Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / 25fbd65a9d207d6d718ce96926c7cbb241bf743b / . / README.rst
blob: e659bde2b6bcee4dd149dcebdeddc3820cfc4702 [file] [log] [blame]
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]1===============
2Neutron Formula
3===============
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]13Sample Pillars
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]24 allow_pagination: true
25 pagination_max_limit: 100
Mykyta Karpin253406d2017-12-08 17:01:37 +0200[diff] [blame]26 api_workers: 2
27 rpc_workers: 2
28 rpc_state_report_workers: 2
Michael Polenchuk1ff88652018-03-06 16:15:57 +0400[diff] [blame]29 root_helper_daemon: false
Michael Polenchuk2151b272018-06-19 18:32:31 +0400[diff] [blame]30 dhcp_lease_duration: 600
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]31 bind:
32 address: 172.20.0.1
33 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]34 database:
35 engine: mysql
36 host: 127.0.0.1
37 port: 3306
38 name: neutron
39 user: neutron
40 password: pwd
41 identity:
42 engine: keystone
43 host: 127.0.0.1
44 port: 35357
45 user: neutron
46 password: pwd
47 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]48 endpoint_type: internal
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]49 message_queue:
50 engine: rabbitmq
51 host: 127.0.0.1
52 port: 5672
53 user: openstack
54 password: pwd
55 virtual_host: '/openstack'
56 metadata:
57 host: 127.0.0.1
58 port: 8775
59 password: pass
Mykyta Karpin253406d2017-12-08 17:01:37 +0200[diff] [blame]60 workers: 2
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]61 audit:
62 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]63
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]64Note: The pagination is useful to retrieve a large bunch of resources,
65because a single request may fail (timeout). This is enabled with both
66parameters *allow_pagination* and *pagination_max_limit* as shown above.
67
Dmitry Ukov596ddcf2017-05-04 18:16:16 +0400[diff] [blame]68
69Configuration of policy.json file
70
71.. code-block:: yaml
72
73 neutron:
74 server:
75 ....
76 policy:
77 create_subnet: 'rule:admin_or_network_owner'
78 'get_network:queue_id': 'rule:admin_only'
79 # Add key without value to remove line from policy.json
80 'create_network:shared':
81
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]82Neutron LBaaSv2 enablement
83--------------------------
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]84
85.. code-block:: yaml
86
87 neutron:
88 server:
89 lbaas:
90 enabled: true
91 providers:
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]92 octavia:
93 engine: octavia
94 driver_path: 'neutron_lbaas.drivers.octavia.driver.OctaviaDriver'
95 base_url: 'http://127.0.0.1:9876'
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]96 avi_adc:
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]97 engine: avinetworks
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]98 driver_path: 'avi_lbaasv2.avi_driver.AviDriver'
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]99 controller_address: 10.182.129.239
100 controller_user: admin
101 controller_password: Cloudlab2016
102 controller_cloud_name: Default-Cloud
103 avi_adc2:
104 engine: avinetworks
105 ...
106
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]107Note: If the Contrail backend is set, Opencontrail loadbalancer would be enabled
108automatically. In this case lbaas should disabled in pillar:
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]109
110.. code-block:: yaml
111
112 neutron:
113 server:
114 lbaas:
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]115 enabled: false
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]116
Elena Ezhova166d4012017-08-17 12:53:52 +0400[diff] [blame]117
118Neutron FWaaSv1 enablement
119--------------------------
120
121.. code-block:: yaml
122
123 neutron:
124 fwaas:
125 enabled: true
126 version: ocata
127 api_version: v1
128
129
Ondrej Smola12ff8192017-04-28 12:39:11 +0200[diff] [blame]130Enable CORS parameters
Elena Ezhova166d4012017-08-17 12:53:52 +0400[diff] [blame]131----------------------
Ondrej Smola12ff8192017-04-28 12:39:11 +0200[diff] [blame]132
133.. code-block:: yaml
134
135 neutron:
136 server:
137 cors:
138 allowed_origin: https:localhost.local,http:localhost.local
139 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
140 allow_methods: GET,PUT,POST,DELETE,PATCH
141 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
142 allow_credentials: True
143 max_age: 86400
144
145
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]146Neutron VXLAN tenant networks with Network nodes
147------------------------------------------------
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]148
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]149With DVR for East-West and Network node for North-South.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]150
151This use case describes a model utilising VxLAN overlay with DVR. The DVR
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]152routers will only be utilized for traffic that is router within the cloud
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]153infrastructure and that remains encapsulated. External traffic will be
154routed to via the network nodes.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]155
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]156The intention is that each tenant will require at least two (2) vrouters
