssl:" prefixed ovsdb_connection (string
+# value)
+#ssl_ca_cert_file = <None>
+
+# Timeout in seconds for ovsdb commands. If the timeout expires, ovsdb commands
+# will fail with ALARMCLOCK error. (integer value)
+# Deprecated group/name - [DEFAULT]/ovs_vsctl_timeout
+#ovsdb_timeout = 10
diff --git a/neutron/files/queens/l2gw/l2gateway_agent.ini b/neutron/files/queens/l2gw/l2gateway_agent.ini
new file mode 100644
index 0000000..59a62fb
--- /dev/null
+++ b/neutron/files/queens/l2gw/l2gateway_agent.ini
@@ -0,0 +1,68 @@
+{%- from "neutron/map.jinja" import gateway with context -%}
+[DEFAULT]
+# Show debugging output in log (sets DEBUG log level output)
+debug = {{ gateway.l2gw.debug|default('False') }}
+
+[ovsdb]
+# (StrOpt) OVSDB server tuples in the format
+# <ovsdb_name>:<ip address>:<port>[,<ovsdb_name>:<ip address>:<port>]
+# - ovsdb_name: a symbolic name that helps identifies keys and certificate files
+# - ip address: the address or dns name for the ovsdb server
+# - port: the port (ssl is supported)
+{%- set ovsdb_hosts = [] %}
+{%- for opt, value in gateway.l2gw.get('ovsdb_hosts', {}).iteritems() %}
+{%- do ovsdb_hosts.append('%s:%s'|format(opt, value)) %}
+{%- endfor %}
+ovsdb_hosts = {{ ovsdb_hosts|join(',') }}
+# Example: ovsdb_hosts = 'ovsdb1:16.95.16.1:6632,ovsdb2:16.95.16.2:6632'
+
+# enable_manager = False
+# (BoolOpt) connection can be initiated by the ovsdb server.
+# By default 'enable_manager' value is False, turn on the variable to True
+# to initiate the connection from ovsdb server to l2gw agent.
+
+# manager_table_listening_port = 6632
+# (PortOpt) set port number for l2gateway agent, so that it can listen
+# for ovsdb server,whenever its IP is entered in manager table of ovsdb server.
+# by default it is set to port 6632.
+# you can use vtep-ctl utility to populate manager table of ovsdb.
+# For Example: sudo vtep-ctl set-manager tcp:x.x.x.x:6640,
+# where x.x.x.x is IP of l2gateway agent and 6640 is a port.
+
+# (StrOpt) Base path to private key file(s).
+# Agent will find key file named
+# $l2_gw_agent_priv_key_base_path/$ovsdb_name.key
+# l2_gw_agent_priv_key_base_path =
+# Example: l2_gw_agent_priv_key_base_path = '/home/someuser/keys'
+
+# (StrOpt) Base path to cert file(s).
+# Agent will find cert file named
+# $l2_gw_agent_cert_base_path/$ovsdb_name.cert
+# l2_gw_agent_cert_base_path =
+# Example: l2_gw_agent_cert_base_path = '/home/someuser/certs'
+
+# (StrOpt) Base path to ca cert file(s).
+# Agent will find ca cert file named
+# $l2_gw_agent_ca_cert_base_path/$ovsdb_name.ca_cert
+# l2_gw_agent_ca_cert_base_path =
+# Example: l2_gw_agent_ca_cert_base_path = '/home/someuser/ca_certs'
+
+# (IntOpt) The L2 gateway agent checks connection state with the OVSDB
+# servers.
+# The interval is number of seconds between attempts.
+# periodic_interval =
+# Example: periodic_interval = 20
+
+# (IntOpt) The L2 gateway agent retries to connect to the OVSDB server
+# if a socket does not get opened in the first attempt.
+# the max_connection_retries is the maximum number of such attempts
+# before giving up.
+# max_connection_retries =
+# Example: max_connection_retries = 10
+
+# (IntOpt) The remote OVSDB server sends echo requests every 4 seconds.
+# If there is no echo request on the socket for socket_timeout seconds,
+# by default socket_timeout is set to 30 seconds. The agent can
+# safely assume that the connection with the remote OVSDB server is lost.
+socket_timeout = {{ gateway.l2gw.socket_timeout|default('30') }}
+# Example: socket_timeout = 30
diff --git a/neutron/files/queens/l2gw/l2gw_plugin.ini b/neutron/files/queens/l2gw/l2gw_plugin.ini
new file mode 100644
index 0000000..8ea1bd7
--- /dev/null
+++ b/neutron/files/queens/l2gw/l2gw_plugin.ini
@@ -0,0 +1,26 @@
+{%- from "neutron/map.jinja" import server with context -%}
+[DEFAULT]
+# (StrOpt) default interface name of the l2 gateway
+# default_interface_name =
+# Example: default_interface_name = "FortyGigE1/0/1"
+
+# (StrOpt) default device name of the l2 gateway
+# default_device_name =
+# Example: default_device_name = "Switch1"
+
+# (IntOpt) quota of the l2 gateway
+quota_l2_gateway = {{ server.l2gw.quota_l2_gateway|default('10') }}
+# Example: quota_l2_gateway = 10
+
+# (IntOpt) The periodic interval at which the plugin
+# checks for the monitoring L2 gateway agent
+periodic_monitoring_interval = {{ server.l2gw.periodic_monitoring_interval|default('5') }}
+# Example: periodic_monitoring_interval = 5
+
+[service_providers]
+# Must be in form:
+# service_provider=<service_type>:<name>:<driver>[:default]
+# List of allowed service types includes L2GW
+# Combination of <service type> and <name> must be unique; <driver> must also be unique
+# This is multiline option
+service_provider = {{ server.l2gw.service_provider|default('L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.rpc_l2gw.L2gwRpcDriver:default') }}
diff --git a/neutron/files/queens/l3_agent.ini b/neutron/files/queens/l3_agent.ini
new file mode 100644
index 0000000..69e97be
--- /dev/null
+++ b/neutron/files/queens/l3_agent.ini
@@ -0,0 +1,254 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+{%- from "neutron/map.jinja" import fwaas with context %}
+
+[DEFAULT]
+
+#
+# From neutron.base.agent
+#
+
+# Name of Open vSwitch bridge to use (string value)
+#ovs_integration_bridge = br-int
+
+# Uses veth for an OVS interface or not. Support kernels with limited namespace
+# support (e.g. RHEL 6.5) and rate limiting on router's gateway port so long as
+# ovs_use_veth is set to True. (boolean value)
+#ovs_use_veth = false
+
+# The driver used to manage the virtual interface. (string value)
+#interface_driver = <None>
+interface_driver = openvswitch
+
+#
+# From neutron.l3.agent
+#
+
+# The working mode for the agent. Allowed modes are: 'legacy' - this preserves
+# the existing behavior where the L3 agent is deployed on a centralized
+# networking node to provide L3 services like DNAT, and SNAT. Use this mode if
+# you do not want to adopt DVR. 'dvr' - this mode enables DVR functionality and
+# must be used for an L3 agent that runs on a compute host. 'dvr_snat' - this
+# enables centralized SNAT support in conjunction with DVR. This mode must be
+# used for an L3 agent running on a centralized node (or in single-host
+# deployments, e.g. devstack). 'dvr_no_external' - this mode enables only
+# East/West DVR routing functionality for a L3 agent that runs on a compute
+# host, the North/South functionality such as DNAT and SNAT will be provided by
+# the centralized network node that is running in 'dvr_snat' mode. This mode
+# should be used when there is no external network connectivity on the compute
+# host. (string value)
+# Possible values:
+# dvr - <No description provided>
+# dvr_snat - <No description provided>
+# legacy - <No description provided>
+# dvr_no_external - <No description provided>
+
+agent_mode = {{ neutron.agent_mode }}
+
+# TCP Port used by Neutron metadata namespace proxy. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#metadata_port = 9697
+metadata_port = 8775
+
+# DEPRECATED: Send this many gratuitous ARPs for HA setup, if less than or
+# equal to 0, the feature is disabled (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#send_arp_for_ha = 3
+
+# Indicates that this L3 agent should also handle routers that do not have an
+# external network gateway configured. This option should be True only for a
+# single agent in a Neutron deployment, and may be False for all agents if all
+# routers must have an external network gateway. (boolean value)
+#handle_internal_only_routers = true
+
+# DEPRECATED: When external_network_bridge is set, each L3 agent can be
+# associated with no more than one external network. This value should be set
+# to the UUID of that external network. To allow L3 agent support multiple
+# external networks, both the external_network_bridge and
+# gateway_external_network_id must be left empty. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#gateway_external_network_id =
+
+# With IPv6, the network used for the external gateway does not need to have an
+# associated subnet, since the automatically assigned link-local address (LLA)
+# can be used. However, an IPv6 gateway address is needed for use as the next-
+# hop for the default route. If no IPv6 gateway address is configured here,
+# (and only then) the neutron router will be configured to get its default
+# route from router advertisements (RAs) from the upstream router; in which
+# case the upstream router must also be configured to send these RAs. The
+# ipv6_gateway, when configured, should be the LLA of the interface on the
+# upstream router. If a next-hop using a global unique address (GUA) is
+# desired, it needs to be done via a subnet allocated to the network and not
+# through this parameter. (string value)
+#ipv6_gateway =
+
+# Driver used for ipv6 prefix delegation. This needs to be an entry point
+# defined in the neutron.agent.linux.pd_drivers namespace. See setup.cfg for
+# entry points included with the neutron source. (string value)
+#prefix_delegation_driver = dibbler
+
+# Allow running metadata proxy. (boolean value)
+#enable_metadata_proxy = true
+
+# Iptables mangle mark used to mark metadata valid requests. This mark will be
+# masked with 0xffff so that only the lower 16 bits will be used. (string
+# value)
+#metadata_access_mark = 0x1
+
+# Iptables mangle mark used to mark ingress from external network. This mark
+# will be masked with 0xffff so that only the lower 16 bits will be used.
+# (string value)
+#external_ingress_mark = 0x2
+
+# DEPRECATED: Name of bridge used for external network traffic. When this
+# parameter is set, the L3 agent will plug an interface directly into an
+# external bridge which will not allow any wiring by the L2 agent. Using this
+# will result in incorrect port statuses. This option is deprecated and will be
+# removed in Ocata. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#external_network_bridge =
+
+# Seconds between running periodic tasks. (integer value)
+#periodic_interval = 40
+
+# Number of separate API worker processes for service. If not specified, the
+# default is equal to the number of CPUs available for best performance.
+# (integer value)
+#api_workers = <None>
+
+# Number of RPC worker processes for service. (integer value)
+#rpc_workers = 1
+
+# Number of RPC worker processes dedicated to state reports queue. (integer
+# value)
+#rpc_state_report_workers = 1
+
+# Range of seconds to randomly delay when starting the periodic task scheduler
+# to reduce stampeding. (Disable by setting to 0) (integer value)
+#periodic_fuzzy_delay = 5
+
+# Location to store keepalived/conntrackd config files (string value)
+#ha_confs_path = $state_path/ha_confs
+
+# VRRP authentication type (string value)
+# Possible values:
+# AH - <No description provided>
+# PASS - <No description provided>
+#ha_vrrp_auth_type = PASS
+
+# VRRP authentication password (string value)
+#ha_vrrp_auth_password = <None>
+
+# The advertisement interval in seconds (integer value)
+#ha_vrrp_advert_int = 2
+
+# Number of concurrent threads for keepalived server connection requests. More
+# threads create a higher CPU load on the agent node. (integer value)
+# Minimum value: 1
+#ha_keepalived_state_change_server_threads = (1 + <num_of_cpus>) / 2
+
+# The VRRP health check interval in seconds. Values > 0 enable VRRP health
+# checks. Setting it to 0 disables VRRP health checks. Recommended value is 5.
+# This will cause pings to be sent to the gateway IP address(es) - requires
+# ICMP_ECHO_REQUEST to be enabled on the gateway. If gateway fails, all routers
+# will be reported as master, and master election will be repeated in round-
+# robin fashion, until one of the router restore the gateway connection.
+# (integer value)
+#ha_vrrp_health_check_interval = 0
+
+# Location to store IPv6 PD files. (string value)
+#pd_confs = $state_path/pd
+
+# A decimal value as Vendor's Registered Private Enterprise Number as required
+# by RFC3315 DUID-EN. (string value)
+#vendor_pen = 8888
+
+# Location to store IPv6 RA config files (string value)
+#ra_confs = $state_path/ra
+
+# MinRtrAdvInterval setting for radvd.conf (integer value)
+#min_rtr_adv_interval = 30
+
+# MaxRtrAdvInterval setting for radvd.conf (integer value)
+#max_rtr_adv_interval = 100
+
+{%- if neutron.logging is defined %}
+{%- set _data = neutron.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+[agent]
+
+#
+# From neutron.az.agent
+#
+
+# Availability zone of this node (string value)
+#availability_zone = nova
+
+#
+# From neutron.base.agent
+#
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+#
+# From neutron.l3.agent
+#
+
+# Extensions list to use (list value)
+#extensions =
+{%- if fwaas.get('enabled', False) %}
+extensions = {{ fwaas[fwaas.api_version]['l3_extension'] }}
+{%- endif %}
+
+
+[ovs]
+
+#
+# From neutron.base.agent
+#
+
+# DEPRECATED: The interface for interacting with the OVSDB (string value)
+# Possible values:
+# native - <No description provided>
+# vsctl - <No description provided>
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#ovsdb_interface = native
+
+# The connection string for the OVSDB backend. Will be used by ovsdb-client
+# when monitoring and used for the all ovsdb commands when native
+# ovsdb_interface is enabled (string value)
+#ovsdb_connection = tcp:127.0.0.1:6640
+
+# The SSL private key file to use when interacting with OVSDB. Required when
+# using an "ssl:" prefixed ovsdb_connection (string value)
+#ssl_key_file = <None>
+
+# The SSL certificate file to use when interacting with OVSDB. Required when
+# using an "ssl:" prefixed ovsdb_connection (string value)
+#ssl_cert_file = <None>
+
+# The Certificate Authority (CA) certificate to use when interacting with
+# OVSDB. Required when using an "ssl:" prefixed ovsdb_connection (string
+# value)
+#ssl_ca_cert_file = <None>
+
+# Timeout in seconds for ovsdb commands. If the timeout expires, ovsdb commands
+# will fail with ALARMCLOCK error. (integer value)
+# Deprecated group/name - [DEFAULT]/ovs_vsctl_timeout
+#ovsdb_timeout = 10
diff --git a/neutron/files/queens/lbaas.conf b/neutron/files/queens/lbaas.conf
new file mode 100644
index 0000000..cf2fe8c
--- /dev/null
+++ b/neutron/files/queens/lbaas.conf
@@ -0,0 +1,41 @@
+# LBaaS config
+
+[service_providers]
+{%- if server.lbaas.enabled -%}
+
+{%- for lbaas_name, lbaas in server.lbaas.providers.iteritems() %}
+
+service_provider=LOADBALANCERV2:{{ lbaas_name }}:{{ lbaas.get('driver_path', 'avi_lbaasv2.avi_driver.AviDriver') }}:default
+
+[{{ lbaas_name }}]
+
+{% if lbaas.engine == "octavia" %}
+
+base_url = {{ lbaas.base_url }}
+request_poll_timeout = 3000
+
+[service_auth]
+auth_version = 2
+admin_password = {{ server.identity.password }}
+admin_user = {{ server.identity.user }}
+admin_tenant_name = {{ server.identity.tenant }}
+auth_url = http://{{ server.identity.host }}:35357/v2.0
+{%- endif -%}
+
+{% if lbaas.engine == "avinetworks" %}
+address={{ lbaas.controller_address }}
+user={{ lbaas.controller_user }}
+password={{ lbaas.controller_password }}
+cloud={{ lbaas.controller_cloud_name }}
+{%- endif -%}
+
+{%- endfor -%}
+
+{% endif %}
+
+{% elif server.backend.engine == "contrail" %}
+
+service_provider = LOADBALANCERV2:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDummyDriver:default
+
+{% include "neutron/files/"+server.version+"/ContrailPlugin.ini" %}
+
diff --git a/neutron/files/queens/metadata_agent.ini b/neutron/files/queens/metadata_agent.ini
new file mode 100644
index 0000000..20ca19c
--- /dev/null
+++ b/neutron/files/queens/metadata_agent.ini
@@ -0,0 +1,103 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+[DEFAULT]
+
+#
+# From neutron.metadata.agent
+#
+
+# Location for Metadata Proxy UNIX domain socket. (string value)
+#metadata_proxy_socket = $state_path/metadata_proxy
+
+# User (uid or name) running metadata proxy after its initialization (if empty:
+# agent effective user). (string value)
+#metadata_proxy_user =
+
+# Group (gid or name) running metadata proxy after its initialization (if
+# empty: agent effective group). (string value)
+#metadata_proxy_group =
+
+# Certificate Authority public key (CA cert) file for ssl (string value)
+#auth_ca_cert = <None>
+
+# IP address or DNS name of Nova metadata server. (unknown value)
+#nova_metadata_host = 127.0.0.1
+nova_metadata_host = {{ neutron.metadata.host }}
+
+# TCP Port used by Nova metadata server. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#nova_metadata_port = 8775
+
+# When proxying metadata requests, Neutron signs the Instance-ID header with a
+# shared secret to prevent spoofing. You may select any string for a secret,
+# but it must match here and in the configuration used by the Nova Metadata
+# Server. NOTE: Nova uses the same config key, but in [neutron] section.