157one to be utilised
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]158
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]159Neutron Server
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]160
161.. code-block:: yaml
162
163 neutron:
164 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]165 version: mitaka
Dmitry Stremkouski3c1be3e2017-11-18 11:04:20 +0300[diff] [blame]166 path_mtu: 1500
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]167 bind:
168 address: 172.20.0.1
169 port: 9696
170 database:
171 engine: mysql
172 host: 127.0.0.1
173 port: 3306
174 name: neutron
175 user: neutron
176 password: pwd
177 identity:
178 engine: keystone
179 host: 127.0.0.1
180 port: 35357
181 user: neutron
182 password: pwd
183 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]184 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]185 message_queue:
186 engine: rabbitmq
187 host: 127.0.0.1
188 port: 5672
189 user: openstack
190 password: pwd
191 virtual_host: '/openstack'
192 global_physnet_mtu: 9000
193 l3_ha: False # Which type of router will be created by default
194 dvr: True # disabled for non DVR use case
195 backend:
196 engine: ml2
197 tenant_network_types: "flat,vxlan"
198 external_mtu: 9000
199 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]200 ovs:
201 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]202
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]203Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]204
205.. code-block:: yaml
206
207 neutron:
208 gateway:
209 enabled: True
210 version: mitaka
Michael Polenchuk2151b272018-06-19 18:32:31 +0400[diff] [blame]211 dhcp_lease_duration: 600
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]212 message_queue:
213 engine: rabbitmq
214 host: 127.0.0.1
215 port: 5672
216 user: openstack
217 password: pwd
218 virtual_host: '/openstack'
219 local_ip: 192.168.20.20 # br-mesh ip address
220 dvr: True # disabled for non DVR use case
221 agent_mode: dvr_snat
222 metadata:
223 host: 127.0.0.1
224 password: pass
225 backend:
226 engine: ml2
227 tenant_network_types: "flat,vxlan"
228 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]229 ovs:
230 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]231
232Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]233
234.. code-block:: yaml
235
236 neutron:
237 compute:
238 enabled: True
239 version: mitaka
240 message_queue:
241 engine: rabbitmq
242 host: 127.0.0.1
243 port: 5672
244 user: openstack
245 password: pwd
246 virtual_host: '/openstack'
247 local_ip: 192.168.20.20 # br-mesh ip address
248 dvr: True # disabled for non DVR use case
249 agent_mode: dvr
250 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
251 metadata:
252 host: 127.0.0.1
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]253 password: pass
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]254 backend:
255 engine: ml2
256 tenant_network_types: "flat,vxlan"
257 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]258 ovs:
259 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]260 audit:
261 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]262
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]263
Dmitry Stremkouskia3a4ab42017-10-23 17:37:12 +0300[diff] [blame]264Disable physnet1 bridge
265-----------------------
266
267By default we have external access turned on, so among any physnets in
268your reclass there would be additional one: physnet1, which is mapped to
269br-floating
270
271If you need internal nets only without this bridge, remove br-floating
272and configurations mappings. Disable mappings for this bridge on
273neutron-servers:
274
275.. code-block:: yaml
276
277 neutron:
278 server:
279 external_access: false
280
281gateways:
282
283.. code-block:: yaml
284
285 neutron:
286 gateway:
287 external_access: false
288
289compute nodes:
290
291.. code-block:: yaml
292
293 neutron:
294 compute:
295 external_access: false
296
297
Marcin Iwinskic50137a2018-01-22 14:18:24 +0100[diff] [blame]298Add additional bridge mappings for OVS bridges
299----------------------------------------------
300
301By default we have external access turned on, so among any physnets in
302your reclass there would be additional one: physnet1, which is mapped to
303br-floating
304
305If you need to add extra non-default bridge mappings they can be defined
306separately for both gateways and compute nodes:
307
308gateways:
309
310.. code-block:: yaml
311
312 neutron:
313 gateway:
314 bridge_mappings:
315 physnet4: br-floating-internet
316
317compute nodes:
318
319.. code-block:: yaml
320
321 neutron:
322 compute:
323 bridge_mappings:
324 physnet4: br-floating-internet
325
326
Dmitry Stremkouski4b410222017-11-18 11:29:55 +0300[diff] [blame]327Specify different mtu values for different physnets
328---------------------------------------------------
329
330Neutron Server
331
332.. code-block:: yaml
333
334 neutron:
335 server:
336 version: mitaka
337 backend:
338 external_mtu: 1500
339 tenant_net_mtu: 9000
340 ironic_net_mtu: 9000
341
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]342Neutron VXLAN tenant networks with Network Nodes (non DVR)
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]343----------------------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]344
345This section describes a network solution that utilises VxLAN overlay
346 networks without DVR with all routers being managed on the network nodes.
347
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]348Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]349
350.. code-block:: yaml
351
352 neutron:
353 server:
354 version: mitaka
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]355 bind:
356 address: 172.20.0.1
357 port: 9696
358 database:
359 engine: mysql
360 host: 127.0.0.1
361 port: 3306
362 name: neutron
363 user: neutron
364 password: pwd
365 identity:
366 engine: keystone
367 host: 127.0.0.1
368 port: 35357
369 user: neutron
370 password: pwd
371 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]372 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]373 message_queue:
374 engine: rabbitmq
375 host: 127.0.0.1
376 port: 5672
377 user: openstack
378 password: pwd
379 virtual_host: '/openstack'
380 global_physnet_mtu: 9000
381 l3_ha: True
382 dvr: False
383 backend:
384 engine: ml2
385 tenant_network_types= "flat,vxlan"
386 external_mtu: 9000
387 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]388 ovs:
389 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]390
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]391Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]392
393.. code-block:: yaml
394
395 neutron:
396 gateway:
397 enabled: True
398 version: mitaka
399 message_queue:
400 engine: rabbitmq
401 host: 127.0.0.1
402 port: 5672
403 user: openstack
404 password: pwd
405 virtual_host: '/openstack'
406 local_ip: 192.168.20.20 # br-mesh ip address
407 dvr: False
408 agent_mode: legacy
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]409 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]410 metadata:
411 host: 127.0.0.1
412 password: pass
413 backend:
414 engine: ml2
415 tenant_network_types: "flat,vxlan"
416 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]417 ovs:
418 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]419
420Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]421
422.. code-block:: yaml
423
424 neutron:
425 compute:
426 enabled: True
427 version: mitaka
428 message_queue:
429 engine: rabbitmq
430 host: 127.0.0.1
431 port: 5672
432 user: openstack
433 password: pwd
434 virtual_host: '/openstack'
435 local_ip: 192.168.20.20 # br-mesh ip address
436 external_access: False
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]437 dvr: False
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]438 backend:
439 engine: ml2
440 tenant_network_types: "flat,vxlan"
441 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]442 ovs:
443 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]444
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]445Neutron VXLAN tenant networks with Network Nodes with DVR
446---------------------------------------------------------
447
448With DVR for East-West and North-South, DVR everywhere, Network node for SNAT.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]449
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]450This section describes a network solution that utilises VxLAN
451overlay networks with DVR with North-South and East-West. Network
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]452Node is used only for SNAT.
453
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]454Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]455
456.. code-block:: yaml
457
458 neutron:
459 server:
460 version: mitaka
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]461 bind:
462 address: 172.20.0.1
463 port: 9696
464 database:
465 engine: mysql
466 host: 127.0.0.1
467 port: 3306
468 name: neutron
469 user: neutron
470 password: pwd
471 identity:
472 engine: keystone
473 host: 127.0.0.1
474 port: 35357
475 user: neutron
476 password: pwd
477 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]478 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]479 message_queue:
480 engine: rabbitmq
481 host: 127.0.0.1
482 port: 5672
483 user: openstack
484 password: pwd
485 virtual_host: '/openstack'
486 global_physnet_mtu: 9000
487 l3_ha: False
488 dvr: True
489 backend:
490 engine: ml2
491 tenant_network_types= "flat,vxlan"
492 external_mtu: 9000
493 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]494 ovs:
495 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]496
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]497Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]498
499.. code-block:: yaml
500
501 neutron:
502 gateway:
503 enabled: True
504 version: mitaka
505 message_queue:
506 engine: rabbitmq
507 host: 127.0.0.1
508 port: 5672
509 user: openstack
510 password: pwd
511 virtual_host: '/openstack'
512 local_ip: 192.168.20.20 # br-mesh ip address
513 dvr: True
514 agent_mode: dvr_snat
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]515 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]516 metadata:
517 host: 127.0.0.1
518 password: pass
519 backend:
520 engine: ml2
521 tenant_network_types: "flat,vxlan"
522 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]523 ovs:
524 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]525
526Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]527
528.. code-block:: yaml
529
530 neutron:
531 compute:
532 enabled: True
533 version: mitaka
534 message_queue:
535 engine: rabbitmq
536 host: 127.0.0.1
537 port: 5672
538 user: openstack
539 password: pwd
540 virtual_host: '/openstack'
541 local_ip: 192.168.20.20 # br-mesh ip address
542 dvr: True
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]543 external_access: True
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]544 agent_mode: dvr
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]545 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]546 metadata:
547 host: 127.0.0.1
548 password: pass
549 backend:
550 engine: ml2
551 tenant_network_types: "flat,vxlan"
552 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]553 ovs:
554 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]555
556Sample Linux network configuration for DVR
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]557
558.. code-block:: yaml
559
560 linux:
561 network:
562 bridge: openvswitch
563 interface:
564 eth1:
565 enabled: true
566 type: eth
567 mtu: 9000
568 proto: manual
569 eth2:
570 enabled: true
571 type: eth
572 mtu: 9000
573 proto: manual
574 eth3:
575 enabled: true
576 type: eth
577 mtu: 9000
578 proto: manual
579 br-int:
580 enabled: true
581 mtu: 9000
582 type: ovs_bridge
583 br-floating:
584 enabled: true
585 mtu: 9000
586 type: ovs_bridge
587 float-to-ex:
588 enabled: true
589 type: ovs_port
590 mtu: 65000
591 bridge: br-floating
592 br-mgmt:
593 enabled: true
594 type: bridge
595 mtu: 9000
596 address: ${_param:single_address}
597 netmask: 255.255.255.0
598 use_interfaces:
599 - eth1
600 br-mesh:
601 enabled: true
602 type: bridge
603 mtu: 9000
604 address: ${_param:tenant_address}
605 netmask: 255.255.255.0
606 use_interfaces:
607 - eth2
608 br-ex:
609 enabled: true
610 type: bridge
611 mtu: 9000
612 address: ${_param:external_address}
613 netmask: 255.255.255.0
614 use_interfaces:
615 - eth3
616 use_ovs_ports:
617 - float-to-ex
618
Thom Gerdes3282d072017-05-30 22:06:04 +0000[diff] [blame]619Additonal VXLAN tenant network settings
620---------------------------------------
621
622The default multicast group of 224.0.0.1 only multicasts to a single subnet.