+# (string value)
+#metadata_proxy_shared_secret =
+metadata_proxy_shared_secret = {{ neutron.metadata.password }}
+
+# Protocol to access nova metadata, http or https (string value)
+# Possible values:
+# http - <No description provided>
+# https - <No description provided>
+#nova_metadata_protocol = http
+nova_metadata_protocol = http
+
+# Allow to perform insecure SSL (https) requests to nova metadata (boolean
+# value)
+#nova_metadata_insecure = false
+
+# Client certificate for nova metadata api server. (string value)
+#nova_client_cert =
+
+# Private key of client certificate. (string value)
+#nova_client_priv_key =
+
+# Metadata Proxy UNIX domain socket mode, 4 values allowed: 'deduce': deduce
+# mode from metadata_proxy_user/group values, 'user': set metadata proxy socket
+# mode to 0o644, to use when metadata_proxy_user is agent effective user or
+# root, 'group': set metadata proxy socket mode to 0o664, to use when
+# metadata_proxy_group is agent effective group or root, 'all': set metadata
+# proxy socket mode to 0o666, to use otherwise. (string value)
+# Allowed values: deduce, user, group, all
+#metadata_proxy_socket_mode = deduce
+
+# Number of separate worker processes for metadata server (defaults to half of
+# the number of CPUs) (integer value)
+#metadata_workers = <num_of_cpus> / 2
+{%- if neutron.metadata.workers is defined %}
+metadata_workers = {{ neutron.metadata.workers }}
+{%- endif %}
+
+# Number of backlog requests to configure the metadata server socket with
+# (integer value)
+#metadata_backlog = 4096
+
+{%- if neutron.logging is defined %}
+{%- set _data = neutron.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+[agent]
+
+#
+# From neutron.metadata.agent
+#
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+{%- if neutron.cache is defined %}
+[cache]
+{%- set _data = neutron.cache %}
+{%- include "oslo_templates/files/queens/oslo/_cache.conf" %}
+{%- endif %}
diff --git a/neutron/files/queens/ml2_conf.ini b/neutron/files/queens/ml2_conf.ini
new file mode 100644
index 0000000..836192b
--- /dev/null
+++ b/neutron/files/queens/ml2_conf.ini
@@ -0,0 +1,251 @@
+{%- from "neutron/map.jinja" import server with context %}
+[DEFAULT]
+
+{%- if server.logging is defined %}
+{%- set _data = server.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+[l2pop]
+
+#
+# From neutron.ml2
+#
+
+# Delay within which agent is expected to update existing ports when it
+# restarts (integer value)
+#agent_boot_time = 180
+
+
+[ml2]
+
+#
+# From neutron.ml2
+#
+
+# List of network type driver entrypoints to be loaded from the
+# neutron.ml2.type_drivers namespace. (list value)
+#type_drivers = local,flat,vlan,gre,vxlan,geneve
+
+# Ordered list of network_types to allocate as tenant networks. The default
+# value 'local' is useful for single-box testing but provides no connectivity
+# between hosts. (list value)
+#tenant_network_types = local
+tenant_network_types = {{ server.backend.tenant_network_types }}
+
+# An ordered list of networking mechanism driver entrypoints to be loaded from
+# the neutron.ml2.mechanism_drivers namespace. (list value)
+#mechanism_drivers =
+{%- set mechanism_drivers = [] %}
+{%- for mechanism_name, mechanism in server.get('backend', {}).get('mechanism', []).items() %}
+{%- do mechanism_drivers.append(mechanism.get('driver')) if 'driver' in mechanism %}
+{%- endfor %}
+{%- set opendaylight_enabled = true if 'opendaylight' in mechanism_drivers|join else false %}
+{%- if "vxlan" in server.backend.tenant_network_types and not opendaylight_enabled %}
+{%- do mechanism_drivers.append('l2population') %}
+{%- endif %}
+mechanism_drivers = {{ ','.join(mechanism_drivers) }}
+
+# An ordered list of extension driver entrypoints to be loaded from the
+# neutron.ml2.extension_drivers namespace. For example: extension_drivers =
+# port_security,qos (list value)
+#extension_drivers =
+{# Get server:backend:extension mapping and prepare tmp_ext_list list with extentions where enabled = True #}
+{%- set tmp_ext_list = [] %}
+{%- for ext_name, ext_params in server.backend.get('extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) %}
+{%- endfor %}
+{# Below section is for backward compatible when extentions were separated properties without server:backend:extension pillar #}
+{%- do tmp_ext_list.append('port_security') if 'port_security' not in tmp_ext_list %}
+{%- do tmp_ext_list.append('qos') if server.get('qos', 'True') and 'qos' not in tmp_ext_list %}
+extension_drivers={{ tmp_ext_list|join(',') }}
+
+# Maximum size of an IP packet (MTU) that can traverse the underlying physical
+# network infrastructure without fragmentation when using an overlay/tunnel
+# protocol. This option allows specifying a physical network MTU value that
+# differs from the default global_physnet_mtu value. (integer value)
+#path_mtu = 0
+path_mtu = {{ server.get('path_mtu', server.get('global_physnet_mtu', '0')) }}
+
+# A list of mappings of physical networks to MTU values. The format of the
+# mapping is <physnet>:<mtu val>. This mapping allows specifying a physical
+# network MTU value that differs from the default global_physnet_mtu value.
+# (list value)
+#physical_network_mtus =
+{%- set physical_network_mtus = [] %}
+{%- if server.get('external_access', True) %}
+{%- do physical_network_mtus.append(['physnet1',server.backend.get('external_mtu', '1500')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do physical_network_mtus.append(['physnet2',server.backend.get('tenant_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do physical_network_mtus.append(['physnet3',server.backend.get('ironic_net_mtu', server.backend.get('external_mtu', '1500'))]|join(":")) %}
+{%- endif %}
+
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do physical_network_mtus.append([physnet, params.get('mtu')]|join(":")) if params.get('mtu', False) %}
+{%- endfor %}
+physical_network_mtus = {{ ','.join(physical_network_mtus) }}
+
+# Default network type for external networks when no provider attributes are
+# specified. By default it is None, which means that if provider attributes are
+# not specified while creating external networks then they will have the same
+# type as tenant networks. Allowed values for external_network_type config
+# option depend on the network type values configured in type_drivers config
+# option. (string value)
+#external_network_type = <None>
+
+# IP version of all overlay (tunnel) network endpoints. Use a value of 4 for
+# IPv4 or 6 for IPv6. (integer value)
+#overlay_ip_version = 4
+
+
+[ml2_type_flat]
+
+#
+# From neutron.ml2
+#
+
+# List of physical_network names with which flat networks can be created. Use
+# default '*' to allow flat networks with arbitrary physical_network names. Use
+# an empty list to disable flat networks. (list value)
+#flat_networks = *
+flat_networks = *
+
+
+[ml2_type_geneve]
+
+#
+# From neutron.ml2
+#
+
+# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
+# Geneve VNI IDs that are available for tenant network allocation (list value)
+#vni_ranges =
+vni_ranges = {{ server.get('geneve', {}).vni_ranges|default('1:65536') }}
+
+# Geneve encapsulation header size is dynamic, this value is used to calculate
+# the maximum MTU for the driver. This is the sum of the sizes of the outer ETH
+# + IP + UDP + GENEVE header sizes. The default size for this field is 50,
+# which is the size of the Geneve header without any additional option headers.
+# (integer value)
+#max_header_size = 30
+max_header_size = 38
+
+
+[ml2_type_gre]
+
+#
+# From neutron.ml2
+#
+
+# Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE
+# tunnel IDs that are available for tenant network allocation (list value)
+#tunnel_id_ranges =
+tunnel_id_ranges =2:65535
+
+
+[ml2_type_vlan]
+
+#
+# From neutron.ml2
+#
+
+# List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network>
+# specifying physical_network names usable for VLAN provider and tenant
+# networks, as well as ranges of VLAN tags on each available for allocation to
+# tenant networks. (list value)
+#network_vlan_ranges =
+{%- set network_vlan_ranges = [] %}
+{%- if server.backend.external_vlan_range is defined %}
+{%- do network_vlan_ranges.append(['physnet1',server.backend.get('external_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if "vlan" in server.backend.tenant_network_types %}
+{%- do network_vlan_ranges.append(['physnet2',server.backend.get('tenant_vlan_range')]|join(":")) %}
+{%- endif %}
+{%- if server.get('ironic_enabled', False) %}
+{%- do network_vlan_ranges.append(['physnet3',server.backend.get('ironic_vlan_range')]|join(":")) %}
+{%- endif %}
+
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False) else physnet) %}
+{%- endfor %}
+network_vlan_ranges = {{ ','.join(network_vlan_ranges) }}
+
+[ml2_type_vxlan]
+
+#
+# From neutron.ml2
+#
+
+# Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
+# VXLAN VNI IDs that are available for tenant network allocation (list value)
+#vni_ranges =
+vni_ranges = {{ server.get('vxlan', {}).vni_ranges|default('2:65535') }}
+
+# Multicast group for VXLAN. When configured, will enable sending all broadcast
+# traffic to this multicast group. When left unconfigured, will disable
+# multicast VXLAN mode. (string value)
+#vxlan_group = <None>
+vxlan_group = {{ server.get('vxlan', {}).group|default('224.0.0.1') }}
+
+
+[securitygroup]
+
+#
+# From neutron.ml2
+#
+
+# Driver for security groups firewall in the L2 agent (string value)
+#firewall_driver = <None>
+
+# Controls whether the neutron security group API is enabled in the server. It
+# should be false when using no security groups or using the nova security
+# group API. (boolean value)
+#enable_security_group = true
+
+{%- if not server.get('security_groups_enabled', True) %}
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+enable_security_group = False
+{%- elif server.dpdk or server.get('vlan_aware_vms', False) %}
+firewall_driver = openvswitch
+enable_security_group = True
+{%- else %}
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
+{%- endif %}
+
+# Use ipset to speed-up the iptables based security groups. Enabling ipset
+# support requires that ipset is installed on L2 agent node. (boolean value)
+#enable_ipset = true
+
+{%- if server.backend.engine == "ovn" %}
+[ovn]
+ovn_nb_connection = tcp:{{ server.controller_vip }}:6641
+ovn_sb_connection = tcp:{{ server.controller_vip }}:6642
+ovn_l3_scheduler = leastloaded
+{%- endif %}
+
+{%- if opendaylight_enabled %}
+[ml2_odl]
+# HTTP URL of OpenDaylight REST interface. (string value)
+url = {{ server.backend.protocol|default('http') }}://{{ server.backend.host }}:{{ server.backend.rest_api_port }}/controller/nb/v2/neutron
+
+# HTTP username for authentication. (string value)
+username = {{ server.backend.user }}
+
+# HTTP password for authentication. (string value)
+password = {{ server.backend.password }}
+
+# Name of the controller to be used for port binding. (string value)
+port_binding_controller = pseudo-agentdb-binding
+
+# Enable websocket for pseudo-agent-port-binding. (boolean value)
+enable_websocket_pseudo_agentdb = {{ server.backend.enable_websocket|default('false') }}
+
+# Enables the networking-odl driver to supply special neutron ports of
+# "dhcp" type to OpenDaylight Controller for its use in providing DHCP
+# Service. (boolean value)
+enable_dhcp_service = {{ server.backend.enable_dhcp_service|default('false') }}
+{%- endif %}
diff --git a/neutron/files/queens/neutron-generic.conf.Debian b/neutron/files/queens/neutron-generic.conf.Debian
new file mode 100644
index 0000000..9c985a5
--- /dev/null
+++ b/neutron/files/queens/neutron-generic.conf.Debian
@@ -0,0 +1,507 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+[DEFAULT]
+
+#
+# From neutron
+#
+
+# Where to store Neutron state files. This directory must be writable by the
+# agent. (string value)
+#state_path = /var/lib/neutron
+state_path = /var/lib/neutron
+
+# The host IP to bind to. (unknown value)
+#bind_host = 0.0.0.0
+
+# The port to bind to (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#bind_port = 9696
+
+# The path for API extensions. Note that this can be a colon-separated list of
+# paths. For example: api_extensions_path =
+# extensions:/path/to/more/exts:/even/more/exts. The __path__ of
+# neutron.extensions is appended to this, so if your extensions are in there
+# you don't need to specify them here. (string value)
+#api_extensions_path =
+
+# The type of authentication to use (string value)
+#auth_strategy = keystone
+auth_strategy = keystone
+
+{% if neutron.backend.engine == "ml2" %}
+
+core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
+
+service_plugins = {{ neutron.backend.get('router', 'router')}}, metering
+
+{% endif %}
+
+# The service plugins Neutron will use (list value)
+#service_plugins =
+
+# The base MAC address Neutron will use for VIFs. The first 3 octets will
+# remain unchanged. If the 4th octet is not 00, it will also be used. The
+# others will be randomly generated. (string value)
+#base_mac = fa:16:3e:00:00:00
+
+# Allow the usage of the bulk API (boolean value)
+#allow_bulk = true
+
+# The maximum number of items returned in a single response, value was
+# 'infinite' or negative integer means no limit (string value)
+#pagination_max_limit = -1
+pagination_max_limit = {{ neutron.pagination_max_limit|default('-1') }}
+
+# Default value of availability zone hints. The availability zone aware
+# schedulers use this when the resources availability_zone_hints is empty.
+# Multiple availability zones can be specified by a comma separated string.
+# This value can be empty. In this case, even if availability_zone_hints for a
+# resource is empty, availability zone is considered for high availability
+# while scheduling the resource. (list value)
+#default_availability_zones =
+
+# Maximum number of DNS nameservers per subnet (integer value)
+#max_dns_nameservers = 5
+
+# Maximum number of host routes per subnet (integer value)
+#max_subnet_host_routes = 20
+
+# Enables IPv6 Prefix Delegation for automatic subnet CIDR allocation. Set to
+# True to enable IPv6 Prefix Delegation for subnet allocation in a PD-capable
+# environment. Users making subnet creation requests for IPv6 subnets without
+# providing a CIDR or subnetpool ID will be given a CIDR via the Prefix
+# Delegation mechanism. Note that enabling PD will override the behavior of the
+# default IPv6 subnetpool. (boolean value)
+#ipv6_pd_enabled = false
+
+# DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite
+# lease times. (integer value)
+#dhcp_lease_duration = 86400
+dhcp_lease_duration = {{ neutron.dhcp_lease_duration|default('600') }}
+
+# Domain to use for building the hostnames (string value)
+#dns_domain = openstacklocal
+
+# Driver for external DNS integration. (string value)
+#external_dns_driver = <None>
+
+# Allow sending resource operation notification to DHCP agent (boolean value)
+#dhcp_agent_notification = true
+
+# Allow overlapping IP support in Neutron. Attention: the following parameter
+# MUST be set to False if Neutron is being used in conjunction with Nova
+# security groups. (boolean value)
+#allow_overlapping_ips = false
+allow_overlapping_ips = True
+
+# Hostname to be used by the Neutron server, agents and services running on
+# this machine. All the agents and services running on this machine must use
+# the same host value. (unknown value)
+#host = example.domain
+
+# This string is prepended to the normal URL that is returned in links to the
+# OpenStack Network API. If it is empty (the default), the URLs are returned
+# unchanged. (string value)
+#network_link_prefix = <None>
+
+# Send notification to nova when port status changes (boolean value)
+#notify_nova_on_port_status_changes = true
+notify_nova_on_port_status_changes = true
+
+# Send notification to nova when port data (fixed_ips/floatingip) changes so
+# nova can update its cache. (boolean value)
+#notify_nova_on_port_data_changes = true
+notify_nova_on_port_data_changes = true
+
+# Number of seconds between sending events to nova if there are any events to
+# send. (integer value)
+#send_events_interval = 2
+
+# Neutron IPAM (IP address management) driver to use. By default, the reference
+# implementation of the Neutron IPAM driver is used. (string value)
+#ipam_driver = internal
+
+# If True, then allow plugins that support it to create VLAN transparent
+# networks. (boolean value)
+#vlan_transparent = false
+
+# MTU of the underlying physical network. Neutron uses this value to calculate
+# MTU for all virtual network components. For flat and VLAN networks, neutron
+# uses this value without modification. For overlay networks such as VXLAN,
+# neutron automatically subtracts the overlay protocol overhead from this
+# value. Defaults to 1500, the standard value for Ethernet. (integer value)
+# Deprecated group/name - [ml2]/segment_mtu
+#global_physnet_mtu = 1500
+global_physnet_mtu = {{ neutron.get('global_physnet_mtu', '1500') }}
+
+# Number of backlog requests to configure the socket with (integer value)
+#backlog = 4096
+
+# Number of seconds to keep retrying to listen (integer value)
+#retry_until_window = 30
+
+# Enable SSL on the API server (boolean value)
+#use_ssl = false
+
+# Seconds between running periodic tasks. (integer value)
+#periodic_interval = 40
+
+# Number of separate API worker processes for service. If not specified, the
+# default is equal to the number of CPUs available for best performance.