623Allow overriding it to allow larger underlay network topologies.
624
625Neutron Server
626
627.. code-block:: yaml
628
629 neutron:
630 server:
631 vxlan:
632 group: 239.0.0.0/8
633 vni_ranges: "2:65535"
634
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]635Neutron VLAN tenant networks with Network Nodes
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]636-----------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]637
638VLAN tenant provider
639
640Neutron Server only
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]641
642.. code-block:: yaml
643
644 neutron:
645 server:
646 version: mitaka
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]647 ...
648 global_physnet_mtu: 9000
649 l3_ha: False
650 dvr: True
651 backend:
652 engine: ml2
653 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
654 tenant_vlan_range: "1000:2000"
655 external_vlan_range: "100:200" # Does not have to be defined.
656 external_mtu: 9000
657 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]658 ovs:
659 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]660
661Compute node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]662
663.. code-block:: yaml
664
665 neutron:
666 compute:
667 version: mitaka
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]668 ...
669 dvr: True
670 agent_mode: dvr
671 external_access: False
672 backend:
673 engine: ml2
674 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
675 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]676 ovs:
677 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]678
Oleg Bondarevada324f2018-06-04 14:55:38 +0400[diff] [blame]679Neutron with additional physical networks
680-----------------------------------------
681
682Neutron Server only
683
684.. code-block:: yaml
685
686 neutron:
687 server:
688 version: ocata
689 ...
690 backend:
691 engine: ml2
692 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
693 ...
694 # also need to configure corresponding additional bridge_mappings on
695 # compute and gateway nodes
696 physnets:
697 sriov_net:
698 mtu: 9000 # Optional, defaults to 1500
699 vlan_range: '100:200' # Optional
700 ext_net2:
701 mtu: 1500
702 mechanism:
703 ovs:
704 driver: openvswitch
705
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]706Advanced Neutron Features (DPDK, SR-IOV)
Oleg Bondarev0575ae42017-07-28 16:36:25 +0400[diff] [blame]707----------------------------------------
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]708
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]709Neutron OVS DPDK
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]710
711Enable datapath netdev for neutron openvswitch agent
712
713.. code-block:: yaml
714
715 neutron:
716 server:
717 version: mitaka
718 ...
719 dpdk: True
720 ...
721
722 neutron:
723 compute:
724 version: mitaka
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]725 dpdk: True
Michael Polenchuk52911652018-04-12 22:09:49 +0400[diff] [blame]726 vhost_mode: client # options: client|server (default)
Oleg Bondarevee7e8302017-10-16 17:20:38 +0400[diff] [blame]727 vhost_socket_dir: /var/run/openvswitch
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]728 backend:
729 engine: ml2
730 ...
731 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]732 ovs:
733 driver: openvswitch
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]734
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]735Neutron OVS SR-IOV
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]736
737.. code-block:: yaml
738
739 neutron:
740 server:
741 version: mitaka
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]742 backend:
743 engine: ml2
744 ...
745 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]746 ovs:
747 driver: openvswitch
748 sriov:
749 driver: sriovnicswitch
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]750
751 neutron:
752 compute:
753 version: mitaka
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]754 ...
755 backend:
756 engine: ml2
757 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
758 sriov:
759 nic_one:
760 devname: eth1
761 physical_network: physnet3
762 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]763 ovs:
764 driver: openvswitch
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]765
Ilya Chukhnakovf4c2bb32017-06-08 02:03:15 +0300[diff] [blame]766Neutron with VLAN-aware-VMs
Oleg Bondarev0575ae42017-07-28 16:36:25 +0400[diff] [blame]767---------------------------
Ilya Chukhnakovf4c2bb32017-06-08 02:03:15 +0300[diff] [blame]768
769.. code-block:: yaml
770
771 neutron:
772 server:
773 vlan_aware_vms: true
774 ....