+# (integer value)
+#api_workers = <None>
+{%- if neutron.api_workers is defined %}
+api_workers = {{ neutron.api_workers }}
+{%- endif %}
+
+# Number of RPC worker processes for service. (integer value)
+#rpc_workers = 1
+{%- if neutron.rpc_workers is defined %}
+rpc_workers = {{ neutron.rpc_workers }}
+{%- else %}
+rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
+
+
+# Number of RPC worker processes dedicated to state reports queue. (integer
+# value)
+#rpc_state_report_workers = 1
+{%- if neutron.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ neutron.rpc_state_report_workers }}
+{%- else %}
+rpc_state_report_workers = 4
+{%- endif %}
+
+# Range of seconds to randomly delay when starting the periodic task scheduler
+# to reduce stampeding. (Disable by setting to 0) (integer value)
+#periodic_fuzzy_delay = 5
+
+#
+# From neutron.agent
+#
+
+# The driver used to manage the virtual interface. (string value)
+#interface_driver = <None>
+
+# Location for Metadata Proxy UNIX domain socket. (string value)
+#metadata_proxy_socket = $state_path/metadata_proxy
+
+# User (uid or name) running metadata proxy after its initialization (if empty:
+# agent effective user). (string value)
+#metadata_proxy_user =
+
+# Group (gid or name) running metadata proxy after its initialization (if
+# empty: agent effective group). (string value)
+#metadata_proxy_group =
+
+#
+# From neutron.db
+#
+
+# Seconds to regard the agent is down; should be at least twice
+# report_interval, to be sure the agent is down for good. (integer value)
+#agent_down_time = 75
+
+# Representing the resource type whose load is being reported by the agent.
+# This can be "networks", "subnets" or "ports". When specified (Default is
+# networks), the server will extract particular load sent as part of its agent
+# configuration object from the agent report state, which is the number of
+# resources being consumed, at every report_interval.dhcp_load_type can be used
+# in combination with network_scheduler_driver =
+# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler When the
+# network_scheduler_driver is WeightScheduler, dhcp_load_type can be configured
+# to represent the choice for the resource being balanced. Example:
+# dhcp_load_type=networks (string value)
+# Possible values:
+# networks - <No description provided>
+# subnets - <No description provided>
+# ports - <No description provided>
+#dhcp_load_type = networks
+
+# Agent starts with admin_state_up=False when enable_new_agents=False. In the
+# case, user's resources will not be scheduled automatically to the agent until
+# admin changes admin_state_up to True. (boolean value)
+#enable_new_agents = true
+
+# Maximum number of routes per router (integer value)
+#max_routes = 30
+
+# Define the default value of enable_snat if not provided in
+# external_gateway_info. (boolean value)
+#enable_snat_by_default = true
+
+# Driver to use for scheduling network to DHCP agent (string value)
+#network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
+
+# Allow auto scheduling networks to DHCP agent. (boolean value)
+#network_auto_schedule = true
+
+# Automatically remove networks from offline DHCP agents. (boolean value)
+#allow_automatic_dhcp_failover = true
+
+# Number of DHCP agents scheduled to host a tenant network. If this number is
+# greater than 1, the scheduler automatically assigns multiple DHCP agents for
+# a given tenant network, providing high availability for DHCP service.
+# (integer value)
+#dhcp_agents_per_network = 1
+dhcp_agents_per_network = 2
+
+# Enable services on an agent with admin_state_up False. If this option is
+# False, when admin_state_up of an agent is turned False, services on it will
+# be disabled. Agents with admin_state_up False are not selected for automatic
+# scheduling regardless of this option. But manual scheduling to such agents is
+# available if this option is True. (boolean value)
+#enable_services_on_agents_with_admin_state_down = false
+
+# The base mac address used for unique DVR instances by Neutron. The first 3
+# octets will remain unchanged. If the 4th octet is not 00, it will also be
+# used. The others will be randomly generated. The 'dvr_base_mac' *must* be
+# different from 'base_mac' to avoid mixing them up with MAC's allocated for
+# tenant ports. A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00.
+# The default is 3 octet (string value)
+#dvr_base_mac = fa:16:3f:00:00:00
+
+# System-wide flag to determine the type of router that tenants can create.
+# Only admin can override. (boolean value)
+#router_distributed = false
+router_distributed = {{ neutron.get('dvr', 'False') }}
+
+# Determine if setup is configured for DVR. If False, DVR API extension will be
+# disabled. (boolean value)
+#enable_dvr = true
+enable_dvr = {{ neutron.get('dvr', 'False') }}
+
+# Driver to use for scheduling router to a default L3 agent (string value)
+#router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
+router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
+
+# Allow auto scheduling of routers to L3 agent. (boolean value)
+#router_auto_schedule = true
+
+# Automatically reschedule routers from offline L3 agents to online L3 agents.
+# (boolean value)
+#allow_automatic_l3agent_failover = false
+allow_automatic_l3agent_failover = true
+
+# Enable HA mode for virtual routers. (boolean value)
+#l3_ha = false
+l3_ha = {{ neutron.get('l3_ha', 'False') }}
+
+# Maximum number of L3 agents which a HA router will be scheduled on. If it is
+# set to 0 then the router will be scheduled on every agent. (integer value)
+#max_l3_agents_per_router = 3
+max_l3_agents_per_router = 0
+
+# Subnet used for the l3 HA admin network. (string value)
+#l3_ha_net_cidr = 169.254.192.0/18
+
+# The network type to use when creating the HA network for an HA router. By
+# default or if empty, the first 'tenant_network_types' is used. This is
+# helpful when the VRRP traffic should use a specific network which is not the
+# default one. (string value)
+#l3_ha_network_type =
+
+# The physical network name with which the HA network can be created. (string
+# value)
+#l3_ha_network_physical_name =
+
+#
+# From neutron.extensions
+#
+
+# Maximum number of allowed address pairs (integer value)
+#max_allowed_address_pair = 10
+
+{%- if neutron.logging is defined %}
+{%- set _data = neutron.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+
+{%- set _data = neutron.message_queue %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_default.conf" %}
+
+{%- set _data = {} %}
+{%- include "oslo_templates/files/queens/oslo/service/_wsgi_default.conf" %}
+
+[agent]
+
+#
+# From neutron.agent
+#
+
+# Root helper application. Use 'sudo neutron-rootwrap
+# /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to
+# 'sudo' to skip the filtering and just run the command directly. (string
+# value)
+#root_helper_daemon = <None>
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+# Use the root helper when listing the namespaces on a system. This may not be
+# required depending on the security configuration. If the root helper is not
+# required, set this to False for a performance improvement. (boolean value)
+#use_helper_for_ns_read = true
+
+# Root helper daemon application to use when possible. For the agent which
+# needs to execute commands in Dom0 in the hypervisor of XenServer, this item
+# should be set to 'xenapi_root_helper', so that it will keep a XenAPI session
+# to pass commands to Dom0. (string value)
+#root_helper_daemon = <None>
+{%- if neutron.root_helper_daemon|default(True) %}
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
+{%- endif %}
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+report_interval = 10
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+# Add comments to iptables rules. Set to false to disallow the addition of
+# comments to generated iptables rules that describe each rule's purpose.
+# System must support the iptables comments module for addition of comments.
+# (boolean value)
+#comment_iptables_rules = true
+
+# Duplicate every iptables difference calculation to ensure the format being
+# generated matches the format of iptables-save. This option should not be
+# turned on for production systems because it imposes a performance penalty.
+# (boolean value)
+#debug_iptables_rules = false
+
+# Action to be executed when a child process dies (string value)
+# Possible values:
+# respawn - <No description provided>
+# exit - <No description provided>
+#check_child_processes_action = respawn
+
+# Interval between checks of child process liveness (seconds), use 0 to disable
+# (integer value)
+#check_child_processes_interval = 60
+
+# Availability zone of this node (string value)
+#availability_zone = nova
+
+
+[cors]
+{%- if neutron.cors is defined %}
+{%- set _data = neutron.cors %}
+{%- include "oslo_templates/files/queens/oslo/_cors.conf" %}
+{%- endif %}
+
+
+[database]
+connection = sqlite:////var/lib/neutron/neutron.sqlite
+
+[keystone_authtoken]
+{%- if neutron.identity is defined %}
+{%- set _data = neutron.identity %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': neutron.cacert_file}) %}{% endif %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystonemiddleware/_auth_token.conf" %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- endif %}
+
+[nova]
+
+[oslo_concurrency]
+{%- set _data = neutron.get('concurrency', {}) %}
+{%- include "oslo_templates/files/queens/oslo/_concurrency.conf" %}
+
+
+{%- if neutron.message_queue is defined %}
+{%- set _data = neutron.message_queue %}
+{%- if _data.engine == 'rabbitmq' %}
+ {%- set messaging_engine = 'rabbit' %}
+{%- else %}
+ {%- set messaging_engine = _data.engine %}
+{%- endif %}
+[oslo_messaging_{{ messaging_engine }}]
+{%- include "oslo_templates/files/queens/oslo/messaging/_" + messaging_engine + ".conf" %}
+{%- endif %}
+
+[oslo_messaging_notifications]
+{%- set _data = neutron.notification %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_notifications.conf" %}
+
+
+[oslo_middleware]
+{%- set _data = neutron %}
+{%- include "oslo_templates/files/queens/oslo/_middleware.conf" %}
+
+
+[oslo_policy]
+{%- if neutron.policy is defined %}
+{%- set _data = neutron.policy %}
+{%- include "oslo_templates/files/queens/oslo/_policy.conf" %}
+{%- endif %}
+
+
+[quotas]
+
+#
+# From neutron
+#
+
+# Default number of resource allowed per tenant. A negative value means
+# unlimited. (integer value)
+#default_quota = -1
+
+# Number of networks allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_network = 100
+
+# Number of subnets allowed per tenant, A negative value means unlimited.
+# (integer value)
+#quota_subnet = 100
+
+# Number of ports allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_port = 500
+
+# Default driver to use for quota checks. (string value)
+#quota_driver = neutron.db.quota.driver.DbQuotaDriver
+{% if neutron.backend.engine == "contrail" %}
+quota_driver = neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
+{% endif %}
+# Keep in track in the database of current resource quota usage. Plugins which
+# do not leverage the neutron database should set this flag to False. (boolean
+# value)
+#track_quota_usage = true
+
+#
+# From neutron.extensions
+#
+
+# Number of routers allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_router = 10
+
+# Number of floating IPs allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_floatingip = 50
+
+# Number of security groups allowed per tenant. A negative value means
+# unlimited. (integer value)
+#quota_security_group = 10
+
+# Number of security rules allowed per tenant. A negative value means
+# unlimited. (integer value)
+#quota_security_group_rule = 100
+
+
+[ssl]
+{%- include "oslo_templates/files/queens/oslo/service/_ssl.conf" %}
+
+{%- if neutron.backend.ovsdb_connection is defined %}
+[ovs]
+ovsdb_connection = {{ neutron.backend.ovsdb_connection }}
+{%- endif %}
diff --git a/neutron/files/queens/neutron-server b/neutron/files/queens/neutron-server
new file mode 100644
index 0000000..d147249
--- /dev/null
+++ b/neutron/files/queens/neutron-server
@@ -0,0 +1,24 @@
+# Generated by Salt.
+{%- from "neutron/map.jinja" import server with context %}
+
+# defaults for neutron-server
+
+# path to config file corresponding to the core_plugin specified in
+# neutron.conf
+#NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
+
+{%- if server.backend.engine in ["ml2", "ovn"] %}
+NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"
+{%- endif %}
+
+{%- if server.backend.engine == "contrail" %}
+NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
+{%- endif %}
+
+{%- if server.logging.log_appender %}
+DAEMON_ARGS="${DAEMON_ARGS} --log-config-append=/etc/neutron/logging/logging-neutron-server.conf"
+{%- endif %}
+
+{%- if server.l2gw is defined and server.l2gw.get('enabled', False) %}
+DAEMON_ARGS="${DAEMON_ARGS} --config-file=/etc/neutron/l2gw_plugin.ini"
+{%- endif %}
diff --git a/neutron/files/queens/neutron-server.conf.Debian b/neutron/files/queens/neutron-server.conf.Debian
new file mode 100644
index 0000000..5a5fb50
--- /dev/null
+++ b/neutron/files/queens/neutron-server.conf.Debian
@@ -0,0 +1,547 @@
+{%- from "neutron/map.jinja" import fwaas, server with context %}
+[DEFAULT]
+
+#
+# From neutron
+#
+
+# Where to store Neutron state files. This directory must be writable by the
+# agent. (string value)
+#state_path = /var/lib/neutron
+state_path = /var/lib/neutron
+
+# The host IP to bind to. (unknown value)
+#bind_host = 0.0.0.0
+bind_host = {{ server.bind.address }}
+
+# The port to bind to (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#bind_port = 9696
+bind_port = {{ server.bind.port }}
+
+# The path for API extensions. Note that this can be a colon-separated list of
+# paths. For example: api_extensions_path =
+# extensions:/path/to/more/exts:/even/more/exts. The __path__ of
+# neutron.extensions is appended to this, so if your extensions are in there
+# you don't need to specify them here. (string value)
+#api_extensions_path =
+
+# The type of authentication to use (string value)
+#auth_strategy = keystone
+auth_strategy = keystone
+
+{% if server.backend.engine == "contrail" %}
+
+api_extensions_path = extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/dist-packages/neutron_lbaas/extensions
+# The core plugin Neutron will use (string value)
+core_plugin = neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
+
+service_plugins = neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
+
+{% elif server.backend.engine in ["ml2", "ovn"] %}
+
+core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
+
+{% if server.backend.engine == "ml2" %}
+{% set l3_plugin = 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' %}
+{% elif server.backend.engine == "ovn" %}
+{% set l3_plugin = 'networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' %}
+{% endif %}
+
+service_plugins = {{ server.backend.get('router', l3_plugin)}},metering
+{%- if server.lbaas is defined -%},lbaasv2{%- endif -%}
+{%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%}
+{%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%}
+{%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%}
+{%- if server.l2gw is defined and server.l2gw.get('enabled', False) -%},networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin{%- endif -%}
+{%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%}
+
+{% endif %}
+
+# The service plugins Neutron will use (list value)
+#service_plugins =
+
+# The base MAC address Neutron will use for VIFs. The first 3 octets will
+# remain unchanged. If the 4th octet is not 00, it will also be used. The
+# others will be randomly generated. (string value)
+#base_mac = fa:16:3e:00:00:00
+
+# Allow the usage of the bulk API (boolean value)
+#allow_bulk = true
+
+# The maximum number of items returned in a single response, value was
+# 'infinite' or negative integer means no limit (string value)
+#pagination_max_limit = -1
+pagination_max_limit = {{ server.pagination_max_limit|default('-1') }}
+
+# Default value of availability zone hints. The availability zone aware
+# schedulers use this when the resources availability_zone_hints is empty.
+# Multiple availability zones can be specified by a comma separated string.
+# This value can be empty. In this case, even if availability_zone_hints for a
+# resource is empty, availability zone is considered for high availability
+# while scheduling the resource. (list value)
+#default_availability_zones =
+
+# Maximum number of DNS nameservers per subnet (integer value)
+#max_dns_nameservers = 5
+
+# Maximum number of host routes per subnet (integer value)
+#max_subnet_host_routes = 20
+
+# Enables IPv6 Prefix Delegation for automatic subnet CIDR allocation. Set to
+# True to enable IPv6 Prefix Delegation for subnet allocation in a PD-capable
+# environment. Users making subnet creation requests for IPv6 subnets without
+# providing a CIDR or subnetpool ID will be given a CIDR via the Prefix
+# Delegation mechanism. Note that enabling PD will override the behavior of the
+# default IPv6 subnetpool. (boolean value)
+#ipv6_pd_enabled = false
+
+# DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite
+# lease times. (integer value)
+#dhcp_lease_duration = 86400
+dhcp_lease_duration = {{ server.dhcp_lease_duration|default('600') }}
+
+# Domain to use for building the hostnames (string value)
+#dns_domain = openstacklocal
+dns_domain = {{ server.dns_domain }}
+
+# Driver for external DNS integration. (string value)
+#external_dns_driver = <None>
+{%- if server.backend.get('extension', {}).get('dns', {}).get('enabled', False) %}
+external_dns_driver={{ server.backend.get('extension', {}).get('dns', {}).get('engine', '') }}
+{%- endif %}
+
+# Allow sending resource operation notification to DHCP agent (boolean value)
+#dhcp_agent_notification = true
+
+# Allow overlapping IP support in Neutron. Attention: the following parameter
+# MUST be set to False if Neutron is being used in conjunction with Nova
+# security groups. (boolean value)
+#allow_overlapping_ips = false
+allow_overlapping_ips = True
+
+# Hostname to be used by the Neutron server, agents and services running on
+# this machine. All the agents and services running on this machine must use
+# the same host value. (unknown value)
+#host = example.domain
+
+# This string is prepended to the normal URL that is returned in links to the
+# OpenStack Network API. If it is empty (the default), the URLs are returned
+# unchanged. (string value)
+#network_link_prefix = <None>
+
+# Send notification to nova when port status changes (boolean value)
+#notify_nova_on_port_status_changes = true
+notify_nova_on_port_status_changes = true
+
+# Send notification to nova when port data (fixed_ips/floatingip) changes so
+# nova can update its cache. (boolean value)
+#notify_nova_on_port_data_changes = true
+notify_nova_on_port_data_changes = true
+
+# Number of seconds between sending events to nova if there are any events to
+# send. (integer value)
+#send_events_interval = 2
+
+# Neutron IPAM (IP address management) driver to use. By default, the reference
+# implementation of the Neutron IPAM driver is used. (string value)
+#ipam_driver = internal
+
+# If True, then allow plugins that support it to create VLAN transparent
+# networks. (boolean value)
+#vlan_transparent = false
+
+# MTU of the underlying physical network. Neutron uses this value to calculate
+# MTU for all virtual network components. For flat and VLAN networks, neutron
+# uses this value without modification. For overlay networks such as VXLAN,
+# neutron automatically subtracts the overlay protocol overhead from this
+# value. Defaults to 1500, the standard value for Ethernet. (integer value)
+# Deprecated group/name - [ml2]/segment_mtu
+#global_physnet_mtu = 1500
+global_physnet_mtu = {{ server.get('global_physnet_mtu', '1500') }}
+
+# Number of backlog requests to configure the socket with (integer value)
+#backlog = 4096
+
+# Number of seconds to keep retrying to listen (integer value)
+#retry_until_window = 30
+
+# Enable SSL on the API server (boolean value)
+#use_ssl = false
+
+# Seconds between running periodic tasks. (integer value)
+#periodic_interval = 40
+
+# Number of separate API worker processes for service. If not specified, the
+# default is equal to the number of CPUs available for best performance.
+# (integer value)
+#api_workers = <None>
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
+
+# Number of RPC worker processes for service. (integer value)
+#rpc_workers = 1
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- else %}
+rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
+
+
+# Number of RPC worker processes dedicated to state reports queue. (integer
+# value)
+#rpc_state_report_workers = 1
+{%- if server.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ server.rpc_state_report_workers }}
+{%- else %}
+rpc_state_report_workers = 4
+{%- endif %}
+
+# Range of seconds to randomly delay when starting the periodic task scheduler
+# to reduce stampeding. (Disable by setting to 0) (integer value)
+#periodic_fuzzy_delay = 5
+
+#
+# From neutron.agent
+#
+
+# The driver used to manage the virtual interface. (string value)
+#interface_driver = <None>
+
+# Location for Metadata Proxy UNIX domain socket. (string value)
+#metadata_proxy_socket = $state_path/metadata_proxy
+
+# User (uid or name) running metadata proxy after its initialization (if empty:
+# agent effective user). (string value)
+#metadata_proxy_user =
+
+# Group (gid or name) running metadata proxy after its initialization (if
+# empty: agent effective group). (string value)
+#metadata_proxy_group =
+
+#
+# From neutron.db
+#
+
+# Seconds to regard the agent is down; should be at least twice
+# report_interval, to be sure the agent is down for good. (integer value)
+#agent_down_time = 75
+
+# Representing the resource type whose load is being reported by the agent.
+# This can be "networks", "subnets" or "ports". When specified (Default is
+# networks), the server will extract particular load sent as part of its agent
+# configuration object from the agent report state, which is the number of
+# resources being consumed, at every report_interval.dhcp_load_type can be used
+# in combination with network_scheduler_driver =
+# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler When the
+# network_scheduler_driver is WeightScheduler, dhcp_load_type can be configured
+# to represent the choice for the resource being balanced. Example:
+# dhcp_load_type=networks (string value)
+# Possible values:
+# networks - <No description provided>
+# subnets - <No description provided>
+# ports - <No description provided>
+#dhcp_load_type = networks
+
+# Agent starts with admin_state_up=False when enable_new_agents=False. In the
+# case, user's resources will not be scheduled automatically to the agent until
+# admin changes admin_state_up to True. (boolean value)
+#enable_new_agents = true
+
+# Maximum number of routes per router (integer value)
+#max_routes = 30
+
+# Define the default value of enable_snat if not provided in
+# external_gateway_info. (boolean value)
+#enable_snat_by_default = true
+
+# Driver to use for scheduling network to DHCP agent (string value)
+#network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
+
+# Allow auto scheduling networks to DHCP agent. (boolean value)
+#network_auto_schedule = true
+
+# Automatically remove networks from offline DHCP agents. (boolean value)
+#allow_automatic_dhcp_failover = true
+
+# Number of DHCP agents scheduled to host a tenant network. If this number is
+# greater than 1, the scheduler automatically assigns multiple DHCP agents for
+# a given tenant network, providing high availability for DHCP service.
+# (integer value)
+#dhcp_agents_per_network = 1
+dhcp_agents_per_network = 2
+
+# Enable services on an agent with admin_state_up False. If this option is
+# False, when admin_state_up of an agent is turned False, services on it will
+# be disabled. Agents with admin_state_up False are not selected for automatic
+# scheduling regardless of this option. But manual scheduling to such agents is
+# available if this option is True. (boolean value)
+#enable_services_on_agents_with_admin_state_down = false
+
+# The base mac address used for unique DVR instances by Neutron. The first 3
+# octets will remain unchanged. If the 4th octet is not 00, it will also be
+# used. The others will be randomly generated. The 'dvr_base_mac' *must* be
+# different from 'base_mac' to avoid mixing them up with MAC's allocated for
+# tenant ports. A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00.
+# The default is 3 octet (string value)
+#dvr_base_mac = fa:16:3f:00:00:00
+
+# System-wide flag to determine the type of router that tenants can create.
+# Only admin can override. (boolean value)
+#router_distributed = false
+router_distributed = {{ server.get('dvr', 'False') }}
+
+# Determine if setup is configured for DVR. If False, DVR API extension will be
+# disabled. (boolean value)
+#enable_dvr = true
+enable_dvr = {{ server.get('dvr', 'False') }}
+
+# Driver to use for scheduling router to a default L3 agent (string value)
+#router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
+router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
+
+# Allow auto scheduling of routers to L3 agent. (boolean value)
+#router_auto_schedule = true
+
+# Automatically reschedule routers from offline L3 agents to online L3 agents.
+# (boolean value)
+#allow_automatic_l3agent_failover = false
+allow_automatic_l3agent_failover = true
+
+# Enable HA mode for virtual routers. (boolean value)
+#l3_ha = false
+l3_ha = {{ server.get('l3_ha', 'False') }}
+
+# Maximum number of L3 agents which a HA router will be scheduled on. If it is
+# set to 0 then the router will be scheduled on every agent. (integer value)
+#max_l3_agents_per_router = 3
+max_l3_agents_per_router = 0
+
+# Subnet used for the l3 HA admin network. (string value)
+#l3_ha_net_cidr = 169.254.192.0/18
+
+# The network type to use when creating the HA network for an HA router. By
+# default or if empty, the first 'tenant_network_types' is used. This is
+# helpful when the VRRP traffic should use a specific network which is not the
+# default one. (string value)
+#l3_ha_network_type =
+
+# The physical network name with which the HA network can be created. (string
+# value)
+#l3_ha_network_physical_name =
+
+#
+# From neutron.extensions
+#
+
+# Maximum number of allowed address pairs (integer value)
+#max_allowed_address_pair = 10
+
+{%- if server.logging is defined %}
+{%- set _data = server.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+
+{%- set _data = server.message_queue %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_default.conf" %}
+
+{%- set _data = {} %}
+{%- include "oslo_templates/files/queens/oslo/service/_wsgi_default.conf" %}
+
+nova_url = http://{{ server.compute.host }}:8774/v2
+
+
+[agent]
+
+#
+# From neutron.agent
+#
+
+# Root helper application. Use 'sudo neutron-rootwrap
+# /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to
+# 'sudo' to skip the filtering and just run the command directly. (string
+# value)
+#root_helper_daemon = <None>
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+# Use the root helper when listing the namespaces on a system. This may not be
+# required depending on the security configuration. If the root helper is not
+# required, set this to False for a performance improvement. (boolean value)
+#use_helper_for_ns_read = true
+
+# Root helper daemon application to use when possible. For the agent which
+# needs to execute commands in Dom0 in the hypervisor of XenServer, this item
+# should be set to 'xenapi_root_helper', so that it will keep a XenAPI session
+# to pass commands to Dom0. (string value)
+#root_helper_daemon = <None>
+{%- if server.root_helper_daemon|default(True) %}
+root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
+{%- endif %}
+
+# Seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time. (floating
+# point value)
+#report_interval = 30
+report_interval = 10
+
+# Log agent heartbeats (boolean value)
+#log_agent_heartbeats = false
+
+# Add comments to iptables rules. Set to false to disallow the addition of
+# comments to generated iptables rules that describe each rule's purpose.
+# System must support the iptables comments module for addition of comments.
+# (boolean value)
+#comment_iptables_rules = true
+
+# Duplicate every iptables difference calculation to ensure the format being
+# generated matches the format of iptables-save. This option should not be
+# turned on for production systems because it imposes a performance penalty.
+# (boolean value)
+#debug_iptables_rules = false
+
+# Action to be executed when a child process dies (string value)
+# Possible values:
+# respawn - <No description provided>
+# exit - <No description provided>
+#check_child_processes_action = respawn
+
+# Interval between checks of child process liveness (seconds), use 0 to disable
+# (integer value)
+#check_child_processes_interval = 60
+
+# Availability zone of this node (string value)
+#availability_zone = nova
+
+
+[cors]
+{%- if server.cors is defined %}
+{%- set _data = server.cors %}
+{%- include "oslo_templates/files/queens/oslo/_cors.conf" %}
+{%- endif %}
+
+
+[database]
+{%- set _data = server.database %}
+{%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': server.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/oslo/_database.conf" %}
+
+[keystone_authtoken]
+{%- set _data = server.identity %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': server.cacert_file}) %}{% endif %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystonemiddleware/_auth_token.conf" %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+
+
+[nova]
+{%- set _data = server.get('compute', server.get('identity', {})) %}
+{%- set auth_type = _data.get('auth_type', 'password') %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+
+
+[oslo_concurrency]
+{%- set _data = server.get('concurrency', {}) %}
+{%- include "oslo_templates/files/queens/oslo/_concurrency.conf" %}
+
+
+{%- if server.message_queue is defined %}
+{%- set _data = server.message_queue %}
+{%- if _data.engine == 'rabbitmq' %}
+ {%- set messaging_engine = 'rabbit' %}
+{%- else %}
+ {%- set messaging_engine = _data.engine %}
+{%- endif %}
+[oslo_messaging_{{ messaging_engine }}]
+{%- include "oslo_templates/files/queens/oslo/messaging/_" + messaging_engine + ".conf" %}
+{%- endif %}
+
+[oslo_messaging_notifications]
+{%- set _data = server.notification %}
+{%- include "oslo_templates/files/queens/oslo/messaging/_notifications.conf" %}
+
+
+[oslo_middleware]
+{%- set _data = server %}
+{%- include "oslo_templates/files/queens/oslo/_middleware.conf" %}
+
+
+[oslo_policy]
+{%- if server.policy is defined %}
+{%- set _data = server.policy %}
+{%- include "oslo_templates/files/queens/oslo/_policy.conf" %}
+{%- endif %}
+
+
+[quotas]
+
+#
+# From neutron
+#
+
+# Default number of resource allowed per tenant. A negative value means
+# unlimited. (integer value)
+#default_quota = -1
+
+# Number of networks allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_network = 100
+
+# Number of subnets allowed per tenant, A negative value means unlimited.
+# (integer value)
+#quota_subnet = 100
+
+# Number of ports allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_port = 500
+
+# Default driver to use for quota checks. (string value)
+#quota_driver = neutron.db.quota.driver.DbQuotaDriver
+{% if server.backend.engine == "contrail" %}
+quota_driver = neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
+{% endif %}
+# Keep in track in the database of current resource quota usage. Plugins which
+# do not leverage the neutron database should set this flag to False. (boolean
+# value)
+#track_quota_usage = true
+
+#
+# From neutron.extensions
+#
+
+# Number of routers allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_router = 10
+
+# Number of floating IPs allowed per tenant. A negative value means unlimited.