775 compute:
776 vlan_aware_vms: true
777 ....
778 gateway:
779 vlan_aware_vms: true
780
Oleg Bondarevacb2e532018-03-06 10:43:59 +0400[diff] [blame]781Neutron with BGP VPN (BaGPipe driver)
Oleg Bondarevb63d27f2018-02-14 19:21:06 +0400[diff] [blame]782---------------------------
783
784.. code-block:: yaml
785
786 neutron:
787 server:
788 version: pike
789 bgp_vpn:
Oleg Bondarevacb2e532018-03-06 10:43:59 +0400[diff] [blame]790 enabled: true
Oleg Bondarevb63d27f2018-02-14 19:21:06 +0400[diff] [blame]791 driver: bagpipe # Options: bagpipe/opencontrail/opendaylight
792 ....
793 compute:
794 version: pike
795 bgp_vpn:
Oleg Bondarevacb2e532018-03-06 10:43:59 +0400[diff] [blame]796 enabled: true
Oleg Bondarevb63d27f2018-02-14 19:21:06 +0400[diff] [blame]797 driver: bagpipe # Options: bagpipe/opencontrail/opendaylight
Oleg Bondarevacb2e532018-03-06 10:43:59 +0400[diff] [blame]798 bagpipe:
799 local_address: 192.168.20.20 # IP address for mpls/gre tunnels
800 peers: 192.168.20.30 # IP addresses of BGP peers
801 autonomous_system: 64512 # Autonomous System number
802 enable_rtc: True # Enable RT Constraint (RFC4684)
Oleg Bondarevb63d27f2018-02-14 19:21:06 +0400[diff] [blame]803 backend:
Oleg Bondarev878ac462018-04-23 17:48:15 +0400[diff] [blame]804 ovs_extension: # for OVS agent only, not supported in SRIOV agent
Oleg Bondarevb63d27f2018-02-14 19:21:06 +0400[diff] [blame]805 bagpipe_bgpvpn:
806 enabled: True
807
Oleksii Chupryn16cb4e02018-02-26 14:20:39 +0200[diff] [blame]808Neutron with DHCP agent on compute node
809---------------------------------------
810
811.. code-block:: yaml
812
813 neutron:
814 ....
815 compute:
816 dhcp_agent_enabled: true
817 ....
818
Oleg Bondarev0575ae42017-07-28 16:36:25 +0400[diff] [blame]819Neutron with OVN
820----------------
821
822Control node:
823
824.. code-block:: yaml
825
826 neutron:
827 server:
828 backend:
829 engine: ovn
830 mechanism:
831 ovn:
832 driver: ovn
833 tenant_network_types: "geneve,flat"
Michael Polenchukf59229b2018-06-19 16:24:49 +0400[diff] [blame]834 ovn:
835 ovn_l3_scheduler: leastloaded # valid options: chance, leastloaded
836 neutron_sync_mode: repair # valid options: log, off, repair
Michael Polenchuka3d492b2017-12-27 15:49:43 +0400[diff] [blame]837 ovn_ctl_opts:
838 db-nb-create-insecure-remote: 'yes'
839 db-sb-create-insecure-remote: 'yes'
Oleg Bondarev0575ae42017-07-28 16:36:25 +0400[diff] [blame]840
841Compute node:
842
843.. code-block:: yaml
844
845 neutron:
846 compute:
847 local_ip: 10.2.0.105
848 controller_vip: 10.1.0.101
849 external_access: false
850 backend:
851 engine: ovn
852
Michael Polenchukcccd1a52018-02-02 17:41:16 +0400[diff] [blame]853
854Neutron L2 Gateway
855----------------
856
857Control node:
858
859.. code-block:: yaml
860
861 neutron:
862 server:
863 version: pike
864 l2gw:
865 enabled: true
866 periodic_monitoring_interval: 5
867 quota_l2_gateway: 20
868 # service_provider=<service_type>:<name>:<driver>[:default]
869 service_provider: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
870 backend:
871 engine: ml2
872
873Network/Gateway node:
874
875.. code-block:: yaml
876
877 neutron:
878 gateway:
879 version: pike
880 l2gw:
881 enabled: true
882 debug: true
883 socket_timeout: 20
884 ovsdb_hosts:
885 # <ovsdb_name>: <ip address>:<port>
886 # - ovsdb_name: a user defined symbolic identifier of physical switch
887 # - ip address: the address or dns name for the OVSDB server (i.e. pointer to the switch)
888 ovsdb1: 10.164.5.33:6632
889 ovsdb2: 10.164.4.33:6632
890
891
Michael Polenchuk87d2b742017-06-29 12:05:25 +0400[diff] [blame]892OpenDaylight integration
893------------------------
894
895Control node:
896
897.. code-block:: yaml
898
899 neutron:
900 server:
901 backend:
902 opendaylight: true
903 router: odl-router_v2
904 host: 10.20.0.77
905 rest_api_port: 8282
906 user: admin
907 password: admin
908 ovsdb_connection: tcp:127.0.0.1:6639
909 enable_websocket: true
910 enable_dhcp_service: false
911 mechanism:
912 ovs:
913 driver: opendaylight_v2
914
915Network/Gateway node:
916
917.. code-block:: yaml
918
919 neutron:
920 gateway:
921 backend:
922 router: odl-router_v2
923 ovsdb_connection: tcp:127.0.0.1:6639
924 opendaylight:
925 ovsdb_server_iface: ptcp:6639:127.0.0.1
926 ovsdb_odl_iface: tcp:10.20.0.77:6640
927 tunnel_ip: 10.1.0.110
928 provider_mappings: physnet1:br-floating
929
930Compute node:
931
932.. code-block:: yaml
933
934 neutron:
935 compute:
936 opendaylight:
937 ovsdb_server_iface: ptcp:6639:127.0.0.1
938 ovsdb_odl_iface: tcp:10.20.0.77:6640
939 tunnel_ip: 10.1.0.105
940 provider_mappings: physnet1:br-floating
941
942
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]943Neutron Server
944--------------
945
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]946Neutron Server with OpenContrail
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]947
948.. code-block:: yaml
949
950 neutron:
951 server:
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]952 backend:
953 engine: contrail
954 host: contrail_discovery_host
955 port: 8082
956 user: admin
957 password: password
958 tenant: admin
959 token: token
960
961Neutron Server with Midonet
962
963.. code-block:: yaml
964
965 neutron:
966 server:
967 backend:
968 engine: midonet
969 host: midonet_api_host
970 port: 8181
971 user: admin
972 password: password
973
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]974Neutron Keystone region
975
976.. code-block:: yaml
977
978 neutron:
979 server:
980 enabled: true
981 version: kilo
982 ...
983 identity:
984 region: RegionTwo
985 ...
986 compute:
987 region: RegionTwo
988 ...
989
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]990Client-side RabbitMQ HA setup
991
992.. code-block:: yaml
993
994 neutron:
995 server:
996 ....
997 message_queue:
998 engine: rabbitmq
999 members:
1000 - host: 10.0.16.1
1001 - host: 10.0.16.2
1002 - host: 10.0.16.3
1003 user: openstack
1004 password: pwd
1005 virtual_host: '/openstack'
1006 ....
1007
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1008
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1009Configuring TLS communications
1010------------------------------
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1011
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1012
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1013**Note:** by default system wide installed CA certs are used, so ``cacert_file`` param is optional, as well as ``cacert``.
1014
1015
1016- **RabbitMQ TLS**
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1017
1018.. code-block:: yaml
1019
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1020 neutron:
1021 server, gateway, compute:
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1022 message_queue:
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1023 port: 5671
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1024 ssl:
1025 enabled: True
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1026 (optional) cacert: cert body if the cacert_file does not exists
1027 (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
1028 (optional) version: TLSv1_2
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1029
1030
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1031- **MySQL TLS**
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1032
1033.. code-block:: yaml
1034
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1035 neutron:
1036 server:
1037 database:
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1038 ssl:
1039 enabled: True
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1040 (optional) cacert: cert body if the cacert_file does not exists
1041 (optional) cacert_file: /etc/openstack/mysql-ca.pem
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1042
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1043- **Openstack HTTPS API**
1044
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1045
1046.. code-block:: yaml
1047
Kirill Bespalovdd748b62017-11-21 10:42:57 +0300[diff] [blame]1048 neutron:
1049 server:
1050 identity:
1051 protocol: https
1052 (optional) cacert_file: /etc/openstack/proxy.pem
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]1053
1054
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]1055Enable auditing filter, ie: CADF
1056
1057.. code-block:: yaml
1058
1059 neutron:
1060 server:
1061 audit:
1062 enabled: true
1063 ....
1064 filter_factory: 'keystonemiddleware.audit:filter_factory'
1065 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
1066 ....
1067 compute:
1068 audit:
1069 enabled: true
1070 ....
1071 filter_factory: 'keystonemiddleware.audit:filter_factory'
1072 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
1073 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]1074
Oleg Bondarev98870a32017-05-29 16:53:19 +0400[diff] [blame]1075Neutron with security groups disabled
1076
1077.. code-block:: yaml
1078
1079 neutron:
1080 server:
1081 security_groups_enabled: False
1082 ....
1083 compute:
1084 security_groups_enabled: False
1085 ....
1086 gateway:
1087 security_groups_enabled: False
1088
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]1089
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]1090Neutron Client
1091--------------
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]1092
1093Neutron networks
1094
1095.. code-block:: yaml
1096
1097 neutron:
1098 client:
1099 enabled: true
1100 server:
1101 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]1102 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]1103 network:
1104 inet1:
1105 tenant: demo
1106 shared: False
1107 admin_state_up: True
1108 router_external: True
1109 provider_physical_network: inet
1110 provider_network_type: flat
1111 provider_segmentation_id: 2
1112 subnet:
1113 inet1-subnet1:
1114 cidr: 192.168.90.0/24
1115 enable_dhcp: False
1116 inet2:
1117 tenant: admin
1118 shared: False
1119 router_external: True
1120 provider_network_type: "vlan"
1121 subnet:
1122 inet2-subnet1:
1123 cidr: 192.168.92.0/24
1124 enable_dhcp: False
1125 inet2-subnet2:
1126 cidr: 192.168.94.0/24
1127 enable_dhcp: True
1128 identity1:
1129 network:
1130 ...
1131
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]1132Neutron routers
1133
1134.. code-block:: yaml
1135
1136 neutron:
1137 client:
1138 enabled: true
1139 server:
1140 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]1141 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]1142 router:
1143 inet1-router:
1144 tenant: demo
1145 admin_state_up: True
1146 gateway_network: inet
1147 interfaces:
1148 - inet1-subnet1
1149 - inet1-subnet2
1150 identity1:
1151 router:
1152 ...
1153
1154 TODO: implement adding new interfaces to a router while updating it
1155
1156
1157Neutron security groups
1158
1159.. code-block:: yaml
1160
1161 neutron:
1162 client:
1163 enabled: true
1164 server:
1165 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]1166 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]1167 security_group:
1168 security_group1:
1169 tenant: demo
1170 description: security group 1
1171 rules:
1172 - direction: ingress
1173 ethertype: IPv4
1174 protocol: TCP
1175 port_range_min: 1
1176 port_range_max: 65535
1177 remote_ip_prefix: 0.0.0.0/0
1178 - direction: ingress
1179 ethertype: IPv4
1180 protocol: UDP
1181 port_range_min: 1
1182 port_range_max: 65535
1183 remote_ip_prefix: 0.0.0.0/0
1184 - direction: ingress
1185 protocol: ICMP
1186 remote_ip_prefix: 0.0.0.0/0
1187 identity1:
1188 security_group:
1189 ...
1190
1191 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
1192
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]1193
1194Floating IP addresses
1195
1196.. code-block:: yaml
1197
1198 neutron:
1199 client:
1200 enabled: true
1201 server:
1202 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]1203 endpoint_type: internalURL
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]1204 floating_ip:
1205 prx01-instance:
1206 server: prx01.mk22-lab-basic.local
1207 subnet: private-subnet1
1208 network: public-net1
1209 tenant: demo
1210 gtw01-instance:
1211 ...
1212
1213.. note:: The network must have flag router:external set to True.
1214 Instance port in the stated subnet will be associated with the dynamically generated floating IP.
1215
1216
Oleg Iurchenkode71cc22017-09-18 17:58:56 +0300[diff] [blame]1217
1218Enable Neutron extensions (QoS, DNS, etc.)
1219------------------------------------------
1220.. code-block:: yaml
1221
1222 neutron:
1223 server:
1224 backend:
1225 extension:
Oleg Iurchenkoac17f4f2017-10-06 11:24:27 +0300[diff] [blame]1226 dns:
1227 enabled: True
1228 host: 127.0.0.1
1229 port: 9001
1230 protocol: http
1231 ....
1232 qos
1233 enabled: True
Oleg Iurchenkode71cc22017-09-18 17:58:56 +0300[diff] [blame]1234
Oleg Bondarev878ac462018-04-23 17:48:15 +0400[diff] [blame]1235Different Neutron extensions for different agents
1236-------------------------------------------------
1237.. code-block:: yaml
1238
1239 neutron:
1240 server:
1241 backend:
1242 extension: # common extensions for OVS and SRIOV agents
1243 dns:
1244 enabled: True
1245 ...