+# (integer value)
+#quota_floatingip = 50
+
+# Number of security groups allowed per tenant. A negative value means
+# unlimited. (integer value)
+#quota_security_group = 10
+
+# Number of security rules allowed per tenant. A negative value means
+# unlimited. (integer value)
+#quota_security_group_rule = 100
+
+
+[ssl]
+{%- include "oslo_templates/files/queens/oslo/service/_ssl.conf" %}
+
+{%- if server.backend.ovsdb_connection is defined %}
+[ovs]
+ovsdb_connection = {{ server.backend.ovsdb_connection }}
+{%- endif %}
+
+# Advanced services configs
+
+{% if server.lbaas is defined -%}
+{%- include "neutron/files/queens/lbaas.conf" %}
+{% endif %}
+
+{% if server.bgp_vpn is defined -%}
+{%- include "neutron/files/queens/bgpvpn.conf" %}
+{% endif %}
diff --git a/neutron/files/queens/openvswitch_agent.ini b/neutron/files/queens/openvswitch_agent.ini
new file mode 100644
index 0000000..821b8b8
--- /dev/null
+++ b/neutron/files/queens/openvswitch_agent.ini
@@ -0,0 +1,285 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+
+[DEFAULT]
+
+{%- if neutron.logging is defined %}
+{%- set _data = neutron.logging %}
+{%- include "oslo_templates/files/queens/oslo/_log.conf" %}
+{%- endif %}
+
+[agent]
+
+#
+# From neutron.ml2.ovs.agent
+#
+
+# Minimize polling by monitoring ovsdb for interface changes. (boolean value)
+#minimize_polling = true
+
+# The number of seconds to wait before respawning the ovsdb monitor after
+# losing communication with it. (integer value)
+#ovsdb_monitor_respawn_interval = 30
+
+# Network types supported by the agent (gre and/or vxlan). (list value)
+#tunnel_types =
+{%- if "vxlan" in neutron.backend.tenant_network_types %}
+tunnel_types =vxlan
+
+# The UDP port to use for VXLAN tunnels. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#vxlan_udp_port = 4789
+vxlan_udp_port = 4789
+
+# MTU size of veth interfaces (integer value)
+#veth_mtu = 9000
+
+# Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve tunnel scalability. (boolean value)
+#l2_population = false
+l2_population = True
+
+# Enable local ARP responder if it is supported. Requires OVS 2.1 and ML2
+# l2population driver. Allows the switch (when supporting an overlay) to
+# respond to an ARP request locally without performing a costly ARP broadcast
+# into the overlay. (boolean value)
+#arp_responder = false
+arp_responder = True
+{%- endif %}
+
+# Set or un-set the don't fragment (DF) bit on outgoing IP packet carrying
+# GRE/VXLAN tunnel. (boolean value)
+#dont_fragment = true
+
+# Make the l2 agent run in DVR mode. (boolean value)
+#enable_distributed_routing = false
+enable_distributed_routing = {{ neutron.get('dvr', 'False') }}
+
+# Reset flow table on start. Setting this to True will cause brief traffic
+# interruption. (boolean value)
+#drop_flows_on_start = false
+drop_flows_on_start = False
+
+# Set or un-set the tunnel header checksum on outgoing IP packet carrying
+# GRE/VXLAN tunnel. (boolean value)
+#tunnel_csum = false
+
+# DEPRECATED: Selects the Agent Type reported (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#agent_type = Open vSwitch agent
+
+# Extensions list to use (list value)
+{# Get neutron:backend:extension mapping and prepare tmp_ext_list list with extentions where enabled = True #}
+{%- set tmp_ext_list = [] %}
+
+{%- for ext_name, ext_params in neutron.backend.get('ovs_extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) %}
+{%- endfor %}
+
+{%- for ext_name, ext_params in neutron.backend.get('extension', {}).iteritems() %}
+{%- do tmp_ext_list.append(ext_name) if ext_params.get('enabled', False) and ext_name not in tmp_ext_list %}
+{%- endfor %}
+{# Below section is for backward compatible when extentions were separated properties without neutron:backend:extension pillar #}
+{%- do tmp_ext_list.append('qos') if neutron.get('qos', 'True') and 'qos' not in tmp_ext_list %}
+extensions={{ tmp_ext_list|join(',') }}
+
+
+[network_log]
+
+#
+# From neutron.ml2.ovs.agent
+#
+
+# Maximum packets logging per second. (integer value)
+# Minimum value: 100
+#rate_limit = 100
+
+# Maximum number of packets per rate_limit. (integer value)
+# Minimum value: 25
+#burst_limit = 25
+
+# Output logfile path on agent side, default syslog file. (string value)
+#local_output_log_base = <None>
+
+
+[ovs]
+
+#
+# From neutron.ml2.ovs.agent
+#
+
+# Integration bridge to use. Do not change this parameter unless you have a
+# good reason to. This is the name of the OVS integration bridge. There is one
+# per hypervisor. The integration bridge acts as a virtual 'patch bay'. All VM
+# VIFs are attached to this bridge and then 'patched' according to their
+# network connectivity. (string value)
+#integration_bridge = br-int
+integration_bridge = br-int
+
+# Tunnel bridge to use. (string value)
+#tunnel_bridge = br-tun
+tunnel_bridge = br-tun
+
+# Peer patch port in integration bridge for tunnel bridge. (string value)
+#int_peer_patch_port = patch-tun
+
+# Peer patch port in tunnel bridge for integration bridge. (string value)
+#tun_peer_patch_port = patch-int
+
+# IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or
+# IPv6 address that resides on one of the host network interfaces. The IP
+# version of this value must match the value of the 'overlay_ip_version' option
+# in the ML2 plug-in configuration file on the neutron server node(s). (IP
+# address value)
+#local_ip = <None>
+{%- if "vxlan" in neutron.backend.tenant_network_types %}
+local_ip = {{ neutron.local_ip }}
+{%- endif %}
+
+# Comma-separated list of <physical_network>:<bridge> tuples mapping physical
+# network names to the agent's node-specific Open vSwitch bridge names to be
+# used for flat and VLAN networks. The length of bridge names should be no more
+# than 11. Each bridge must exist, and should have a physical network interface
+# configured as a port. All physical networks configured on the server should
+# have mappings to appropriate bridges on each agent. Note: If you remove a
+# bridge from this mapping, make sure to disconnect it from the integration
+# bridge as it won't be managed by the agent anymore. (list value)
+{% set bridge_mappings=[] %}
+{%- if neutron.bridge_mappings is defined %}
+{%- for physnet,bridge in neutron.bridge_mappings.iteritems() %}{%- do bridge_mappings.append(physnet+':'+bridge) %}{%- endfor %}
+{%- endif %}
+{%- if 'br-floating' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('external_access', True) %}
+{%- do bridge_mappings.append('physnet1:br-floating') %}{%- endif %}{%- endif %}
+{%- if 'br-prv' not in neutron.get('bridge_mappings', {}).values() %}{%- if "vlan" in neutron.backend.tenant_network_types %}
+{%- do bridge_mappings.append('physnet2:br-prv') %}{%- endif %}{%- endif %}
+{%- if 'br-baremetal' not in neutron.get('bridge_mappings', {}).values() %}{%- if neutron.get('ironic_enabled', False) %}
+{%- do bridge_mappings.append('physnet3:br-baremetal') %}{%- endif %}{%- endif %}
+{%- if bridge_mappings %}
+bridge_mappings = {{ ','.join(bridge_mappings) }}
+{%- else %}
+#bridge_mappings =
+{%- endif %}
+
+# Use veths instead of patch ports to interconnect the integration bridge to
+# physical networks. Support kernel without Open vSwitch patch port support so
+# long as it is set to True. (boolean value)
+#use_veth_interconnection = false
+
+# DEPRECATED: OpenFlow interface to use. (string value)
+# Possible values:
+# ovs-ofctl - <No description provided>
+# native - <No description provided>
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#of_interface = native
+
+# OVS datapath to use. 'system' is the default value and corresponds to the
+# kernel datapath. To enable the userspace datapath set this value to 'netdev'.
+# (string value)
+# Possible values:
+# system - <No description provided>
+# netdev - <No description provided>
+#datapath_type = system
+{%- if neutron.dpdk %}
+datapath_type = netdev
+{%- endif %}
+
+# OVS vhost-user socket directory. (string value)
+#vhostuser_socket_dir = /var/run/openvswitch
+{%- if neutron.vhost_socket_dir is defined %}
+vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
+{%- endif %}
+
+# Address to listen on for OpenFlow connections. Used only for 'native' driver.
+# (IP address value)
+#of_listen_address = 127.0.0.1
+
+# Port to listen on for OpenFlow connections. Used only for 'native' driver.
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#of_listen_port = 6633
+
+# Timeout in seconds to wait for the local switch connecting the controller.
+# Used only for 'native' driver. (integer value)
+#of_connect_timeout = 30
+
+# Timeout in seconds to wait for a single OpenFlow request. Used only for
+# 'native' driver. (integer value)
+#of_request_timeout = 10
+
+# DEPRECATED: The interface for interacting with the OVSDB (string value)
+# Possible values:
+# native - <No description provided>
+# vsctl - <No description provided>
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#ovsdb_interface = native
+
+# The connection string for the OVSDB backend. Will be used by ovsdb-client
+# when monitoring and used for the all ovsdb commands when native
+# ovsdb_interface is enabled (string value)
+#ovsdb_connection = tcp:127.0.0.1:6640
+
+# The SSL private key file to use when interacting with OVSDB. Required when
+# using an "ssl:" prefixed ovsdb_connection (string value)
+#ssl_key_file = <None>
+
+# The SSL certificate file to use when interacting with OVSDB. Required when
+# using an "ssl:" prefixed ovsdb_connection (string value)
+#ssl_cert_file = <None>
+
+# The Certificate Authority (CA) certificate to use when interacting with
+# OVSDB. Required when using an "ssl:" prefixed ovsdb_connection (string
+# value)
+#ssl_ca_cert_file = <None>
+
+
+[securitygroup]
+
+#
+# From neutron.ml2.ovs.agent
+#
+
+# Driver for security groups firewall in the L2 agent (string value)
+#firewall_driver = <None>
+
+# Controls whether the neutron security group API is enabled in the server. It
+# should be false when using no security groups or using the nova security
+# group API. (boolean value)
+#enable_security_group = true
+
+{%- if not neutron.get('security_groups_enabled', True) %}
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+enable_security_group = False
+{%- elif neutron.dpdk or neutron.get('vlan_aware_vms', False) %}
+firewall_driver = openvswitch
+enable_security_group = True
+{%- else %}
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
+{%- endif %}
+
+# Use ipset to speed-up the iptables based security groups. Enabling ipset
+# support requires that ipset is installed on L2 agent node. (boolean value)
+#enable_ipset = true
+
+
+[xenapi]
+
+#
+# From neutron.ml2.xenapi
+#
+
+# URL for connection to XenServer/Xen Cloud Platform. (string value)
+#connection_url = <None>
+
+# Username for connection to XenServer/Xen Cloud Platform. (string value)
+#connection_username = <None>
+
+# Password for connection to XenServer/Xen Cloud Platform. (string value)
+#connection_password = <None>
diff --git a/neutron/fwaas.sls b/neutron/fwaas.sls
new file mode 100644
index 0000000..8b6f87d
--- /dev/null
+++ b/neutron/fwaas.sls
@@ -0,0 +1,18 @@
+{%- from "neutron/map.jinja" import compute, fwaas with context %}
+
+{%- if fwaas.get('enabled', False) %}
+
+neutron_fwaas_packages:
+ pkg.installed:
+ - names: {{ fwaas.pkgs }}
+
+{%- if pillar.neutron.gateway is defined or compute.get('enabled', False) and compute.dvr %}
+/etc/neutron/fwaas_driver.ini:
+ file.managed:
+ - source: salt://neutron/files/{{ fwaas.version }}/fwaas_driver.ini
+ - template: jinja
+ - require:
+ - pkg: neutron_fwaas_packages
+{%- endif %}
+
+{%- endif %}
diff --git a/neutron/gateway.sls b/neutron/gateway.sls
index a6e6586..1d2170e 100644
--- a/neutron/gateway.sls
+++ b/neutron/gateway.sls
@@ -1,10 +1,30 @@
-{% from "neutron/map.jinja" import gateway with context %}
-{%- if gateway.enabled %}
+{% from "neutron/map.jinja" import gateway, fwaas with context %}
+{%- if fwaas.get('enabled', False) %}
+include:
+- neutron.fwaas
+{%- endif %}
+
+{%- if gateway.enabled %}
neutron_gateway_packages:
pkg.installed:
- names: {{ gateway.pkgs }}
+{%- if not grains.get('noservices', False) %}
+# NOTE(mpolenchuk): haproxy is used as a replacement for
+# neutron-ns-metadata-proxy Python implementation starting from Pike
+haproxy:
+ {%- if grains['saltversioninfo'] < [2017,7] %}
+ module.run:
+ - name: service.mask
+ - m_name: haproxy
+ {%- else %}
+ service.masked:
+ {%- endif %}
+ - prereq:
+ - pkg: neutron_gateway_packages
+{%- endif %}
+
{%- if pillar.neutron.server is not defined %}
/etc/neutron/neutron.conf:
@@ -16,7 +36,13 @@
{%- endif %}
+{%- if gateway.l2gw is defined %}
+{%- include "neutron/agents/_l2gw.sls" %}
+{%- endif %}
+{%- if gateway.opendaylight is defined %}
+{%- include "neutron/opendaylight/client.sls" %}
+{%- else %}
/etc/neutron/l3_agent.ini:
file.managed:
- source: salt://neutron/files/{{ gateway.version }}/l3_agent.ini
@@ -24,25 +50,73 @@
- require:
- pkg: neutron_gateway_packages
-/etc/neutron/dhcp_agent.ini:
- file.managed:
- - source: salt://neutron/files/{{ gateway.version }}/dhcp_agent.ini
- - require:
- - pkg: neutron_gateway_packages
-
-/etc/neutron/metadata_agent.ini:
- file.managed:
- - source: salt://neutron/files/{{ gateway.version }}/metadata_agent.ini
- - template: jinja
- - require:
- - pkg: neutron_gateway_packages
-
/etc/neutron/plugins/ml2/openvswitch_agent.ini:
file.managed:
- source: salt://neutron/files/{{ gateway.version }}/openvswitch_agent.ini
- template: jinja
- require:
- pkg: neutron_gateway_packages
+{%- endif %}
+
+/etc/neutron/dhcp_agent.ini:
+ file.managed:
+ - source: salt://neutron/files/{{ gateway.version }}/dhcp_agent.ini
+ - template: jinja
+ - require:
+ - pkg: neutron_gateway_packages
+
+/etc/neutron/metadata_agent.ini:
+ file.managed:
+ - source: salt://neutron/files/{{ gateway.version }}/metadata_agent.ini
+ - template: jinja
+ - require:
+ - pkg: neutron_gateway_packages
+
+{%- for service_name in gateway.services %}
+{{ service_name }}_default:
+ file.managed:
+ - name: /etc/default/{{ service_name }}
+ - source: salt://neutron/files/default
+ - template: jinja
+ - defaults:
+ service_name: {{ service_name }}
+ values: {{ gateway }}
+ - require:
+ - pkg: neutron_gateway_packages
+ - watch_in:
+ - service: neutron_gateway_services
+{% endfor %}
+
+{%- if gateway.logging.log_appender %}
+
+{%- if gateway.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+neutron_gateway_fluentd_logger_package:
+ pkg.installed:
+ - name: python-fluent-logger
+{%- endif %}
+
+{% for service_name in gateway.services %}
+{{ service_name }}_logging_conf:
+ file.managed:
+ - name: /etc/neutron/logging/logging-{{ service_name }}.conf
+ - source: salt://neutron/files/logging.conf
+ - template: jinja
+ - makedirs: true
+ - user: neutron
+ - group: neutron
+ - defaults:
+ service_name: {{ service_name }}
+ values: {{ gateway }}
+ - require:
+ - pkg: neutron_gateway_packages
+{%- if gateway.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+ - pkg: neutron_gateway_fluentd_logger_package
+{%- endif %}
+ - watch_in:
+ - service: neutron_gateway_services
+{% endfor %}
+
+{% endif %}
neutron_gateway_services:
service.running:
@@ -50,9 +124,32 @@
- enable: true
- watch:
- file: /etc/neutron/neutron.conf
- - file: /etc/neutron/l3_agent.ini
- file: /etc/neutron/metadata_agent.ini
- - file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
- file: /etc/neutron/dhcp_agent.ini
+ {%- if gateway.opendaylight is not defined %}
+ - file: /etc/neutron/l3_agent.ini
+ - file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+ {%- endif %}
+ {%- if fwaas.get('enabled', False) %}
+ - file: /etc/neutron/fwaas_driver.ini
+ {%- endif %}
+ {%- if gateway.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca_neutron_gateway
+ {%- endif %}
-{%- endif %}
\ No newline at end of file
+
+{%- if gateway.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbitmq_ca_neutron_gateway:
+{%- if gateway.message_queue.ssl.cacert is defined %}
+ file.managed:
+ - name: {{ gateway.message_queue.ssl.cacert_file }}
+ - contents_pillar: neutron:gateway:message_queue:ssl:cacert
+ - mode: 0444
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ gateway.message_queue.ssl.get('cacert_file', gateway.cacert_file) }}
+{%- endif %}
+{%- endif %}
+
+{%- endif %}
diff --git a/neutron/init.sls b/neutron/init.sls
index c12f434..811d852 100644
--- a/neutron/init.sls
+++ b/neutron/init.sls
@@ -1,5 +1,8 @@
include:
+{% if pillar.neutron.fwaas is defined %}
+- neutron.fwaas
+{% endif %}
{% if pillar.neutron.server is defined %}
- neutron.server
{% endif %}
diff --git a/neutron/map.jinja b/neutron/map.jinja
index f670fb0..e3b4cff 100644
--- a/neutron/map.jinja
+++ b/neutron/map.jinja
@@ -1,60 +1,147 @@
+{%- set default_params = {
+ 'cacert_file': salt['grains.filter_by']({
+ 'Debian': '/etc/ssl/certs/ca-certificates.crt',
+ 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
+ })}
+%}
{% set compute = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['neutron-openvswitch-agent', 'openvswitch-switch', 'python-pycadf'],
+ 'pkgs_ovn': ['ovn-common', 'ovn-host'],
+ 'pkgs_bagpipe': ['python-networking-bagpipe'],
'services': ['neutron-openvswitch-agent'],
+ 'services_ovn': ['ovn-host'],
'dpdk': false,
+ 'notification': {},
'audit': {
'enabled': false
- }
+ },
+ 'logging': {
+ 'log_appender': false,
+ 'log_handlers': {
+ 'watchedfile': {
+ 'enabled': true
+ }
+ },
+ },
},
'RedHat': {
'pkgs': ['openstack-neutron-openvswitch', 'openvswitch', 'python-pycadf'],
+ 'pkgs_ovn': ['openvswitch-ovn'],
+ 'pkgs_bagpipe': ['python-networking-bagpipe'],
'services': ['neutron-openvswitch-agent'],
+ 'services_ovn': ['ovn-host'],
'dpdk': false,
+ 'notification': {},
'audit': {
'enabled': false
- }
+ },
+ 'logging': {
+ 'log_appender': false,
+ 'log_handlers': {
+ 'watchedfile': {
+ 'enabled': true
+ }
+ },
+ },
},
-}, merge=pillar.neutron.get('compute', {})) %}
+}, merge=pillar.neutron.get('compute', {}), base='BaseDefaults') %}
+
+{%- set opendaylight_enabled = pillar.neutron.gateway is defined and pillar.neutron.gateway.opendaylight is defined %}
+{%- set pkgs_list = ['neutron-dhcp-agent', 'openvswitch-common', 'neutron-metadata-agent'] %}
+{%- set services_list = ['neutron-metadata-agent', 'neutron-dhcp-agent'] %}
+{%- if not opendaylight_enabled %}
+{%- do pkgs_list.extend(['neutron-openvswitch-agent', 'neutron-l3-agent']) %}
+{%- do services_list.extend(['neutron-openvswitch-agent', 'neutron-l3-agent']) %}
+{%- endif %}
{% set gateway = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
- 'pkgs': ['neutron-dhcp-agent', 'neutron-openvswitch-agent', 'neutron-l3-agent', 'openvswitch-common', 'neutron-metadata-agent'],
- 'services': ['neutron-openvswitch-agent', 'neutron-metadata-agent', 'neutron-l3-agent', 'neutron-dhcp-agent'],
- 'dpdk': false
+ 'pkgs': pkgs_list,
+ 'pkgs_l2gw_agent': ['neutron-l2gateway-agent'],
+ 'services': services_list,
+ 'dpdk': false,
+ 'notification': {},
+ 'logging': {
+ 'log_appender': false,
+ 'log_handlers': {
+ 'watchedfile': {
+ 'enabled': true
+ }
+ },
+ },
},
'RedHat': {
'pkgs': ['openstack-neutron-openvswitch'],
- 'services': ['neutron-openvswitch-agent', 'neutron-metadata-agent', 'neutron-l3-agent', 'neutron-dhcp-agent'],
- 'dpdk': false
+ 'pkgs_l2gw_agent': ['openstack-neutron-l2gw-agent'],
+ 'services': services_list,
+ 'dpdk': false,
+ 'notification': {},
+ 'logging': {
+ 'log_appender': false,
+ 'log_handlers': {
+ 'watchedfile': {
+ 'enabled': true
+ }
+ },
+ },
},
-}, merge=pillar.neutron.get('gateway', {})) %}
+}, merge=pillar.neutron.get('gateway', {}), base='BaseDefaults') %}
{% set server = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['neutron-server','python-neutron-lbaas', 'gettext-base', 'python-pycadf'],
+ 'pkgs_ovn': ['python-networking-ovn', 'ovn-common', 'ovn-central'],
'pkgs_ml2': ['neutron-plugin-ml2'],
+ 'pkgs_l2gw': ['python-networking-l2gw'],
+ 'pkgs_bgpvpn': ['python-networking-bgpvpn'],
+ 'pkgs_bagpipe': ['python-networking-bagpipe'],
'services': ['neutron-server'],
- 'notification': False,
+ 'services_ovn': ['ovn-central'],
+ 'notification': {},
'dpdk': false,
'cors': {},
'audit': {
'enabled': false
- }
+ },
+ 'logging': {
+ 'log_appender': false,
+ 'log_handlers': {
+ 'watchedfile': {
+ 'enabled': true
+ }
+ },
+ },
},
'RedHat': {
'pkgs_ml2': ['openstack-neutron-ml2', 'python-pycadf'],
'pkgs': ['openstack-neutron'],
+ 'pkgs_ovn': ['openvswitch-ovn', 'python-networking-ovn'],
+ 'pkgs_l2gw': ['python2-networking-l2gw'],
+ 'pkgs_bgpvpn': ['python-networking-bgpvpn'],
+ 'pkgs_bagpipe': ['python-networking-bagpipe'],
'services': ['neutron-server'],
- 'notification': False,
+ 'services_ovn': ['ovn-central'],
+ 'notification': {},
'dpdk': false,
'cors': {},
'audit': {
'enabled': false
- }
+ },
+ 'logging': {
+ 'log_appender': false,
+ 'log_handlers': {
+ 'watchedfile': {
+ 'enabled': true
+ }
+ },
+ },
},
-}, merge=pillar.neutron.get('server', {})) %}
+}, merge=pillar.neutron.get('server', {}), base='BaseDefaults') %}
{% set client = salt['grains.filter_by']({
'Debian': {
@@ -65,21 +152,29 @@
},
}, merge=pillar.neutron.get('client', {})) %}
-{%- if pillar.neutron.server is defined %}
+{% set fwaas = salt['grains.filter_by']({
+ 'default': {
+ 'v1': {
+ 'driver': 'iptables',
+ 'l3_extension': 'fwaas',
+ 'service_plugin': 'firewall',
+ },
+ 'v2': {
+ 'driver': 'iptables_v2',
+ 'l3_extension': 'fwaas_v2',
+ 'service_plugin': 'firewall_v2',
+ },
+ 'pkgs': ['python-neutron-fwaas'],
+ 'api_version': 'v1',
+ },
+}, merge=pillar.neutron.get('fwaas', {}), base='default') %}
-{%- set tmp_server = pillar.neutron.server %}
-{%- if not tmp_server.backend is defined %}
-
-{%- if pillar.opencontrail is defined and tmp_server.plugin == "contrail" %}
-
-{%- from "opencontrail/map.jinja" import config with context %}
-
-{%- set backend = {'engine': tmp_server.plugin, 'host': config.discovery.host, 'token': config.identity.token, 'user': config.identity.user, 'password': config.identity.password, 'tenant': config.identity.tenant} %}
-{%- set tmp = server.update({'backend': backend}) %}
-
-{%- endif %}
-
-{%- endif %}
-
-{%- endif %}
+{% set monitoring = salt['grains.filter_by']({
+ 'default': {
+ 'error_log_rate': 0.2,
+ 'endpoint_failed_major_threshold': 0.5,
+ 'agents_failed_minor_threshold': 0.3,
+ 'agents_failed_major_threshold': 0.6,
+ },
+}, grain='os_family', merge=salt['pillar.get']('neutron:monitoring')) %}
diff --git a/neutron/meta/fluentd.yml b/neutron/meta/fluentd.yml
new file mode 100644
index 0000000..5a5ca1d
--- /dev/null
+++ b/neutron/meta/fluentd.yml
@@ -0,0 +1,110 @@
+{%- if pillar.get('fluentd', {}).get('agent', {}).get('enabled', False) %}
+{%- set positiondb = pillar.fluentd.agent.dir.positiondb %}
+agent:
+ config:
+ label:
+ forward_input:
+ input:
+ generic_forward_input:
+ type: forward
+ bind: 0.0.0.0
+ port: 24224
+ match:
+ route_openstack_neutron:
+ tag: openstack.neutron.*
+ type: relabel
+ label: openstack_neutron
+ openstack_neutron:
+ filter:
+ set_neutron_fields:
+ tag: openstack.neutron.*
+ type: record_transformer
+ enable_ruby: true
+ record:
+ - name: Severity
+ value: ${ {'TRACE'=>7,'DEBUG'=>7,'INFO'=>6,'AUDIT'=>6,'WARNING'=>4,'ERROR'=>3,'CRITICAL'=>2}[record['level']].to_i }
+ - name: severity_label
+ value: ${ record['level'] }
+ - name: programname
+ value: neutron-${ tag_parts[2] }
+ - name: Payload
+ value: ${ record['message'] }
+ - name: python_module
+ value: ${ record['name'] }
+ parse_http_stats:
+ tag: openstack.neutron
+ type: parser
+ key_name: Payload
+ reserve_data: true
+ emit_invalid_record_to_error: false
+ parser:
+ type: regexp
+ # Parse openstack http stats: https://regex101.com/r/Tf0XUK/3/
+ format: '\"(?<http_method>GET|POST|OPTIONS|DELETE|PUT|HEAD|TRACE|CONNECT|PATCH)\s(?<http_url>\S+)\s(?<http_version>[.\/\dHTFSP]+)\"(\sstatus:|)\s(?<http_status>\d{3})(\slen:|)\s(?<http_response_size>\d+)(\stime:|)\s(?<http_response_time>\d+\.\d+)'
+ types: http_response_time:float
+ match:
+ unify_tag:
+ tag: openstack.neutron.*
+ type: rewrite_tag_filter
+ rule:
+ - name: level
+ regexp: '.*'
+ result: openstack.neutron
+ send_to_default:
+ tag: openstack.neutron
+ type: copy
+ store:
+ - type: relabel
+ label: default_output
+ - type: rewrite_tag_filter
+ rule:
+ - name: severity_label
+ regexp: '.'
+ result: metric.neutron_log_messages
+ - type: rewrite_tag_filter
+ rule:
+ - name: http_status
+ regexp: '.'
+ result: metric.neutron_openstack_http_response
+ push_to_metric:
+ tag: 'metric.**'
+ type: relabel
+ label: default_metric
+ default_metric:
+ filter:
+ neutron_logs_per_severity:
+ tag: metric.neutron_log_messages
+ require:
+ - add_general_fields
+ type: prometheus
+ metric:
+ - name: log_messages
+ type: counter
+ desc: Total number of log lines by severity
+ label:
+ - name: service
+ value: neutron
+ - name: level
+ value: ${severity_label}
+ - name: host
+ value: ${Hostname}
+ neutron_openstack_http_response_times:
+ tag: metric.neutron_openstack_http_response
+ require:
+ - add_general_fields
+ type: prometheus
+ metric:
+ - name: openstack_http_response_times
+ type: summary
+ desc: Total number of requests per method and status
+ key: http_response_time
+ label:
+ - name: http_method
+ value: ${http_method}
+ - name: http_status
+ value: ${http_status}
+ - name: service
+ value: neutron
+ - name: host
+ value: ${Hostname}
+{% endif %}
\ No newline at end of file
diff --git a/neutron/meta/grafana.yml b/neutron/meta/grafana.yml
index 55f0401..6d8278e 100644
--- a/neutron/meta/grafana.yml
+++ b/neutron/meta/grafana.yml
@@ -1,5 +1,6 @@
dashboard:
service_level:
+ datasource: influxdb
row:
neutron-service-level:
title: Neutron Service Levels
@@ -60,7 +61,8 @@
alias: "Fatal"
rawQuery: true
query: SELECT count(max) FROM openstack_neutron_http_response_times WHERE environment_label = '$environment' AND http_status = '5xx' AND $timeFilter
- main:
+ main_influxdb:
+ datasource: influxdb
row:
ost-control-plane:
title: OpenStack Control Plane
@@ -89,11 +91,52 @@
cluster_status:
rawQuery: true
query: SELECT last(value) FROM cluster_status WHERE cluster_name = 'neutron-data' AND environment_label = '$environment' AND $timeFilter GROUP BY time($interval) fill(null)
- neutron:
+{%- endif %}
+ main_prometheus:
+ datasource: prometheus
+ row:
+ ost-control-plane:
+ title: OpenStack Control Plane
+ panel:
+ neutron:
+ title: Neutron
+ links:
+ - dashboard: Neutron
+ title: Neutron
+ type: dashboard
+ target:
+ cluster_status:
+ expr: avg(openstack_api_check_status{service=~"neutron.*"})
+{%- if pillar.neutron.get('server', {}).get('backend', {}).engine is defined and pillar.neutron.server.backend.engine == "ml2" %}
+ neutron_influxdb:
+ datasource: influxdb
format: json
template: neutron/files/grafana_dashboards/neutron_openvswitch_influxdb.json
+{%- if pillar.get('fluentd', {}).get('agent', {}).get('enabled', False) %}
+ neutron_prometheus:
+ datasource: prometheus
+ format: json
+ template: neutron/files/grafana_dashboards/neutron_openvswitch_prometheus_fluentd.json
+{%- else %}
+ neutron_prometheus:
+ datasource: prometheus
+ format: json
+ template: neutron/files/grafana_dashboards/neutron_openvswitch_prometheus.json
+{%- endif %}
{%- elif pillar.neutron.server is defined %}
- neutron:
+ neutron_influxdb:
+ datasource: influxdb
format: json
template: neutron/files/grafana_dashboards/neutron_influxdb.json
+{%- if pillar.get('fluentd', {}).get('agent', {}).get('enabled', False) %}
+ neutron_prometheus:
+ datasource: prometheus
+ format: json
+ template: neutron/files/grafana_dashboards/neutron_prometheus_fluentd.json
+{%- else %}
+ neutron_prometheus:
+ datasource: prometheus
+ format: json
+ template: neutron/files/grafana_dashboards/neutron_prometheus.json
+{%- endif %}
{%- endif %}
diff --git a/neutron/meta/prometheus.yml b/neutron/meta/prometheus.yml
new file mode 100644
index 0000000..d6ff28e
--- /dev/null
+++ b/neutron/meta/prometheus.yml
@@ -0,0 +1,113 @@
+{%- from "neutron/map.jinja" import server, monitoring with context %}
+
+{%- if server.get('enabled', False) %}
+{%- set major_threshold = monitoring.endpoint_failed_major_threshold|float %}
+{%- raw %}
+server:
+ alert:
+ NeutronApiOutage:
+ if: >-
+ openstack_api_check_status{name="neutron"} == 0
+ labels:
+ severity: critical
+ service: neutron
+ annotations:
+ summary: "Neutron API outage"
+ description: >-
+ Neutron API is not accessible for the Neutron endpoint in the OpenStack service catalog.
+ NeutronApiEndpointDown:
+ if: >-
+ http_response_status{name="neutron-api"} == 0
+ for: 2m
+ labels:
+ severity: minor
+ service: neutron
+ annotations:
+ summary: "neutron-api endpoint is not accessible"
+ description: >-
+ The neutron-api endpoint on the {{ $labels.host }} node is not accessible for 2 minutes.
+{%- endraw %}
+ NeutronApiEndpointsDownMajor:
+ if: >-
+ count(http_response_status{name="neutron-api"} == 0) >= count(http_response_status{name="neutron-api"}) * {{ major_threshold }}
+ for: 2m
+ labels:
+ severity: major
+ service: neutron
+ annotations:
+ summary: "{{major_threshold * 100}}% of neutron-api endpoints are not accessible"
+ description: >-
+ {% raw %}{{ $value }} neutron-api endpoints (>= {% endraw %} {{major_threshold * 100}}{% raw %}%) are not accessible for 2 minutes.
+ NeutronApiEndpointsOutage:
+ if: >-
+ count(http_response_status{name="neutron-api"} == 0) == count(http_response_status{name="neutron-api"})
+ for: 2m
+ labels:
+ severity: critical
+ service: neutron
+ annotations:
+ summary: "neutron-api endpoints outage"
+ description: >-
+ All available neutron-api endpoints are not accessible for 2 minutes.
+{%- endraw %}
+{%- if server.get('backend', {}).engine is defined and server.backend.engine == "ml2" %}
+{%- set minor_threshold = monitoring.agents_failed_minor_threshold|float %}
+{%- set major_threshold = monitoring.agents_failed_major_threshold|float %}
+{%- raw %}
+ NeutronAgentDown:
+ if: >-
+ openstack_neutron_agent_state == 0
+ labels:
+ severity: minor
+ service: neutron
+ annotations:
+ summary: "{{ $labels.binary }} agent is down"
+ description: >-
+ The {{ $labels.binary }} agent on the {{ $labels.hostname }} node is down.
+{%- endraw %}
+ NeutronAgentsDownMinor:
+ if: >-
+ count(openstack_neutron_agent_state == 0) by (binary) >= on (binary) count(openstack_neutron_agent_state) by (binary) * {{minor_threshold}}
+ labels:
+ severity: minor
+ service: neutron
+ annotations:
+ summary: "{{minor_threshold * 100}}%{% raw %} of {{ $labels.binary }} agents are down"
+ description: >-
+ {{ $value }} {{ $labels.binary }} agents (>= {% endraw %} {{minor_threshold * 100}}%) are down.
+ NeutronAgentsDownMajor:
+ if: >-
+ count(openstack_neutron_agent_state == 0) by (binary) >= on (binary) count(openstack_neutron_agent_state) by (binary) * {{major_threshold}}
+ labels:
+ severity: major
+ service: neutron
+ annotations:
+ summary: "{{major_threshold * 100}}%{% raw %} of {{ $labels.binary }} agents are down"
+ description: >-
+ {{ $value }} {{ $labels.binary }} agents (>= {% endraw %} {{major_threshold * 100}}%) are down.
+{%- raw %}
+ NeutronAgentsOutage:
+ if: >-
+ count(openstack_neutron_agent_state == 0) by (binary) == on (binary) count(openstack_neutron_agent_state) by (binary)
+ labels:
+ severity: critical
+ service: neutron
+ annotations:
+ summary: "{{ $labels.binary }} agents outage"
+ description: >-
+ All {{ $labels.binary }} agents are down.
+{%- endraw %}
+ NeutronErrorLogsTooHigh:
+ {%- set log_threshold = monitoring.error_log_rate|float %}
+ if: >-
+ sum(rate(log_messages{service="neutron",level=~"(?i:(error|emergency|fatal))"}[5m])) without (level) > {{ log_threshold }}
+{%- raw %}
+ labels:
+ severity: warning
+ service: neutron
+ annotations:
+ summary: "High number of errors in Neutron logs"
+ description: "The average per-second rate of errors in Neutron logs on the {{ $labels.host }} node is {{ $value }} (as measured over the last 5 minutes)."
+{%- endraw %}
+{%- endif %}
+{%- endif %}
diff --git a/neutron/meta/sphinx.yml b/neutron/meta/sphinx.yml
index 20af434..f655e76 100644
--- a/neutron/meta/sphinx.yml
+++ b/neutron/meta/sphinx.yml
@@ -36,6 +36,6 @@
value: |
{%- for pkg in server.pkgs %}
{%- set pkg_version = "dpkg -l "+pkg+" | grep "+pkg+" | awk '{print $3}'" %}
- * {{ pkg }}: {{ salt['cmd.run'](pkg_version) }}
+ * {{ pkg }}: {{ salt['cmd.shell'](pkg_version) }}
{%- endfor %}
{%- endif %}
diff --git a/neutron/meta/telegraf.yml b/neutron/meta/telegraf.yml
new file mode 100644
index 0000000..86c317a
--- /dev/null
+++ b/neutron/meta/telegraf.yml
@@ -0,0 +1,9 @@
+{%- from "neutron/map.jinja" import server with context %}
+{%- if server.get('enabled', False) %}
+agent:
+ input:
+ http_response:
+ neutron-api:
+ address: "http://{{ server.bind.address|replace('0.0.0.0', '127.0.0.1') }}:{{ server.bind.port }}/"
+ expected_code: 200
+{%- endif %}
diff --git a/neutron/opendaylight/client.sls b/neutron/opendaylight/client.sls
new file mode 100644
index 0000000..fb5829f
--- /dev/null
+++ b/neutron/opendaylight/client.sls
@@ -0,0 +1,36 @@
+{%- if pillar.neutron.gateway is defined %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
+{%- else %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
+{%- endif %}
+
+python-networking-odl:
+ pkg.installed
+
+{%- if not grains.get('noservices', False) %}
+
+{%- set ovs_manager = [neutron.opendaylight.ovsdb_odl_iface] %}
+{%- do ovs_manager.append(neutron.opendaylight.ovsdb_server_iface) if neutron.opendaylight.ovsdb_server_iface is defined %}
+
+ovs_set_manager:
+ cmd.run:
+ - name: 'ovs-vsctl set-manager {{ ovs_manager|join(' ') }}'
+ - unless: 'ovs-vsctl get-manager | fgrep -qx {{ neutron.opendaylight.ovsdb_odl_iface }}'
+
+{%- if neutron.dpdk|default(False) %}
+{%- set ovs_hostconfig = ['--ovs_dpdk --vhostuser_mode=' ~ neutron.vhost_mode|default('server')] %}
+{%- do ovs_hostconfig.append('--vhostuser_socket_dir=' ~ neutron.vhost_socket_dir) if neutron.vhost_socket_dir is defined %}
+{%- else %}
+{%- set ovs_hostconfig = ['--noovs_dpdk'] %}
+{%- endif %}
+
+{%- do ovs_hostconfig.append('--local_ip=' ~ neutron.opendaylight.tunnel_ip) if neutron.opendaylight.tunnel_ip is defined %}
+{%- do ovs_hostconfig.append('--bridge_mapping=' ~ neutron.opendaylight.provider_mappings) if neutron.opendaylight.provider_mappings is defined %}
+
+neutron_odl_ovs_hostconfig:
+ cmd.run:
+ - name: 'neutron-odl-ovs-hostconfig {{ ovs_hostconfig|join(' ') }}'
+ - require:
+ - pkg: python-networking-odl
+
+{%- endif %}
diff --git a/neutron/server.sls b/neutron/server.sls
index b652193..21171bb 100644
--- a/neutron/server.sls
+++ b/neutron/server.sls
@@ -1,5 +1,35 @@
-{%- from "neutron/map.jinja" import server with context %}
+{%- from "neutron/map.jinja" import server, fwaas with context %}
+
+{%- if fwaas.get('enabled', False) %}
+include:
+- neutron.fwaas
+{%- endif %}
+
{%- if server.get('enabled', False) %}
+{% if grains.os_family == 'Debian' %}
+# This is here to avoid starting up wrongly configured service and to avoid
+# issue with restart limits on systemd.
+
+policy_rcd_present:
+ file.managed:
+ - name: /usr/sbin/policy-rc.d
+ - mode: 0775
+ - contents: "exit 101"
+ - require_in:
+ - pkg: neutron_server_packages
+
+policy_rcd_absent_ok:
+ file.absent:
+ - name: /usr/sbin/policy-rc.d
+ - require:
+ - pkg: neutron_server_packages
+
+policy_rcd_absent_onfail:
+ file.absent:
+ - name: /usr/sbin/policy-rc.d
+ - onfail:
+ - pkg: neutron_server_packages
+{% endif %}
neutron_server_packages:
pkg.installed:
@@ -36,10 +66,20 @@
{%- endif %}
- watch:
- file: /etc/neutron/neutron.conf
+ {%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca_neutron_server
+ {%- endif %}
+ {%- if server.database.get('ssl',{}).get('enabled', False) %}
+ - file: mysql_ca_neutron_server
+ {%- endif %}
{%- endif %}
-{% if server.backend.engine == "ml2" %}
+{% if server.backend.engine in ["ml2", "ovn"] %}
+
+ml2_packages:
+ pkg.installed:
+ - names: {{ server.pkgs_ml2 }}
/etc/neutron/plugins/ml2/ml2_conf.ini:
file.managed:
@@ -47,6 +87,9 @@
- template: jinja
- require:
- pkg: neutron_server_packages
+ - pkg: ml2_packages
+ - watch_in:
+ - service: neutron_server_services
ml2_plugin_link:
cmd.run:
@@ -68,12 +111,26 @@
{%- endif %}
+{%- if server.l2gw is defined %}
+{%- include "neutron/services/_l2gw.sls" %}
+{%- endif %}
+
+{%- if server.backend.get('opendaylight', False) %}
+python-networking-odl:
+ pkg.installed:
+ - require_in:
+ - pkg: neutron_server_packages
+{%- endif %}
+
/etc/neutron/neutron.conf:
file.managed:
- source: salt://neutron/files/{{ server.version }}/neutron-server.conf.{{ grains.os_family }}
- template: jinja
- require:
- pkg: neutron_server_packages
+ {%- if server.database.get('ssl',{}).get('enabled', False) %}
+ - file: mysql_ca_neutron_server
+ {%- endif %}
/etc/neutron/api-paste.ini:
file.managed:
@@ -82,6 +139,54 @@
- require:
- pkg: neutron_server_packages
+{%- for service_name in server.get('services', []) %}
+{%- if service_name != 'neutron-server' %}
+{{ service_name }}_default:
+ file.managed:
+ - name: /etc/default/{{ service_name }}
+ - source: salt://neutron/files/default
+ - template: jinja
+ - defaults:
+ service_name: {{ service_name }}
+ values: {{ server }}
+ - require:
+ - pkg: neutron_server_packages
+ - watch_in:
+ - service: neutron_server_services
+{%- endif %}
+{%- endfor %}
+
+{%- if server.logging.log_appender %}
+
+{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+neutron_server_fluentd_logger_package:
+ pkg.installed:
+ - name: python-fluent-logger
+{%- endif %}
+
+{%- for service_name in server.services %}
+{{ service_name }}_logging_conf:
+ file.managed:
+ - name: /etc/neutron/logging/logging-{{ service_name }}.conf
+ - source: salt://neutron/files/logging.conf
+ - template: jinja
+ - makedirs: True
+ - defaults:
+ service_name: {{ service_name }}
+ values: {{ server }}
+ - user: neutron
+ - group: neutron
+ - require:
+ - pkg: neutron_server_packages
+{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+ - pkg: neutron_server_fluentd_logger_package
+{%- endif %}
+ - watch_in:
+ - service: neutron_server_services
+{%- endfor %}
+
+{%- endif %}
+
{%- for name, rule in server.get('policy', {}).iteritems() %}
{%- if rule != None %}
@@ -119,6 +224,51 @@
{%- endif %}
+{%- if server.backend.engine == "ovn" %}
+
+ovn_packages:
+ pkg.installed:
+ - names: {{ server.pkgs_ovn }}
+
+{%- if not grains.get('noservices', False) %}
+
+remote_ovsdb_access:
+ cmd.run:
+ - name: "ovs-appctl -t ovsdb-server ovsdb-server/add-remote
+ ptcp:6640:{{ server.controller_vip }}"
+
+open_ovs_port:
+ iptables.append:
+ - table: filter
+ - chain: INPUT
+ - jump: ACCEPT
+ - dport: 6640
+ - proto: tcp
+ - save: True
+
+ovn_services:
+ service.running:
+ - names: {{ server.services_ovn }}
+ - enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - require:
+ - pkg: ovn_packages
+
+{%- if grains.os_family == 'Debian' %}
+/etc/default/ovn-central:
+ file.managed:
+ - source: salt://neutron/files/{{ server.version }}/ovn_central_options
+ - template: jinja
+ - require:
+ - pkg: ovn_packages
+ - watch_in:
+ - service: ovn_services
+{%- endif %}
+{%- endif %}
+{%- endif %}
+
{%- if server.backend.engine == "midonet" %}
/etc/neutron/plugins/midonet/midonet.ini:
@@ -175,6 +325,29 @@
{%- endif %}
{%- endif %}
+{% if server.get('bgp_vpn', {}).get('enabled', False) %}
+
+bgpvpn_packages:
+ pkg.installed:
+ - names: {{ server.pkgs_bgpvpn }}
+
+bgpvpn_db_manage:
+ cmd.run:
+ - name: neutron-db-manage --config-file /etc/neutron/neutron.conf --subproject networking-bgpvpn upgrade head
+ - require:
+ - file: /etc/neutron/neutron.conf
+ - pkg: bgpvpn_packages
+
+{% if server.bgp_vpn.driver == "bagpipe" %}
+
+bagpipe_packages:
+ pkg.installed:
+ - names: {{ server.pkgs_bagpipe }}
+
+{% endif %}
+
+{% endif %}
+
neutron_server_services:
service.running:
- names: {{ server.services }}
@@ -184,6 +357,12 @@
{%- endif %}
- watch:
- file: /etc/neutron/neutron.conf
+ {%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
+ - file: rabbitmq_ca_neutron_server
+ {%- endif %}
+ {%- if server.database.get('ssl',{}).get('enabled', False) %}
+ - file: mysql_ca_neutron_server
+ {%- endif %}
{%- if grains.get('virtual_subtype', None) == "Docker" %}
@@ -196,4 +375,33 @@
{%- endif %}
+
+{%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbitmq_ca_neutron_server:
+{%- if server.message_queue.ssl.cacert is defined %}
+ file.managed:
+ - name: {{ server.message_queue.ssl.cacert_file }}
+ - contents_pillar: neutron:server:message_queue:ssl:cacert
+ - mode: 0444
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+{%- endif %}
+
+{%- if server.database.get('ssl',{}).get('enabled', False) %}
+mysql_ca_neutron_server:
+{%- if server.database.ssl.cacert is defined %}
+ file.managed:
+ - name: {{ server.database.ssl.cacert_file }}
+ - contents_pillar: neutron:server:database:ssl:cacert
+ - mode: 0444
+ - makedirs: true
+{%- else %}
+ file.exists:
+ - name: {{ server.database.ssl.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+{%- endif %}
+
{%- endif %}
diff --git a/neutron/services/_bagpipe.sls b/neutron/services/_bagpipe.sls
new file mode 100644
index 0000000..76ed46b
--- /dev/null
+++ b/neutron/services/_bagpipe.sls
@@ -0,0 +1,28 @@
+{%- from "neutron/map.jinja" import compute with context %}
+
+bagpipe_packages:
+ pkg.installed:
+ - names: {{ compute.pkgs_bagpipe }}
+
+/etc/bagpipe-bgp/bgp.conf:
+ file.managed:
+ - source: salt://neutron/files/{{ compute.version }}/bagpipe-bgp.conf
+ - template: jinja
+ - require:
+ - pkg: bagpipe_packages
+
+mpls_interface:
+ cmd.run:
+ - name: "ovs-vsctl --may-exist add-br br-mpls -- set-fail-mode br-mpls secure"
+ - unless: "ovs-vsctl show | grep -w br-mpls"
+
+bagpipe-bgp:
+ service.running:
+ - enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - require:
+ - cmd: mpls_interface
+ - watch:
+ - file: /etc/bagpipe-bgp/bgp.conf
\ No newline at end of file
diff --git a/neutron/services/_l2gw.sls b/neutron/services/_l2gw.sls
new file mode 100644
index 0000000..f91b83e
--- /dev/null
+++ b/neutron/services/_l2gw.sls
@@ -0,0 +1,19 @@
+{%- from "neutron/map.jinja" import server with context %}
+{%- if server.l2gw.get('enabled', False) %}
+
+networking_l2gw_packages:
+ pkg.installed:
+ - names: {{ server.pkgs_l2gw }}
+
+/etc/neutron/l2gw_plugin.ini:
+ file.managed:
+ - source: salt://neutron/files/{{ server.version }}/l2gw/l2gw_plugin.ini
+ - template: jinja
+ - require_in:
+ - cmd: neutron_db_manage
+ - require:
+ - pkg: networking_l2gw_packages
+ - watch_in:
+ - service: neutron_server_services
+
+{%- endif %}
diff --git a/tests/pillar/compute_bgpvpn.sls b/tests/pillar/compute_bgpvpn.sls
new file mode 100644
index 0000000..78b7801
--- /dev/null
+++ b/tests/pillar/compute_bgpvpn.sls
@@ -0,0 +1,26 @@
+include:
+ - .compute_legacy
+
+neutron:
+ compute:
+ version: pike
+ bgp_vpn:
+ enabled: true
+ driver: bagpipe
+ bagpipe:
+ local_address: 192.168.20.20
+ peers: 192.168.20.30
+ autonomous_system: 64512
+ enable_rtc: True
+ backend:
+ extension:
+ bagpipe_bgpvpn:
+ enabled: True
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_pike:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/xenial pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/xenial/archive-mcppike.key"
\ No newline at end of file
diff --git a/tests/pillar/compute_dhcp.sls b/tests/pillar/compute_dhcp.sls
new file mode 100644
index 0000000..b19b0d9
--- /dev/null
+++ b/tests/pillar/compute_dhcp.sls
@@ -0,0 +1,27 @@
+neutron:
+ compute:
+ agent_mode: legacy
+ dhcp_lease_duration: 86400
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ mechanism:
+ ovs:
+ driver: openvswitch
+ dvr: false
+ dhcp_agent_enabled: true
+ enabled: true
+ external_access: false
+ local_ip: 10.1.0.105
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: password
+ workers: 2
+ version: ocata
diff --git a/tests/pillar/compute_dpdk.sls b/tests/pillar/compute_dpdk.sls
index c56fb81..dfaf10f 100644
--- a/tests/pillar/compute_dpdk.sls
+++ b/tests/pillar/compute_dpdk.sls
@@ -22,4 +22,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/compute_dvr.sls b/tests/pillar/compute_dvr.sls
index 8d5f7d5..f172d70 100644
--- a/tests/pillar/compute_dvr.sls
+++ b/tests/pillar/compute_dvr.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
\ No newline at end of file
diff --git a/tests/pillar/compute_dvr_fwaas_v1.sls b/tests/pillar/compute_dvr_fwaas_v1.sls
new file mode 100644
index 0000000..e1a61a5
--- /dev/null
+++ b/tests/pillar/compute_dvr_fwaas_v1.sls
@@ -0,0 +1,29 @@
+neutron:
+ compute:
+ agent_mode: dvr
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ mechanism:
+ ovs:
+ driver: openvswitch
+ dvr: true
+ enabled: true
+ external_access: true
+ local_ip: 10.1.0.105
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: password
+ workers: 2
+ version: ocata
+ fwaas:
+ enabled: true
+ version: ocata
+ api_version: v1
diff --git a/tests/pillar/compute_legacy.sls b/tests/pillar/compute_legacy.sls
index 154af25..943b35c 100644
--- a/tests/pillar/compute_legacy.sls
+++ b/tests/pillar/compute_legacy.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/compute_nonexternal_dvr.sls b/tests/pillar/compute_nonexternal_dvr.sls
index 8ce0da1..30c6f07 100644
--- a/tests/pillar/compute_nonexternal_dvr.sls
+++ b/tests/pillar/compute_nonexternal_dvr.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/compute_ovn.sls b/tests/pillar/compute_ovn.sls
new file mode 100644
index 0000000..0f4b580
--- /dev/null
+++ b/tests/pillar/compute_ovn.sls
@@ -0,0 +1,9 @@
+neutron:
+ compute:
+ enabled: true
+ version: ocata
+ local_ip: 10.2.0.105
+ controller_vip: 10.1.0.101
+ external_access: false
+ backend:
+ engine: ovn
diff --git a/tests/pillar/compute_qos.sls b/tests/pillar/compute_qos.sls
new file mode 100644
index 0000000..9c2b60d
--- /dev/null
+++ b/tests/pillar/compute_qos.sls
@@ -0,0 +1,28 @@
+neutron:
+ compute:
+ agent_mode: legacy
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ mechanism:
+ ovs:
+ driver: openvswitch
+ extension:
+ qos:
+ enabled: true
+ dvr: false
+ enabled: true
+ external_access: false
+ local_ip: 10.1.0.105
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: password
+ workers: 2
+ version: ocata
diff --git a/tests/pillar/compute_qos_sriov.sls b/tests/pillar/compute_qos_sriov.sls
new file mode 100644
index 0000000..34ee962
--- /dev/null
+++ b/tests/pillar/compute_qos_sriov.sls
@@ -0,0 +1,30 @@
+neutron:
+ compute:
+ agent_mode: legacy
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ sriov:
+ nic_one:
+ devname: eth1
+ physical_network: physnet3
+ mechanism:
+ ovs:
+ driver: openvswitch
+ dvr: false
+ enabled: true
+ qos: true
+ external_access: false
+ local_ip: 10.1.0.105
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: password
+ workers: 2
+ version: ocata
diff --git a/tests/pillar/compute_sriov.sls b/tests/pillar/compute_sriov.sls
index f5a106f..a080511 100644
--- a/tests/pillar/compute_sriov.sls
+++ b/tests/pillar/compute_sriov.sls
@@ -25,4 +25,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/control_bgpvpn.sls b/tests/pillar/control_bgpvpn.sls
new file mode 100644
index 0000000..d7b4d16
--- /dev/null
+++ b/tests/pillar/control_bgpvpn.sls
@@ -0,0 +1,17 @@
+include:
+ - .control_nodvr
+
+neutron:
+ server:
+ version: pike
+ bgp_vpn:
+ enabled: true
+ driver: bagpipe
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_pike:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/xenial pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/xenial/archive-mcppike.key"