1246 qos
1247 enabled: True
1248 ovs_extension: # OVS specific extensions
1249 bagpipe_bgpvpn:
1250 enabled: True
1251 sriov_extension: # SRIOV specific extensions
1252 dummy:
1253 enabled: True
Oleg Iurchenkode71cc22017-09-18 17:58:56 +0300[diff] [blame]1254
Oleg Iurchenko8cf6cf52017-09-18 15:44:03 +0300[diff] [blame]1255
1256Neutron with Designate
1257-----------------------------------------
1258.. code-block:: yaml
1259
1260 neutron:
1261 server:
1262 backend:
1263 extension:
1264 dns:
1265 enabled: True
1266 host: 127.0.0.1
1267 port: 9001
1268 protocol: http
1269
Marek Celoud67ce2062018-01-31 13:44:55 +0100[diff] [blame]1270Enable RBAC for OpenContrail engine
1271-----------------------------------
1272.. code-block:: yaml
1273
1274 neutron:
1275 server:
1276 backend:
1277 engine: contrail
1278 rbac:
1279 enabled: True
Oleg Iurchenko8cf6cf52017-09-18 15:44:03 +0300[diff] [blame]1280
Dmitry Kalashnik35dd0e02017-12-07 14:16:25 +0400[diff] [blame]1281Enhanced logging with logging.conf
1282----------------------------------
1283
1284By default logging.conf is disabled.
1285
1286That is possible to enable per-binary logging.conf with new variables:
1287 * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
1288 * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
Oleksii Chupryn156c5f42018-02-07 10:06:50 +0200[diff] [blame]1289 * openstack_ossyslog_handler_enabled - set to true to enable OSSysLogHandler for all Openstack services.
Dmitry Kalashnik35dd0e02017-12-07 14:16:25 +0400[diff] [blame]1290
Oleksii Chupryn156c5f42018-02-07 10:06:50 +0200[diff] [blame]1291Only WatchedFileHandler, OSSysLogHandler and FluentHandler are available.
Dmitry Kalashnik35dd0e02017-12-07 14:16:25 +0400[diff] [blame]1292
1293Also it is possible to configure this with pillar:
1294
1295.. code-block:: yaml
1296
1297 neutron:
1298 server:
1299 logging:
1300 log_appender: true
1301 log_handlers:
1302 watchedfile:
1303 enabled: true
1304 fluentd:
1305 enabled: true
Oleksii Chupryn156c5f42018-02-07 10:06:50 +0200[diff] [blame]1306 ossyslog:
1307 enabled: true
Dmitry Kalashnik35dd0e02017-12-07 14:16:25 +0400[diff] [blame]1308 ....
1309 compute:
1310 logging:
1311 log_appender: true
1312 log_handlers:
1313 watchedfile:
1314 enabled: true
1315 fluentd:
1316 enabled: true
Oleksii Chupryn156c5f42018-02-07 10:06:50 +0200[diff] [blame]1317 ossyslog:
1318 enabled: true
Dmitry Kalashnik35dd0e02017-12-07 14:16:25 +0400[diff] [blame]1319 ....
1320 gateway:
1321 logging:
1322 log_appender: true
1323 log_handlers:
1324 watchedfile:
1325 enabled: true
1326 fluentd:
1327 enabled: true
Oleksii Chupryn156c5f42018-02-07 10:06:50 +0200[diff] [blame]1328 ossyslog:
1329 enabled: true
Oleg Iurchenko8cf6cf52017-09-18 15:44:03 +0300[diff] [blame]1330
Oleksii Grudevfe73ee52018-05-14 14:08:11 +0300[diff] [blame]1331Logging levels pillar example:
1332
1333.. code-block:: yaml
1334
1335 neutron:
1336 server:
1337 logging:
1338 log_appender: true
1339 loggers:
1340 root:
1341 level: 'DEBUG'
1342 neutron:
1343 level: 'DEBUG'
1344 amqplib:
1345 level: 'DEBUG'
1346 sqlalchemy:
1347 level: 'DEBUG'
1348 boto:
1349 level: 'DEBUG'
1350 suds:
1351 level: 'DEBUG'
1352 eventletwsgi:
1353 level: 'DEBUG'
1354 ......
1355
1356
Filip Pytloun20c0a442017-02-02 13:05:13 +0100[diff] [blame]1357Documentation and Bugs
1358======================
1359
1360To learn how to install and update salt-formulas, consult the documentation
1361available online at:
1362
1363 http://salt-formulas.readthedocs.io/
1364
1365In the unfortunate event that bugs are discovered, they should be reported to
1366the appropriate issue tracker. Use Github issue tracker for specific salt
1367formula:
1368
1369 https://github.com/salt-formulas/salt-formula-neutron/issues
1370
1371For feature requests, bug reports or blueprints affecting entire ecosystem,
1372use Launchpad salt-formulas project:
1373
1374 https://launchpad.net/salt-formulas
1375
1376You can also join salt-formulas-users team and subscribe to mailing list:
1377
1378 https://launchpad.net/~salt-formulas-users
1379
1380Developers wishing to work on the salt-formulas projects should always base
1381their work on master branch and submit pull request against specific formula.
1382
1383 https://github.com/salt-formulas/salt-formula-neutron
1384
1385Any questions or feedback is always welcome so feel free to join our IRC
1386channel:
1387
1388 #salt-formulas @ irc.freenode.net