\ No newline at end of file
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 763b549..1a1d30b 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -2,9 +2,13 @@
server:
enabled: true
fwaas: false
+ path_mtu: 1500
dns_domain: novalocal
tunnel_type: vxlan
version: liberty
+ api_workers: 2
+ rpc_workers: 2
+ dhcp_lease_duration: 86400
backend:
engine: contrail
#contrail_discovery_host
diff --git a/tests/pillar/control_dns.sls b/tests/pillar/control_dns.sls
new file mode 100644
index 0000000..5504798
--- /dev/null
+++ b/tests/pillar/control_dns.sls
@@ -0,0 +1,61 @@
+neutron:
+ server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ backend:
+ engine: ml2
+ external_mtu: 1500
+ mechanism:
+ ovs:
+ driver: openvswitch
+ tenant_network_types: flat,vxlan
+ extension:
+ dns:
+ enabled: true
+ engine: designate
+ url: http://127.0.0.1:9001/v2
+ bind:
+ address: 172.16.10.101
+ port: 9696
+ compute:
+ host: 127.0.0.1
+ password: workshop
+ region: RegionOne
+ tenant: service
+ user: nova
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ name: neutron
+ password: workshop
+ port: 3306
+ user: neutron
+ dns_domain: novalocal
+ dvr: false
+ enabled: true
+ qos: false
+ global_physnet_mtu: 1500
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ password: workshop
+ port: 35357
+ region: RegionOne
+ tenant: service
+ user: neutron
+ endpoint_type: internal
+ l3_ha: False
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ plugin: ml2
+ version: ocata
+ policy:
+ create_subnet: 'rule:admin_or_network_owner'
+ 'get_network:queue_id': 'rule:admin_only'
+ 'create_network:shared':
diff --git a/tests/pillar/control_dvr.sls b/tests/pillar/control_dvr.sls
index a6fc8b3..1bf7b7a 100644
--- a/tests/pillar/control_dvr.sls
+++ b/tests/pillar/control_dvr.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ml2
external_mtu: 1500
@@ -44,7 +47,6 @@
port: 5672
user: openstack
virtual_host: /openstack
- plugin: ml2
version: mitaka
policy:
create_subnet: 'rule:admin_or_network_owner'
diff --git a/tests/pillar/control_fwaas_v1.sls b/tests/pillar/control_fwaas_v1.sls
new file mode 100644
index 0000000..2ca5e0d
--- /dev/null
+++ b/tests/pillar/control_fwaas_v1.sls
@@ -0,0 +1,58 @@
+neutron:
+ server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ backend:
+ engine: ml2
+ external_mtu: 1500
+ mechanism:
+ ovs:
+ driver: openvswitch
+ tenant_network_types: flat,vxlan
+ bind:
+ address: 172.16.10.101
+ port: 9696
+ compute:
+ host: 127.0.0.1
+ password: workshop
+ region: RegionOne
+ tenant: service
+ user: nova
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ name: neutron
+ password: workshop
+ port: 3306
+ user: neutron
+ version: ocata
+ dns_domain: novalocal
+ dvr: false
+ enabled: true
+ global_physnet_mtu: 1500
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ password: workshop
+ port: 35357
+ region: RegionOne
+ tenant: service
+ user: neutron
+ endpoint_type: internal
+ l3_ha: false
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ policy:
+ create_subnet: 'rule:admin_or_network_owner'
+ 'get_network:queue_id': 'rule:admin_only'
+ 'create_network:shared':
+ fwaas:
+ enabled: true
+ version: ocata
+ api_version: v1
diff --git a/tests/pillar/control_l2gw.sls b/tests/pillar/control_l2gw.sls
new file mode 100644
index 0000000..b1c2065
--- /dev/null
+++ b/tests/pillar/control_l2gw.sls
@@ -0,0 +1,64 @@
+neutron:
+ server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ backend:
+ engine: ml2
+ external_mtu: 1500
+ mechanism:
+ ovs:
+ driver: openvswitch
+ tenant_network_types: flat,vxlan
+ bind:
+ address: 172.16.10.101
+ port: 9696
+ compute:
+ host: 127.0.0.1
+ password: unsegreto
+ region: RegionOne
+ tenant: service
+ user: nova
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ name: neutron
+ password: unsegreto
+ port: 3306
+ user: neutron
+ dns_domain: novalocal
+ dvr: false
+ enabled: true
+ global_physnet_mtu: 1500
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ password: unsegreto
+ port: 35357
+ region: RegionOne
+ tenant: service
+ user: neutron
+ endpoint_type: internal
+ l3_ha: False
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: unsegreto
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ policy:
+ create_subnet: 'rule:admin_or_network_owner'
+ 'get_network:queue_id': 'rule:admin_only'
+ 'create_network:shared':
+ version: pike
+ l2gw:
+ enabled: true
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_pike:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/xenial pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/xenial/archive-mcppike.key"
diff --git a/tests/pillar/control_lbaas_octavia.sls b/tests/pillar/control_lbaas_octavia.sls
new file mode 100644
index 0000000..cf4710c
--- /dev/null
+++ b/tests/pillar/control_lbaas_octavia.sls
@@ -0,0 +1,61 @@
+neutron:
+ server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ backend:
+ engine: ml2
+ external_mtu: 1500
+ mechanism:
+ ovs:
+ driver: openvswitch
+ tenant_network_types: flat,vxlan
+ bind:
+ address: 172.16.10.101
+ port: 9696
+ compute:
+ host: 127.0.0.1
+ password: workshop
+ region: RegionOne
+ tenant: service
+ user: nova
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ name: neutron
+ password: workshop
+ port: 3306
+ user: neutron
+ version: ocata
+ dns_domain: novalocal
+ dvr: false
+ enabled: true
+ global_physnet_mtu: 1500
+ lbaas:
+ enabled: true
+ providers:
+ octavia:
+ engine: octavia
+ driver_path: 'neutron_lbaas.drivers.octavia.driver.OctaviaDriver'
+ base_url: 'http://127.0.0.1:9876'
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ password: workshop
+ port: 35357
+ region: RegionOne
+ tenant: service
+ user: neutron
+ endpoint_type: internal
+ l3_ha: false
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ policy:
+ create_subnet: 'rule:admin_or_network_owner'
+ 'get_network:queue_id': 'rule:admin_only'
+ 'create_network:shared':
diff --git a/tests/pillar/control_nodvr.sls b/tests/pillar/control_nodvr.sls
index 0d18f6a..1000769 100644
--- a/tests/pillar/control_nodvr.sls
+++ b/tests/pillar/control_nodvr.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ml2
external_mtu: 1500
@@ -44,7 +47,6 @@
port: 5672
user: openstack
virtual_host: /openstack
- plugin: ml2
version: mitaka
policy:
create_subnet: 'rule:admin_or_network_owner'
diff --git a/tests/pillar/control_opendaylight.sls b/tests/pillar/control_opendaylight.sls
new file mode 100644
index 0000000..174790e
--- /dev/null
+++ b/tests/pillar/control_opendaylight.sls
@@ -0,0 +1,69 @@
+neutron:
+ server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ bind:
+ address: 172.16.10.101
+ port: 9696
+ compute:
+ host: 127.0.0.1
+ password: unsegreto
+ region: RegionOne
+ tenant: service
+ user: nova
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ name: neutron
+ password: unsegreto
+ port: 3306
+ user: neutron
+ dns_domain: novalocal
+ dvr: false
+ enabled: true
+ global_physnet_mtu: 1500
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ password: unsegreto
+ port: 35357
+ region: RegionOne
+ tenant: service
+ user: neutron
+ endpoint_type: internal
+ l3_ha: False
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: unsegreto
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ policy:
+ create_subnet: 'rule:admin_or_network_owner'
+ 'get_network:queue_id': 'rule:admin_only'
+ 'create_network:shared':
+ version: pike
+ backend:
+ engine: ml2
+ external_mtu: 1500
+ tenant_network_types: flat,vxlan
+ opendaylight: true
+ router: odl-router
+ host: 127.0.0.1
+ rest_api_port: 8282
+ user: admin
+ password: admin
+ ovsdb_connection: tcp:127.0.0.1:6639
+ mechanism:
+ ovs:
+ driver: opendaylight
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_pike:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/xenial pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/xenial/archive-mcppike.key"
diff --git a/tests/pillar/control_ovn.sls b/tests/pillar/control_ovn.sls
new file mode 100644
index 0000000..a173679
--- /dev/null
+++ b/tests/pillar/control_ovn.sls
@@ -0,0 +1,63 @@
+neutron:
+ server:
+ enabled: true
+ version: ocata
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ backend:
+ engine: ovn
+ external_mtu: 1500
+ mechanism:
+ ovn:
+ driver: ovn
+ tenant_network_types: "geneve,flat"
+ controller_vip: 172.16.10.101
+ dvr: false
+ l3_ha: false
+ dns_domain: novalocal
+ global_physnet_mtu: 1500
+ bind:
+ address: 172.16.10.101
+ port: 9696
+ compute:
+ host: 127.0.0.1
+ password: workshop
+ region: RegionOne
+ tenant: service
+ user: nova
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ name: neutron
+ password: workshop
+ port: 3306
+ user: neutron
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ password: workshop
+ port: 35357
+ region: RegionOne
+ tenant: service
+ user: neutron
+ endpoint_type: internal
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ ovn_ctl_opts:
+ db-nb-create-insecure-remote: 'yes'
+ db-sb-create-insecure-remote: 'yes'
+
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_ocata:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/ocata/xenial ocata main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
diff --git a/tests/pillar/control_qos.sls b/tests/pillar/control_qos.sls
new file mode 100644
index 0000000..ffc198f
--- /dev/null
+++ b/tests/pillar/control_qos.sls
@@ -0,0 +1,57 @@
+neutron:
+ server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ backend:
+ engine: ml2
+ external_mtu: 1500
+ mechanism:
+ ovs:
+ driver: openvswitch
+ tenant_network_types: flat,vxlan
+ extension:
+ qos:
+ enabled: true
+ bind:
+ address: 172.16.10.101
+ port: 9696
+ compute:
+ host: 127.0.0.1
+ password: workshop
+ region: RegionOne
+ tenant: service
+ user: nova
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ name: neutron
+ password: workshop
+ port: 3306
+ user: neutron
+ dns_domain: novalocal
+ dvr: false
+ enabled: true
+ global_physnet_mtu: 1500
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ password: workshop
+ port: 35357
+ region: RegionOne
+ tenant: service
+ user: neutron
+ endpoint_type: internal
+ l3_ha: False
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ version: ocata
+ policy:
+ create_subnet: 'rule:admin_or_network_owner'
+ 'get_network:queue_id': 'rule:admin_only'
+ 'create_network:shared':
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index 2eb905e..b584d72 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -1,7 +1,13 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
enabled: true
backend:
+ external_mtu: 1500
+ tenant_net_mtu: 9000
+ ironic_net_mtu: 9000
engine: contrail
#contrail_discovery_host
host: 127.0.0.1
@@ -10,6 +16,12 @@
password: password
token: token
tenant: admin
+ physnets:
+ sriov_net:
+ mtu: 9000 # Optional, defaults to 1500
+ vlan_range: '100:200' # Optional
+ ext_net2:
+ mtu: 1500
fwaas: false
dns_domain: novalocal
tunnel_type: vxlan
diff --git a/tests/pillar/gateway_dvr.sls b/tests/pillar/gateway_dvr.sls
index 2c47529..fb3acd6 100644
--- a/tests/pillar/gateway_dvr.sls
+++ b/tests/pillar/gateway_dvr.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
\ No newline at end of file
diff --git a/tests/pillar/gateway_legacy.sls b/tests/pillar/gateway_legacy.sls
index d9b7ef8..6ce2ba0 100644
--- a/tests/pillar/gateway_legacy.sls
+++ b/tests/pillar/gateway_legacy.sls
@@ -1,6 +1,7 @@
neutron:
gateway:
agent_mode: legacy
+ dhcp_lease_duration: 86400
backend:
engine: ml2
tenant_network_types: "flat,vxlan"
@@ -21,4 +22,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/gateway_legacy_fwaas_v1.sls b/tests/pillar/gateway_legacy_fwaas_v1.sls
new file mode 100644
index 0000000..8b52f6d
--- /dev/null
+++ b/tests/pillar/gateway_legacy_fwaas_v1.sls
@@ -0,0 +1,29 @@
+neutron:
+ gateway:
+ agent_mode: legacy
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ mechanism:
+ ovs:
+ driver: openvswitch
+ dvr: false
+ enabled: true
+ external_access: True
+ local_ip: 10.1.0.110
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: password
+ workers: 2
+ version: ocata
+ fwaas:
+ enabled: true
+ version: ocata
+ api_version: v1
diff --git a/tests/pillar/gateway_legacy_l2gw.sls b/tests/pillar/gateway_legacy_l2gw.sls
new file mode 100644
index 0000000..d3cd4a8
--- /dev/null
+++ b/tests/pillar/gateway_legacy_l2gw.sls
@@ -0,0 +1,37 @@
+neutron:
+ gateway:
+ agent_mode: legacy
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ mechanism:
+ ovs:
+ driver: openvswitch
+ dvr: false
+ enabled: true
+ external_access: True
+ local_ip: 10.1.0.110
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: unsegreto
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: password
+ workers: 2
+ version: pike
+ l2gw:
+ enabled: true
+ ovsdb_hosts:
+ ovsdbx: 10.164.5.33:6632
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_pike:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/xenial pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/xenial/archive-mcppike.key"
diff --git a/tests/pillar/gateway_legacy_opendaylight.sls b/tests/pillar/gateway_legacy_opendaylight.sls
new file mode 100644
index 0000000..8bf6b26
--- /dev/null
+++ b/tests/pillar/gateway_legacy_opendaylight.sls
@@ -0,0 +1,40 @@
+neutron:
+ gateway:
+ agent_mode: legacy
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ router: odl-router
+ ovsdb_connection: tcp:127.0.0.1:6639
+ mechanism:
+ ovs:
+ driver: opendaylight
+ dvr: false
+ enabled: true
+ external_access: True
+ local_ip: 10.1.0.110
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: unsegreto
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: unsegreto
+ workers: 2
+ version: pike
+ opendaylight:
+ ovsdb_server_iface: ptcp:6639:127.0.0.1
+ ovsdb_odl_iface: tcp:127.0.0.1:6640
+ tunnel_ip: 10.1.0.110
+ provider_mappings: physnet1:br-floating
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_pike:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/xenial pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/xenial/archive-mcppike.key"
diff --git a/tests/pillar/gateway_qos.sls b/tests/pillar/gateway_qos.sls
new file mode 100644
index 0000000..1f9756d
--- /dev/null
+++ b/tests/pillar/gateway_qos.sls
@@ -0,0 +1,28 @@
+neutron:
+ gateway:
+ agent_mode: legacy
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ mechanism:
+ ovs:
+ driver: openvswitch
+ extension:
+ qos:
+ enabled: true
+ dvr: false
+ enabled: true
+ external_access: True
+ local_ip: 10.1.0.110
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: workshop
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: password
+ workers: 2
+ version: ocata
diff --git a/tests/pillar/ssl.sls b/tests/pillar/ssl.sls
new file mode 100644
index 0000000..4eb9fa9
--- /dev/null
+++ b/tests/pillar/ssl.sls
@@ -0,0 +1,12 @@
+include:
+ - .control_cluster
+
+neutron:
+ server:
+ database:
+ ssl:
+ enabled: True
+ message_queue:
+ port: 5671
+ ssl:
+ enabled: True
diff --git a/tests/run_tests.sh b/tests/run_tests.sh
index a4cac88..a600206 100755
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@@ -37,7 +37,7 @@
log_info "Setting up Python virtualenv"
virtualenv $VENV_DIR
source ${VENV_DIR}/bin/activate
- pip install salt${PIP_SALT_VERSION}
+ python -m pip install salt${PIP_SALT_VERSION}
}
setup_pillar() {
@@ -113,8 +113,8 @@
}
salt_run() {
- [ -e ${VEN_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
- salt-call ${SALT_OPTS} $*
+ [ -e ${VENV_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
+ python $(which salt-call) ${SALT_OPTS} $*
}
prepare() {